Security Affairs

MARCH 24, 2024

surfaces in the threat landscape Pokemon Company resets some users’ passwords Ukraine cyber police arrested crooks selling 100 million compromised accounts New AcidPour wiper targets Linux x86 devices. Is it a Russia’s weapon? Players hacked during the matches of Apex Legends Global Series.

Malware 99

Malware Cybercrime Hacking Cyber threats 99

Security Affairs

FEBRUARY 2, 2024

. “As part of a detailed study of the cyber threat, a study of the received samples of malicious programs was conducted, the peculiarities of the functioning of the management server infrastructure were established, and more than 2,000 affected computers were identified in the Ukrainian segment of the Internet.”

Malware 98

Malware Internet Internet DDOS 98

The Security Ledger

MAY 2, 2024

Gary McGraw On LLM Insecurity Episode 254: Dennis Giese’s Revolutionary Robot Vacuum Liberation Movement Malicious Python Packages Target Crypto Wallet Recovery Passwords In this Spotlight episode of the Security Ledger podcast, I interview Jim Broome, the President and CTO of the managed security service provider DirectDefense.

Cyber threats 52

Cyber threats Artificial Intelligence Threat Reports Technology 52

Webroot

APRIL 3, 2024

Mark your calendars for April 9, 2024 The second Tuesday of April marks Identity Management Day — a day dedicated to raising awareness about the importance of safeguarding your digital identity. Simply put, it’s the practice of ensuring that only authorized individuals have access to your sensitive information and online accounts.

VPN 83

VPN Passwords Scams Accountability 83

Security Affairs

JANUARY 30, 2024

Resecurity conducted a thorough scan of the Dark Web and identified over 1,572 compromised customers of RIPE, Asia-Pacific Network Information Centre (APNIC), the African Network Information Centre (AFRINIC), and the Latin America and Caribbean Network Information Center (LACNIC), resulting from infostealer infections.

Engineering 121

Engineering Passwords Telecommunications Accountability 121

Security Affairs

MAY 1, 2024

Researchers at Lumen’s Black Lotus Labs discovered a new malware family, named Cuttlefish, which targets enterprise-grade and small office/home office (SOHO) routers to harvest public cloud authentication data from internet traffic. The recent campaign spanned from October 2023 to April 2024. ” concludes the report.

Malware 101

Malware DNS Authentication Telecommunications 101

Krebs on Security

NOVEMBER 16, 2023

org , which hosted various hacking tools that Kivimäki allegedly used, including programs for mass-scanning the Internet for systems vulnerable to known security flaws, as well as scripts for cracking database server usernames and passwords, and downloading databases. ” The Finnish daily yle.fi

Cybercrime 209

Cybercrime Hacking Data breaches Banking 209

Krebs on Security

MARCH 12, 2024

Last week, Apple pushed out an urgent software update to its flagship iOS platform, warning that there were at least two zero-day exploits for vulnerabilities being used in the wild (CVE-2024-23225 and CVE-2024-23296). The security updates are available in iOS 17.4 , iPadOS 17.4 , and iOS 16.7.6. CVE-2024-21435 is a CVSS 8.8

Authentication 234

Authentication Engineering Accountability Internet 234

Security Affairs

FEBRUARY 12, 2024

The Justice Department announced the seizure of internet domains used to sell the remote access Trojan Warzone RAT (www.warzone[.]ws). The two individuals were arrested on February 7, 2024. Justice Department (DoJ) seized the infrastructure that was used to sell the remote access trojan (RAT) Warzone RAT. ” concludes DoJ.

Malware 99

Malware Hacking Cybercrime Advertising 99

SecureList

FEBRUARY 27, 2024

” For instance, educational robots that connect to the internet and support video calls. ” Interactive features include gaming and educational applications for children, a voice assistant, internet access and connection to the parent app for smartphones. This was the first security-related issue we discovered.

Education 90

Education Manufacturing Firmware Internet 90

Security Affairs

JANUARY 3, 2024

Resecurity has uncovered a cybercriminal faction known as “ GXC Team “, who specializes in crafting tools for online banking theft, ecommerce deception, and internet scams. Crooks created a new tool that uses Artificial Intelligence (AI) for creating fraudulent invoices used for wire fraud and BEC.

Artificial Intelligence 117

Artificial Intelligence Banking Scams Cybercrime 117

Security Affairs

FEBRUARY 8, 2024

26 key cyber security stats for 2024 that every user should know, from rising cyber crime rates to the impact of AI technolog y. Market Growth: AI cyber security technology is projected to grow by 23.6% every year until 2027, pointing to rapid progress and investment in AI-based security. million per incident.

Social Engineering 122

Social Engineering Cyber Attacks Cyber Insurance IoT 122

Security Affairs

JANUARY 12, 2024

These findings coincide with the critical and fast-approaching Indonesian presidential election set to take place in February this year (2024). Just before the onset of 2024, an individual known as Kimbo disclosed details regarding a suspected breach of the General Elections Commission of Indonesia’s (KPU) information system.

Identity Theft 97

Identity Theft Cyber threats Marketing Risk 97

The Last Watchdog

APRIL 30, 2024

In this instance, hackers are suspected to have exploited simple cybersecurity loopholes, including the fact that the software shipped with easy-to-guess default passwords. Unitronics systems are exposed to the Internet and a single intrusion caused a ripple effect felt across organizations in multiple states.

Penetration Testing 182

Penetration Testing CISO Unstructured Data Technology 182

Security Affairs

FEBRUARY 4, 2024

Clorox estimates the costs of the August cyberattack will exceed $49 Million Mastodon fixed a flaw that can allow the takeover of any account Iranian hackers breached Albania’s Institute of Statistics (INSTAT) Operation Synergia led to the arrest of 31 individuals Ex CIA employee Joshua Adam Schulte sentenced to 40 years in prison Cloudflare breached (..)

Identity Theft 106

Identity Theft VPN Malware Ransomware 106

Centraleyes

JANUARY 14, 2024

Obtaining PCI DSS certification is not impossible and usually takes companies between one day and two weeks to complete, depending on the complexity of payments within the company and the state of information security. which gracefully exits in March 2024, making way for the solo performance of v4.0.

Computers and Electronics 52

Computers and Electronics Risk Software Information Security 52

Pen Test Partners

OCTOBER 9, 2023

In essence, it is a view of the application and its environment through the lens of security. Threat modeling can be applied to a wide range of things, including software, applications, systems, networks, distributed systems, Internet of Things (IoT) devices, and business processes. Securely store credentials and other sensitive data.

IoT 52

IoT Firmware Mobile Manufacturing 52

Cisco Security

DECEMBER 22, 2022

Wi-Fi Air Marshal, by Jérémy Couture, Head of SOC, Paris 2024 Olympic Games. We must allow real malware on the Black Hat network: for training, demonstrations, and briefing sessions; while protecting the attendees from attack within the network from their fellow attendees, and prevent bad actors from using the network to attack the Internet.

Engineering 71

Engineering Mobile Malware Wireless 71

Security Affairs

MAY 22, 2024

billion and a GDP of over 3.417 trillion USD, has become a prime target for cyberattacks during its general elections scheduled between 19 April and 1 June 2024. The compromised credentials could have been obtained by intercepting login forms on popular Internet browsers or by accessing password storage on compromised devices.

Government 97

Government Internet Internet Healthcare 97

Cisco Security

AUGUST 28, 2023

This allows us to capture telemetry from the edge devices’ egress interface giving us insights into traffic from the external internet, inbound to the Blackhat network. Cleartext passwords and usernames disclosed in traffic. Check back in 2024 to see how this new information tracks.

Wireless 68

Wireless DNS Mobile Technology 68

Security Affairs

NOVEMBER 19, 2023

Israeli man sentenced to 80 months in prison for providing hacker-for-hire services Russian APT Gamaredon uses USB worm LitterDrifter against Ukraine The board of directors of OpenAI fired Sam Altman Medusa ransomware gang claims the hack of Toyota Financial Services CISA adds Sophos Web Appliance bug to its Known Exploited Vulnerabilities catalog (..)

Data breaches 95

Data breaches Identity Theft Ransomware Hacking 95

Security Affairs

DECEMBER 10, 2023

Will Enable Mass Spying Reddit Says Leaked U.S.-U.K. billion personal records compromised by data breaches in past two years — underscoring need for end‑to‑end encryption Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, newsletter)

Data breaches 89

Data breaches Ransomware Hacking Financial Services 89