Category: Security Affairs

Resecurity uncovered a cybercriminal group that is providing a sophisticated phishing kit, named V3B, to target banking customers in the EU. Resecurity has uncovered a new cybercriminal group providing Phishing-as-a-Service (PhaaS) platform that is equipping fraudsters with sophisticated kit (known…

Read more →

Researchers published a PoC exploit code for an authentication bypass vulnerability on Progress Telerik Report Servers. Researchers published a proof-of-concept (PoC) exploit code for an authentication bypass vulnerability on Progress Telerik Report Servers. Telerik Report Server is an end-to-end report…

Read more →

Researcher discovered several authorization bypass vulnerabilities in Cox modems that potentially impacted millions of devices. The security researcher Sam Curry discovered multiple issues in Cox modems that could have been exploited to modify the settings of the vulnerable modem and…

Read more →

CISA adds Oracle WebLogic Server OS command injection vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Oracle WebLogic Server vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. The issue, tracked as CVE-2017-3506…

Read more →

Spanish police dismantled a pirated TV streaming network that allowed its operators to earn over 5,300,000 euros since 2015. The Spanish National Police dismantled a network that illicitly distributed audiovisual content, earning over 5,300,000 euros since 2015. The police arrested eight…

Read more →

Russia-linked APT28 used the HeadLace malware and credential-harvesting web pages in attacks against networks across Europe. Researchers at Insikt Group observed Russian GRU’s unit APT28 targeting networks across Europe with information-stealer Headlace and credential-harvesting web pages. The experts observed the APT deploying…

Read more →

Personal information of hundreds of British and EU politicians is available on dark web marketplaces. According to research conducted by Proton and Constella Intelligence, the email addresses and other sensitive information of 918 British MPs, European Parliament members, and French…

Read more →

Russia-linked threat actor FlyingYeti is targeting Ukraine with a phishing campaign to deliver the PowerShell malware COOKBOX. Cloudflare researchers discovered phishing campaign conducted by a Russia-linked threat actor FlyingYeti (aka UAC-0149) targeting Ukraine. The experts published a report to describe real-time effort…

Read more →

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Ticketmaster…

Read more →

Ticketmaster owner Live Nation confirmed the Ticketmaster data breach that compromised the data of 560 million customers. ShinyHunters, the current administrator of BreachForums, recently claimed the hack of Ticketmaster and offered for sale 1.3 TB of data, including full details of…

Read more →

The vulnerability CVE-2021-44832 is Apache Log4j2 library is still a serious problem for multiple industries, expert warns it threatens global Finance. The independent cyber threat intelligence analyst Anis Haboubi warns of a severe logging configuration flaw that could dramatically impact…

Read more →

Crooks stole approximately 48.2 billion yen ($304 million) worth of Bitcoin from the Japanese cryptocurrency exchange DMM Bitcoin. The Japanese cryptocurrency exchange DMM Bitcoin announced that crooks stole 4,502.9 Bitcoin (BTC), approximately $304 million (48.2 billion yen), from the its…

Read more →

The threat actor ShinyHunters claims breach of Santander and is offering for sale bank data, including information for 30 million customers. A notorious threat actor ShinyHunters is offering a huge trove of data allegedly stolen from the Santander Bank for…

Read more →

The Chalubo trojan destroyed over 600,000 SOHO routers from a single ISP, researchers from Lumen Technologies reported. Between October 25 and October 27, 2023, the Chalubo malware destroyed more than 600,000 small office/home office (SOHO) routers belonging to the same…

Read more →

A previously undocumented APT group tracked as LilacSquid targeted organizations in the U.S., Europe, and Asia since at least 2021. Cisco Talos researchers reported that a previously undocumented APT group, tracked as LilacSquid, conducted a data theft campaign since at least 2021.  …

Read more →

The BBC disclosed a data breach that exposed the personal information of BBC Pension Scheme members. The BBC disclosed a data breach that occurred on May 21. Threat actors gained access to files on a cloud-based service belonging to the…

Read more →

CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: The vulnerability CVE-2024-24919 is a…

Read more →

Researchers spotted a macOS version of the LightSpy surveillance framework that has been active in the wild since at least January 2024. Researchers from ThreatFabric discovered a macOS version of the LightSpy spyware that has been active in the wild…

Read more →

An international law enforcement operation, called Operation Endgame targeted multiple botnets and their operators. Between 27 and 29 May 2024, an international law enforcement operation coordinated by Europol, codenamed Operation Endgame, targeted malware droppers like IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee,…

Read more →

An international law enforcement operation led by the U.S. DoJ disrupted the 911 S5 botnet and led to the arrest of its administrator. The U.S. Justice Department led an international law enforcement operation that dismantled the 911 S5 proxy botnet.…

Read more →