Security Affairs

SEPTEMBER 3, 2023

LockBit ransomware gang hit the Commission des services electriques de Montréal (CSEM) Social engineering attacks target Okta customers to achieve a highly privileged role Talos wars of customizations of the open-source info stealer SapphireStealer UNRAVELING EternalBlue: inside the WannaCry’s enabler Researchers released a free decryptor for the Key (..)

Social Engineering 108

Social Engineering Spyware Data breaches Surveillance 108

Security Affairs

NOVEMBER 28, 2021

Italy’s Antitrust Agency fines Apple and Google for aggressive practices of data acquisition HAEICHI-II: Interpol arrested +1,000 suspects linked to various cybercrimes IKEA hit by a cyber attack that uses stolen internal reply-chain emails Marine services provider Swire Pacific Offshore (SPO) hit by Clop ransomware Threat actors target crypto and (..)

Spyware 85

Spyware Data breaches Cyber Attacks Ransomware 85

Security Affairs

DECEMBER 3, 2022

Google fixed the ninth actively exploited Chrome zeroday this year A new Linux flaw can be chained with other two bugs to gain full root privileges Attack of drones: airborne cybersecurity nightmare Cuba Ransomware received over $60M in Ransom payments as of August 2022 Android Keyboard Apps with 2 Million downloads can remotely hack your device New (..)

Spyware 95

Spyware Data breaches VPN Hacking 95

Security Affairs

JULY 15, 2023

Government agencies SonicWall urges organizations to fix critical flaws in GMS/Analytics products Citrix fixed a critical flaw in Secure Access Client for Ubuntu Cl0p hacker operating from Russia-Ukraine war front line – exclusive Fortinet fixed a critical flaw in FortiOS and FortiProxy Microsoft mitigated an attack by Chinese threat actor Storm-0558 (..)

Spyware 92

Spyware Hacking Data breaches Mobile 92

Security Affairs

APRIL 16, 2023

hacking tools and electronics A new round of the weekly SecurityAffairs newsletter arrived!

Data breaches 75

Data breaches Spyware Retail Surveillance 75

Security Affairs

JUNE 17, 2023

Margaret’s Health is the first hospital to cite a cyberattack as a reason for its closure A database containing data of +8.9 Margaret’s Health is the first hospital to cite a cyberattack as a reason for its closure A database containing data of +8.9

Data breaches 90

Data breaches DDOS Backups Firewall 90

Security Affairs

OCTOBER 1, 2023

million newborns and pregnancy care patients Xenomorph malware is back after months of hiatus and expands the list of targets Smishing Triad Stretches Its Tentacles into the United Arab Emirates Crooks stole $200 million worth of assets from Mixin Network A phishing campaign targets Ukrainian military entities with drone manual lures Alert!

Artificial Intelligence 103

Artificial Intelligence Firmware Data breaches Hacking 103

Security Affairs

JUNE 11, 2023

Experts found new MOVEit Transfer SQL Injection flaws The University of Manchester suffered a cyber attack and suspects a data breach Russians charged with hacking Mt. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Social Engineering 92

Social Engineering Data breaches Ransomware Cybercrime 92

Security Affairs

APRIL 22, 2024

The threat actors shared a portion of the stolen data with TechCrunch as proof of the hack, it includes records on current and former government officials, diplomats, and politically exposed people. The list also includes criminals, suspected terrorists, intelligence operatives and a European spyware firm.

Risk 117

Risk Spyware Hacking Accountability 117

Security Affairs

MARCH 4, 2023

stolen credit/debit cards Pegasus spyware used to spy on a Polish mayor Hundreds of thousands of websites hacked as part of redirection campaign MQsTTang, a new backdoor used by Mustang Panda APT against European entities Trusted Platform Module (TPM) 2.0 FiXS, a new ATM malware that is targeting Mexican banks BidenCash leaks 2.1M

Spyware 86

Spyware Data breaches Retail Ransomware 86

Security Affairs

FEBRUARY 26, 2024

The alleged data breach revealed the capabilities of the China-linked hacking contractor. On February 16th, an account linked to that email uploaded a batch of files including marketing documents, images, screenshots, and a substantial collection of WeChat messages exchanged between I-SOON employees and clients.

Hacking 110

Hacking Government Spyware Marketing 110

Security Affairs

JANUARY 21, 2024

Admin of the BreachForums hacking forum sentenced to 20 years supervised release Russia-linked Midnight Blizzard APT hacked Microsoft corporate emails VF Corp December data breach impacts 35 million customers China-linked APT UNC3886 exploits VMware zero-day since 2021 Ransomware attacks break records in 2023: the number of victims rose by 128% U.S.

Artificial Intelligence 99

Artificial Intelligence VPN Hacking Firewall 99

Security Affairs

APRIL 23, 2023

Abandoned Eval PHP WordPress plugin abused to backdoor websites CISA adds MinIO, PaperCut, and Chrome bugs to its Known Exploited Vulnerabilities catalog At least 2 critical infrastructure orgs breached by North Korea-linked hackers behind 3CX attack American Bar Association (ABA) suffered a data breach,1.4

Spyware 75

Spyware Ransomware Malware Data breaches 75

Security Affairs

MAY 6, 2023

Twitter confirmed that a security incident publicly exposed Circle tweets FBI seized other domains used by the shadow eBook library Z-Library WordPress Advanced Custom Fields plugin XSS exposes +2M sites to attacks Fortinet fixed two severe issues in FortiADC and FortiOS Pro-Russia group NoName took down multiple France sites, including the French (..)

Data breaches 95

Data breaches Malware Mobile Spyware 95

Security Affairs

NOVEMBER 14, 2021

Hundreds of thousands of fake warnings of cyberattacks sent from a hacked FBI email server GravityRAT returns disguised as an end-to-end encrypted chat app Intel and AMD address high severity vulnerabilities in products and drivers New evolving Abcbot DDoS botnet targets Linux systems Retail giant Costco discloses data breach, payment card data exposed (..)

Spyware 53

Spyware Data breaches Ransomware Retail 53

Security Affairs

MARCH 24, 2024

Government’s Antitrust Case Against Apple Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, Ramadan )

Malware 101

Malware Cybercrime Hacking Cyber threats 101

Security Affairs

AUGUST 7, 2022

of its users due to the exposure of salted password hashes Twitter confirms zero-day used to access data of 5.4 Greek intelligence service used surveillance malware to spy on a journalist, Reuters reports Slack resets passwords for about 0.5%

Spyware 124

Spyware Manufacturing Small Business Surveillance 124

Security Affairs

JUNE 26, 2022

SecurityAffairs awarded as Best European Personal Cybersecurity Blog 2022 Crooks are using RIG Exploit Kit to push Dridex instead of Raccoon stealer Flagstar Bank discloses a data breach that impacted 1.5

Small Business 82

Small Business Spyware Data breaches Surveillance 82

Security Affairs

FEBRUARY 25, 2024

-Iran Crisis Russia-Aligned TAG-70 Targets European Government and Military Mail Servers in New Espionage Campaign U.S.

Spyware 97

Spyware Cyber Insurance Hacking Advertising 97

Security Affairs

AUGUST 29, 2021

Braun Infusomat pumps could be hacked to alter medication doses CISA publishes malware analysis reports on samples targeting Pulse Secure devices Cisco fixed a critical flaw in Cisco APIC for Nexus 9000 series switches Kaseya fixed two of the three Kaseya Unitrends zero-days found in July Personal Data and docs of Swiss town Rolle available on the (..)

Spyware 103

Spyware Data breaches Surveillance Hacking 103

Security Affairs

JANUARY 30, 2022

QNAP force-installs update against the recent wave of DeadBolt ransomware infections US FCC bans China Unicom Americas telecom over national security risks NCSC warns UK entities of potential destructive cyberattacks from Russia Finnish diplomats’ devices infected with Pegasus spyware Zerodium offers $400,000 for Microsoft Outlook RCE zero-day exploits (..)

Spyware 84

Spyware Data breaches Ransomware Cybercrime 84

Security Affairs

JULY 24, 2022

ransom and sued its insurance firm for refusing to cover this payment Crooks stole $375k from Premint NFT, it is one of the biggest NFT hacks ever Google is going to remove App Permissions List from the Play Store Security Affairs newsletter Round 374 by Pierluigi Paganini APT groups target journalists and media organizations since 2021.

Spyware 94

Spyware Surveillance Insurance Malware 94

Security Affairs

MARCH 28, 2021

Day actively exploited Clop Ransomware gang now contacts victims customers to force victims into pay a ransom Experts spotted a new advanced Android spyware posing as System Update. If you want to receive the weekly Security Affairs Newsletter for free subscribe here. Follow me on Twitter: @securityaffairs and Facebook.

Identity Theft 52

Identity Theft Data breaches Ransomware Wireless 52

Security Affairs

DECEMBER 20, 2020

Hacked Subway UK marketing system used in TrickBot phishing campaign Pay2Key hackers stole data from Intels Habana Labs PgMiner botnet exploits disputed CVE to hack unsecured PostgreSQL DBs Security Affairs Newsletter is back! Details for 1.9M Details for 1.9M

Spyware 91

Spyware Hacking Marketing Ransomware 91

Security Affairs

SEPTEMBER 24, 2023

Government of Bermuda blames Russian threat actors for the cyber attack City of Dallas has set a budget of $8.5

Cyber Attacks 85

Cyber Attacks Firewall Data breaches Telecommunications 85

Security Affairs

FEBRUARY 13, 2022

Organizations are addressing zero-day vulnerabilities more quickly, says Google CISA, FBI, NSA warn of the increased globalized threat of ransomware Croatian phone carrier A1 Hrvatska discloses data breach FritzFrog P2P Botnet is back and targets Healthcare, Education and Government Sectors CISA adds 15 new vulnerabilities to its Known Exploited Vulnerabilities (..)

Spyware 75

Spyware Surveillance Ransomware Hacking 75

Security Affairs

JUNE 21, 2020

Maze ransomware gang hacked M&A firm Threadstone Advisors LLP Ransomware attack disrupts operations at Australian beverage company Lion Tech firms suspend use of ‘biased facial recognition technology Accessories giant Claires is the victim of a Magecart attack, credit card data exposed Black Kingdom ransomware operators exploit Pulse VPN flaws (..)

DDOS 96

DDOS Spyware Mobile Advertising 96

Security Affairs

FEBRUARY 28, 2021

Bug bounty hacker earned $5,000 reporting a Stored XSS flaw in iCloud.com Experts warn of threat actors abusing Google Alerts to deliver unwanted programs FBI warns of the consequences of telephony denial-of-service (TDoS) attacks An attacker was able to siphon audio feeds from multiple Clubhouse rooms Georgetown County has yet to recover from a sophisticated (..)

Spyware 83

Spyware Backups Manufacturing Data breaches 83

Security Affairs

FEBRUARY 14, 2021

COMB breach: 3.2B COMB breach: 3.2B

Spyware 92

Spyware Phishing Data breaches Surveillance 92

Security Affairs

DECEMBER 2, 2023

Researchers devised an attack technique to extract ChatGPT training data Fortune-telling website WeMystic exposes 13M+ user records Expert warns of Turtle macOS ransomware US govt sanctioned North Korea-linked APT Kimsuky Black Basta Ransomware gang accumulated at least $107 million in Bitcoin ransom payments since early 2022 Apple addressed 2 new (..)

Ransomware 98

Ransomware Hacking Spyware Cybercrime 98

Security Affairs

JULY 13, 2019

Maryland Department of Labor discloses a data breach. UK ICO proposes a $123 million fine for Marriott 2014 data breach. New FinFisher spyware used to spy on iOS and Android users in 20 countries. Flaw in Zoom video conferencing software lets sites take over webcam on Mac. A new NAS Ransomware targets QNAP Devices.

Data breaches 51

Data breaches Spyware Advertising Government 51

Security Affairs

JULY 23, 2023

Multiple DDoS botnets were observed targeting Zyxel devices CISA warns of attacks against Citrix NetScaler ADC and Gateway Devices Experts believe North Korea behind JumpCloud supply chain attack Nice Suzuki, sport: shame dealer left your data up for grabs Experts attribute WyrmSpy and DragonEgg spyware to the Chinese APT41 group ALPHV/BlackCat and (..)

DDOS 91

DDOS Hacking Spyware Surveillance 91

Security Affairs

JUNE 25, 2023

Malware Tracking Diicot: an emerging Romanian threat actor Fragments of Cross-Platform Backdoor Hint at Larger Mac OS Attack Tsunami DDoS Malware Distributed to Linux SSH Servers Condi DDoS Botnet Spreads via TP-Link’s CVE-2023-1389 Dissecting TriangleDB, a Triangulation spyware implant Why Malware Crypting Services Deserve More Scrutiny Hacking (..)

DDOS 91

DDOS Cybercrime Spyware Malware 91

Security Affairs

OCTOBER 13, 2019

Data from Sephora and StreetEasy data breaches added to HIBP. US will help Baltic states to secure baltic energy grid. Twitter inadvertently used Phone Numbers collected for security for Ads. Amnesty claims that 2 Morocco rights advocates were targeted by NSO Group spyware.

VPN 54

VPN Spyware Data breaches Advertising 54

Security Affairs

NOVEMBER 15, 2023

Source: Cybernews The exposed phone numbers can be exploited for spam, malware and spyware attacks, SIM swapping, and the discovery of user accounts on platforms like WhatsApp, Signal, and others. Notes on users, submitted by admins and customer support agents. The leaked IP addresses introduce the risk of a takeover of a local network.

Passwords 105

Passwords Identity Theft Social Engineering Spyware 105

Security Affairs

APRIL 24, 2022

Phishing attacks using the topic “Azovstal” targets entities in Ukraine Conti ransomware claims responsibility for the attack on Costa Rica Cyber Insurance and the Changing Global Risk Environment A stored XSS flaw in RainLoop allows stealing users’ emails QNAP firmware updates fix Apache HTTP vulnerabilities in its NAS Pwn2Own Miami hacking contest (..)

Cyber Insurance 78

Cyber Insurance Spyware Firmware Insurance 78

Security Affairs

AUGUST 25, 2019

App tainted with Ahmyst Open-source spyware appeared on Google Play Store twice. million to allow towns to access encrypted data. Mastercard data breach affected Priceless Specials loyalty program. Thousands credit card numbers of MoviePass customers were exposed online. Texas attackers demand $2.5

Small Business 50

Small Business Spyware Data breaches Firmware 50