Security Affairs

JUNE 11, 2023

Experts found new MOVEit Transfer SQL Injection flaws The University of Manchester suffered a cyber attack and suspects a data breach Russians charged with hacking Mt. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Social Engineering 89

Social Engineering Data breaches Ransomware Cybercrime 89

Security Affairs

JULY 15, 2023

Government agencies SonicWall urges organizations to fix critical flaws in GMS/Analytics products Citrix fixed a critical flaw in Secure Access Client for Ubuntu Cl0p hacker operating from Russia-Ukraine war front line – exclusive Fortinet fixed a critical flaw in FortiOS and FortiProxy Microsoft mitigated an attack by Chinese threat actor Storm-0558 (..)

Spyware 90

Spyware Hacking Data breaches Mobile 90

Security Affairs

JANUARY 1, 2024

TWO SPYWARE SENDING DATA OF MORE THAN 1.5M million downloads have been discovered spying on users and sending data to China. DARKBEAM LEAKS BILLIONS OF EMAIL AND PASSWORD COMBINATIONS DarkBeam left an Elasticsearch and Kibana interface unprotected, exposing records from previously reported and non-reported data breaches.

Cybersecurity 108

Cybersecurity Spyware Data breaches Passwords 108

Security Affairs

JUNE 17, 2023

Margaret’s Health is the first hospital to cite a cyberattack as a reason for its closure A database containing data of +8.9 Margaret’s Health is the first hospital to cite a cyberattack as a reason for its closure A database containing data of +8.9

Data breaches 87

Data breaches DDOS Backups Firewall 87

Security Affairs

APRIL 16, 2023

hacking tools and electronics A new round of the weekly SecurityAffairs newsletter arrived!

Data breaches 72

Data breaches Spyware Retail Surveillance 72

Security Affairs

OCTOBER 1, 2023

million newborns and pregnancy care patients Xenomorph malware is back after months of hiatus and expands the list of targets Smishing Triad Stretches Its Tentacles into the United Arab Emirates Crooks stole $200 million worth of assets from Mixin Network A phishing campaign targets Ukrainian military entities with drone manual lures Alert!

Artificial Intelligence 101

Artificial Intelligence Firmware Data breaches Hacking 101

Security Affairs

JANUARY 21, 2024

Admin of the BreachForums hacking forum sentenced to 20 years supervised release Russia-linked Midnight Blizzard APT hacked Microsoft corporate emails VF Corp December data breach impacts 35 million customers China-linked APT UNC3886 exploits VMware zero-day since 2021 Ransomware attacks break records in 2023: the number of victims rose by 128% U.S.

Artificial Intelligence 97

Artificial Intelligence VPN Hacking Firewall 97

Security Affairs

MAY 6, 2023

Twitter confirmed that a security incident publicly exposed Circle tweets FBI seized other domains used by the shadow eBook library Z-Library WordPress Advanced Custom Fields plugin XSS exposes +2M sites to attacks Fortinet fixed two severe issues in FortiADC and FortiOS Pro-Russia group NoName took down multiple France sites, including the French (..)

Data breaches 94

Data breaches Malware Mobile Spyware 94

Security Affairs

NOVEMBER 28, 2021

If you want to also receive for free the newsletter with the international press subscribe here.

Spyware 82

Spyware Data breaches Cyber Attacks Ransomware 82

Security Affairs

FEBRUARY 25, 2024

Iran Crisis Russia-Aligned TAG-70 Targets European Government and Military Mail Servers in New Espionage Campaign U.S.

Spyware 95

Spyware Cyber Insurance Hacking Advertising 95

Security Affairs

APRIL 23, 2023

Abandoned Eval PHP WordPress plugin abused to backdoor websites CISA adds MinIO, PaperCut, and Chrome bugs to its Known Exploited Vulnerabilities catalog At least 2 critical infrastructure orgs breached by North Korea-linked hackers behind 3CX attack American Bar Association (ABA) suffered a data breach,1.4

Spyware 72

Spyware Ransomware Malware Data breaches 72

Security Affairs

DECEMBER 3, 2022

Google fixed the ninth actively exploited Chrome zeroday this year A new Linux flaw can be chained with other two bugs to gain full root privileges Attack of drones: airborne cybersecurity nightmare Cuba Ransomware received over $60M in Ransom payments as of August 2022 Android Keyboard Apps with 2 Million downloads can remotely hack your device New (..)

Spyware 93

Spyware Data breaches VPN Hacking 93

Security Affairs

JANUARY 30, 2022

QNAP force-installs update against the recent wave of DeadBolt ransomware infections US FCC bans China Unicom Americas telecom over national security risks NCSC warns UK entities of potential destructive cyberattacks from Russia Finnish diplomats’ devices infected with Pegasus spyware Zerodium offers $400,000 for Microsoft Outlook RCE zero-day exploits (..)

Spyware 81

Spyware Data breaches Ransomware Cybercrime 81

Security Affairs

JUNE 25, 2023

Someone is sending mysterious smartwatches to the US Military personnel CISA orders govt agencies to fix recently disclosed flaws in Apple devices VMware fixed five memory corruption issues in vCenter Server Fortinet fixes critical FortiNAC RCE, install updates asap More than a million GitHub repositories potentially vulnerable to RepoJacking New Mirai (..)

DDOS 88

DDOS Cybercrime Spyware Malware 88

Security Affairs

DECEMBER 2, 2023

Researchers devised an attack technique to extract ChatGPT training data Fortune-telling website WeMystic exposes 13M+ user records Expert warns of Turtle macOS ransomware US govt sanctioned North Korea-linked APT Kimsuky Black Basta Ransomware gang accumulated at least $107 million in Bitcoin ransom payments since early 2022 Apple addressed 2 new (..)

Ransomware 96

Ransomware Hacking Spyware Cybercrime 96

Security Affairs

SEPTEMBER 24, 2023

Government of Bermuda blames Russian threat actors for the cyber attack City of Dallas has set a budget of $8.5

Cyber Attacks 83

Cyber Attacks Firewall Data breaches Telecommunications 83

Security Affairs

APRIL 22, 2024

The threat actors shared a portion of the stolen data with TechCrunch as proof of the hack, it includes records on current and former government officials, diplomats, and politically exposed people. The list also includes criminals, suspected terrorists, intelligence operatives and a European spyware firm.

Risk 115

Risk Spyware Hacking Accountability 115

Security Affairs

MARCH 4, 2023

stolen credit/debit cards Pegasus spyware used to spy on a Polish mayor Hundreds of thousands of websites hacked as part of redirection campaign MQsTTang, a new backdoor used by Mustang Panda APT against European entities Trusted Platform Module (TPM) 2.0 FiXS, a new ATM malware that is targeting Mexican banks BidenCash leaks 2.1M

Spyware 83

Spyware Data breaches Retail Ransomware 83

Security Affairs

AUGUST 7, 2022

of its users due to the exposure of salted password hashes Twitter confirms zero-day used to access data of 5.4 Greek intelligence service used surveillance malware to spy on a journalist, Reuters reports Slack resets passwords for about 0.5%

Spyware 122

Spyware Manufacturing Small Business Surveillance 122

Security Affairs

NOVEMBER 14, 2021

Hundreds of thousands of fake warnings of cyberattacks sent from a hacked FBI email server GravityRAT returns disguised as an end-to-end encrypted chat app Intel and AMD address high severity vulnerabilities in products and drivers New evolving Abcbot DDoS botnet targets Linux systems Retail giant Costco discloses data breach, payment card data exposed (..)

Spyware 53

Spyware Data breaches Ransomware Retail 53

Security Affairs

FEBRUARY 28, 2021

Bug bounty hacker earned $5,000 reporting a Stored XSS flaw in iCloud.com Experts warn of threat actors abusing Google Alerts to deliver unwanted programs FBI warns of the consequences of telephony denial-of-service (TDoS) attacks An attacker was able to siphon audio feeds from multiple Clubhouse rooms Georgetown County has yet to recover from a sophisticated (..)

Spyware 81

Spyware Backups Manufacturing Data breaches 81

Security Affairs

JULY 23, 2023

Multiple DDoS botnets were observed targeting Zyxel devices CISA warns of attacks against Citrix NetScaler ADC and Gateway Devices Experts believe North Korea behind JumpCloud supply chain attack Nice Suzuki, sport: shame dealer left your data up for grabs Experts attribute WyrmSpy and DragonEgg spyware to the Chinese APT41 group ALPHV/BlackCat and (..)

DDOS 89

DDOS Hacking Spyware Surveillance 89

Security Affairs

AUGUST 29, 2021

Braun Infusomat pumps could be hacked to alter medication doses CISA publishes malware analysis reports on samples targeting Pulse Secure devices Cisco fixed a critical flaw in Cisco APIC for Nexus 9000 series switches Kaseya fixed two of the three Kaseya Unitrends zero-days found in July Personal Data and docs of Swiss town Rolle available on the (..)

Spyware 103

Spyware Data breaches Surveillance Hacking 103

Security Affairs

JULY 24, 2022

ransom and sued its insurance firm for refusing to cover this payment Crooks stole $375k from Premint NFT, it is one of the biggest NFT hacks ever Google is going to remove App Permissions List from the Play Store Security Affairs newsletter Round 374 by Pierluigi Paganini APT groups target journalists and media organizations since 2021.

Spyware 91

Spyware Surveillance Insurance Malware 91

Security Affairs

FEBRUARY 13, 2022

Organizations are addressing zero-day vulnerabilities more quickly, says Google CISA, FBI, NSA warn of the increased globalized threat of ransomware Croatian phone carrier A1 Hrvatska discloses data breach FritzFrog P2P Botnet is back and targets Healthcare, Education and Government Sectors CISA adds 15 new vulnerabilities to its Known Exploited Vulnerabilities (..)

Spyware 72

Spyware Surveillance Ransomware Hacking 72

Security Affairs

NOVEMBER 17, 2019

TA505 Cybercrime targets system integrator companies. WhatsApp flaw CVE-2019-11931 could be exploited to install spyware. Experts warn of spike in TCP DDoS reflection attacks targeting Amazon, SoftLayer and telco infrastructure. Facebook is secretly using iPhones camera as users scroll their feed. Pierluigi Paganini.

DDOS 51

DDOS Spyware Advertising Ransomware 51

Security Affairs

SEPTEMBER 10, 2023

US CISA added critical Apache RocketMQ flaw to its Known Exploited Vulnerabilities catalog Ragnar Locker gang leaks data stolen from the Israel’s Mayanei Hayeshua hospital North Korea-linked threat actors target cybersecurity experts with a zero-day Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks Nation-state actors (..)

DDOS 105

DDOS VPN Data breaches Cybercrime 105

Security Affairs

APRIL 2, 2023

LockBit leaks data stolen from the South Korean National Tax Service Italy’s Data Protection Authority temporarily blocks ChatGPT over privacy concerns CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog Hackers are actively exploiting a flaw in the Elementor Pro WordPress plugin Cyber Police of Ukraine (..)

Spyware 84

Spyware Surveillance Artificial Intelligence Data breaches 84

Security Affairs

NOVEMBER 11, 2023

Police seized BulletProftLink phishing-as-a-service (PhaaS) platform Serbian pleads guilty to running ‘Monopoly’ dark web drug market McLaren Health Care revealed that a data breach impacted 2.2 Virtual Kidnapping: AI Tools Are Enabling IRL Extortion Scams How a ‘Refund Fraud’ Gang Stole $700,000 From Amazon Info from 5.6

DDOS 106

DDOS Data breaches Ransomware Marketing 106

Security Affairs

FEBRUARY 11, 2024

Gov imposes visa restrictions on individuals misusing Commercial Spyware HPE is investigating claims of a new security breach Experts warn of a surge of attacks targeting Ivanti SSRF flaw How to hack the Airbus NAVBLUE Flysmart+ Manager Crooks stole $25.5

Spyware 92

Spyware Surveillance Identity Theft DDOS 92

Security Affairs

JULY 18, 2021

Biden discussed Russian ransomware gangs with Putin in a phone call Hackers accessed Mint Mobile subscribers data and ported some numbers Magecart hackers hide stolen credit card data into images and bogus CSS files Kaseya releases patches for flaws exploited in massive ransomware supply-chain attack BIOPASS malware abuses OBS Studio to spy on victims (..)

Spyware 54

Spyware Surveillance Ransomware Retail 54

Security Affairs

FEBRUARY 20, 2022

CISA compiled a list of free cybersecurity tools and services White House and UK Gov attribute DDoS attacks on Ukraine to Russia’s GRU UpdraftPlus WordPress plugin update forced for million sites Google Privacy Sandbox promises to protect user privacy online Iran-linked TunnelVision APT is actively exploiting the Log4j vulnerability CVE-2021-44731 (..)

Banking 84

Banking Spyware Surveillance Ransomware 84

Security Affairs

DECEMBER 5, 2021

Hundreds of vulnerabilities in common Wi-Fi routers affect millions of users German BSI agency warns of ransomware attacks over Christmas holidays Cuba ransomware gang hacked 49 US critical infrastructure organizations CISA warns of vulnerabilities in Hitachi Energy products NSO Group spyware used to compromise iPhones of 9 US State Dept officials (..)

Spyware 84

Spyware Ransomware Hacking VPN 84

Security Affairs

APRIL 28, 2024

Hackers may have accessed thousands of accounts on the California state welfare platform Brokewell Android malware supports an extensive set of Device Takeover capabilities Experts warn of an ongoing malware campaign targeting WP-Automatic plugin Cryptocurrencies and cybercrime: A critical intermingling Kaiser Permanente data breach may have impacted (..)

Cybercrime 96

Cybercrime Spyware Data breaches Antivirus 96

Security Affairs

SEPTEMBER 17, 2023

TikTok fined €345M by Irish DPC for violating children’s privacy Iranian Peach Sandstorm group behind recent password spray attacks Dariy Pankov, the NLBrute malware author, pleads guilty Dangerous permissions detected in top Android health apps Caesars Entertainment paid a ransom to avoid stolen data leaks Free Download Manager backdoored to serve (..)

Spyware 94

Spyware DDOS Cybercrime Ransomware 94

Security Affairs

JULY 7, 2019

ViceLeaker Android spyware targets users in the Middle East. Israeli blamed Russia for jamming at Israeli Ben Gurion airport. New variant of Dridex banking Trojan implements polymorphism. Singapore Government will run its third bug bounty program. A cyberattack took offline websites of the Georgia agency.

Scams 48

Scams Spyware DNS Advertising 48

Security Affairs

NOVEMBER 5, 2023

Kinsing threat actors probed the Looney Tunables flaws in recent attacks ZDI discloses four zero-day flaws in Microsoft Exchange Okta customer support system breach impacted 134 customers Multiple WhatsApp mods spotted containing the CanesSpy Spyware Russian FSB arrested Russian hackers who supported Ukrainian cyber operations MuddyWater has been spotted (..)

Cyber Insurance 101

Cyber Insurance Cryptocurrency Internet Internet 101