Category: Security Affairs

The PuTTY Secure Shell (SSH) and Telnet client are impacted by a critical vulnerability that could be exploited to recover private keys. PuTTY tools from 0.68 to 0.80 inclusive are affected by a critical vulnerability, tracked as CVE-2024-31497, that resides in…

Read more →

Researchers warn of a renewed cyber espionage campaign targeting users in South Asia with the Apple iOS spyware LightSpy Blackberry researchers discovered a renewed cyber espionage campaign targeting South Asia with an Apple iOS spyware called LightSpy. The sophisticated mobile spyware…

Read more →

Amidst rising tensions with China in the SCS, Resecurity observed a spike in malicious cyber activity targeting the Philippines in Q1 2024. Amidst rising tensions with China in the South China Sea, Resecurity has observed a significant spike in malicious cyber…

Read more →

Czech transport minister warned that Russia conducted ‘thousands’ of attempts to sabotage railways, attempting to interfere with train networks and signals. Early this month, the Czech transport minister Martin Kupka warned that Russia has conducted ‘thousands’ of attempts to sabotage…

Read more →

The Dark Angels (Dunghill) ransomware group claims the hack of the chipmaker Nexperia and the theft of 1 TB of data from the company. The Dark Angels (Dunghill) ransomware group claims responsibility for hacking chipmaker Nexperia and stealing 1 TB…

Read more →

Cisco Duo warns that a data breach involving one of its telephony suppliers exposed multifactor authentication (MFA) messages sent by the company via SMS and VOIP to its customers.  Cisco Duo warns of a data breach involving one of its…

Read more →

The Ukrainian hacking group Blackjack used a destructive ICS malware dubbed Fuxnet in attacks against Russian infrastructure. Industrial and enterprise IoT cybersecurity firm Claroty reported that the Ukrainian Blackjack hacking group claims to have damaged emergency detection and response capabilities…

Read more →

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Palo Alto Networks PAN-OS Command Injection flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the CVE-2024-3400 Palo Alto Networks PAN-OS Command Injection vulnerability to its Known…

Read more →

Threat actors have been exploiting the recently disclosed zero-day in Palo Alto Networks PAN-OS since March 26, 2024. Palo Alto Networks and Unit 42 are investigating the activity related to CVE-2024-3400 PAN-OS flaw and discovered that threat actors have been…

Read more →

A joint investigation conducted by U.S. and Australian authorities led to the arrest of two key figures behind the Firebird RAT operation. A joint law enforcement operation conducted by the Australian Federal Police (AFP) and the FBI resulted in the…

Read more →

A threat actor claimed the hack of the Canadian retail chain Giant Tiger and leaked 2.8 million records on a hacker forum. A threat actor, who goes online with the moniker ShopifyGUY, claimed responsibility for hacking the Canadian retail chain Giant Tiger…

Read more →

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Crooks…

Read more →

Researchers warn threat actors are manipulating GitHub search results to target developers with persistent malware. Checkmarx researchers reported that threat actors are manipulating GitHub search results to deliver persistent malware to developers systems. Attackers behind this campaign create malicious repositories…

Read more →

A critical vulnerability, named ‘BatBadBut’, impacts multiple programming languages, its exploitation can lead to command injection in Windows applications. The cybersecurity researcher RyotaK (@ryotkak ) discovered a critical vulnerability, dubbed BatBadBut, which impacts multiple programming languages. When specific conditions are satisfied,…

Read more →

Roku announced that 576,000 accounts were compromised in a new wave of credential stuffing attacks. Roku announced that 576,000 accounts were hacked in new credential stuffing attacks, threat actors used credentials stolen from third-party platforms. “Credential stuffing is a type of…

Read more →

Crooks targeted a LastPass employee using deepfake technology to impersonate the company’s CEO in a fraudulent scheme. In a fraudulent scheme, criminals used deepfake technology to impersonate LastPass ‘s CEO, targeting an employee of the company. The attack occurred this…

Read more →

TA547 group is targeting dozens of German organizations with an information stealer called Rhadamanthys, Proofpoint warns. Proofpoint researchers observed a threat actor, tracked as TA547, targeting German organizations with an email campaign delivering the Rhadamanthys malware. TA547 is a financially motivated threat…

Read more →

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds D-Link multiple NAS devices bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following D-Link multiple NAS devices flaws to its Known Exploited Vulnerabilities (KEV)…

Read more →

Business intelligence software company Sisense suffered a cyberattack that may have exposed sensitive information of major enterprises worldwide. Sisense, a business intelligence software company, experienced a cyberattack potentially exposing the sensitive data of global enterprises. The list of the company’s…

Read more →

Palo Alto Networks fixed several vulnerabilities in its PAN-OS operating system, including 3 issues that can trigger a DoS condition on its firewalls. Palo Alto Networks released security updates to address several high-severity vulnerabilities in its PAN-OS operating system. The…

Read more →

Apple is warning iPhone users in over 90 countries of targeted mercenary spyware attacks, Reuters agency reported. Apple is alerting iPhone users in 92 countries about mercenary spyware attacks, reported Reuters. Reuters only mentioned India as one of the countries…

Read more →

Microsoft addressed two zero-day vulnerabilities (CVE-2024-29988 and CVE-2024-26234) actively exploited by threat actors to deliver malware Microsoft addressed two zero-day vulnerabilities, tracked as CVE-2024-29988 and CVE-2024-26234, that threat actors are exploiting to deliver malware. Microsoft Patches Tuesday security updates for…

Read more →

Group Health Cooperative of South Central Wisconsin disclosed a data breach that impacted over 500,000 individuals. The Group Health Cooperative of South Central Wisconsin (GHC-SCW) is a non-profit organization that provides health insurance and medical care services to its members…

Read more →

AT&T confirmed that the data breach impacted 51 million former and current customers and is notifying them. AT&T revealed that the recently disclosed data breach impacts more than 51 million former and current customers and is notifying them. In March…

Read more →

Fortinet addressed multiple issues in FortiOS and other products, including a critical remote code execution flaw in FortiClientLinux. Fortinet fixed a dozen vulnerabilities in multiple products, including a critical-severity remote code execution (RCE) issue, tracked as CVE-2023-45590 (CVSS score of…

Read more →

Microsoft Patches Tuesday security updates for April 2024 addressed three Critical vulnerabilities, none actively exploited in the wild. Microsoft Patches Tuesday security updates for April 2024 addressed 147 vulnerabilities in multiple products. This is the highest number of fixed issues…

Read more →

As technology evolves and our dependence on digital systems increases, the cybersecurity threat landscape also rapidly changes, posing fresh challenges for organizations striving to protect their assets and data. The battle between cybersecurity defenders and malicious actors rages on in…

Read more →

US hotel chain Omni Hotels & Resorts suffered a cyber attack that forced the company to shut down its systems. A cyberattack hit Omni Hotels & Resorts disrupting its services and forcing the company to shut down its systems. The…

Read more →

HTTP/2 CONTINUATION Flood: Researchers warn of a new HTTP/2 vulnerability that can be exploited to conduct powerful denial-of-service (DoS) attacks. HTTP messages can contain named fields in both header and trailer sections. CERT/CC experts explained that both header and trailer…

Read more →

US cancer center City of Hope suffered a data breach that impacted 800,000 individuals, personal and health information was compromised. City of Hope is a renowned cancer research and treatment center located in Duarte, California, United States. It is recognized…

Read more →

Ivanti addressed four flaws impacting Connect Secure and Policy Secure Gateways that could lead to code execution and denial-of-service (DoS) condition. Ivanti has released security updates to address four security flaws impacting Connect Secure and Policy Secure Gateways that could…

Read more →

Jackson County, Missouri, confirmed that a ransomware attack has disrupted several county services. A ransomware attack disrupted several services of the Jackson County, Missouri. The County Executive Frank White, Jr. declared a state of emergency. “Jackson County has confirmed a…

Read more →

Google fixed another Chrome zero-day vulnerability exploited during the Pwn2Own hacking competition in March. Google has addressed another zero-day vulnerability in the Chrome browser, tracked as CVE-2024-3159, that was exploited during the Pwn2Own hacking competition in March, 2024. The vulnerability…

Read more →

Resecurity researchers warn that a new Version of JsOutProx is targeting financial institutions in APAC and MENA via Gitlab abuse. Resecurity has detected a new version of JSOutProx, which is targeting financial services and organizations in the APAC and MENA…

Read more →

Google addressed several vulnerabilities in Android and Pixel devices, including two actively exploited flaws. Google addressed 28 vulnerabilities in Android and 25 flaws in Pixel devices. Two issues fixed by the IT giant, tracked as CVE-2024-29745 and CVE-2024-29748, are actively…

Read more →

Serious security breach hits EU police agency A batch of highly sensitive files containing the personal information of top Europol executives mysteriously disappeared last summer The website Politico reported that the Europol has suffered a serious security breach, a batch…

Read more →

A cross-site scripting vulnerability (XXS) in the WordPress WP-Members Membership plugin can lead to malicious script injection. Researchers from Defiant’s Wordfence research team disclosed a cross-site scripting vulnerability (XXS) in the WordPress WP-Members Membership plugin that can lead to malicious…

Read more →

Researchers from the firmware security firm Binarly released a free online scanner to detect the CVE-2024-3094 Backdoor Last week, Microsoft engineer Andres Freund discovered a backdoor issue in the latest versions of the “xz” tools and libraries. The vulnerability was tracked as CVE-2024-3094…

Read more →

Google is going to delete data records related to the ‘Incognito Mode’ browsing activity to settle a class action lawsuit. Google has agreed to delete billions of data records related to users’ browsing activities in ‘Incognito Mode’ to settle a…

Read more →

Threat actors claimed the hack of the PandaBuy online shopping platform and leaked data belonging to more than 1.3 million customers. At least two threat actors claimed the hack of the PandaBuy online shopping platform and leaked data of more…

Read more →

The OWASP Foundation disclosed a data breach that impacted some members due to a misconfiguration of an old Wiki web server. The OWASP Foundation has disclosed a data breach that impacted some of its members. The OWASP (Open Web Application…

Read more →

Researchers detected a new version of the Vultur banking trojan for Android with enhanced remote control and evasion capabilities. Researchers from NCC Group discovered a new version of the Vultur banking trojan for Android that includes new enhanced remote control…

Read more →

The US government announced establishing the Office of the Assistant Secretary of Defense for Cyber Policy. The US Defense Department announced establishing the Office of the Assistant Secretary of Defense for Cyber Policy (ASD(CP)) as directed in the National Defense…

Read more →

Experts warn of info stealer malware, including Atomic Stealer, targeting Apple macOS users via malicious ads and rogue websites. Jamf Threat Labs researchers analyzed info stealer malware attacks targeting macOS users via malicious ads and rogue websites. One of the…

Read more →

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Expert…

Read more →

A Linux variant of the DinodasRAT backdoor used in attacks against users in China, Taiwan, Turkey, and Uzbekistan, researchers from Kaspersky warn. Researchers from Kaspersky uncovered a Linux version of a multi-platform backdoor DinodasRAT that was employed in attacks targeting China, Taiwan, Turkey, and…

Read more →

AT&T confirmed that a data breach impacted 73 million current and former customers after its data were leaked on a cybercrime forum. In March 2024, more than 70,000,000 records from an unspecified division of AT&T were leaked onto Breached forum,…

Read more →

Red Hat warns of a backdoor in XZ Utils data compression tools and libraries in Fedora development and experimental versions. Red Hat urges users to immediately stop using systems running Fedora development and experimental versions because of a backdoor in the latest…

Read more →

The German Federal Office for Information Security (BSI) warned of thousands of Microsoft Exchange servers in the country vulnerable to critical flaws. The German Federal Office for Information Security (BSI) issued an alert about at least 17,000 Microsoft Exchange servers in…

Read more →

Cisco warns customers of password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services of Cisco Secure Firewall devices. Cisco is warning customers of password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services configured on Cisco Secure Firewall…

Read more →

Hot Topic suffered credential stuffing attacks that exposed customers’ personal information and partial payment data. Hot Topic, Inc. is an American fast-fashion company specializing in counterculture-related clothing and accessories, as well as licensed music. The company was the victim of credential stuffing attacks against its website and…

Read more →

Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to trigger a denial-of-service (DoS) condition. Cisco this week released patches to address multiple IOS and IOS XE software vulnerabilities. An unauthenticated attacker can exploit several…

Read more →

Google’s Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively exploited zero-day vulnerabilities in 2023. Google’s Threat Analysis Group (TAG) and its subsidiary Mandiant reported that in 2023 97 zero-day vulnerabilities were exploited in attacks,…

Read more →

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during the Pwn2Own Vancouver 2024. Google addressed several vulnerabilities in the Chrome web browser this week, including two zero-day vulnerabilities, tracked as CVE-2024-2886 and CVE-2024-2887, which…

Read more →

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening to leak three terabytes of alleged stolen data. The INC Ransom extortion gang added the National Health Service (NHS) of Scotland to the list of victims…

Read more →

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the 2023 Pwn2Own to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the CVE-2023-24955 Microsoft SharePoint Server Code Injection Vulnerability to its…

Read more →

This is the advantage of Data Detection and Response (DDR) for organizations aiming to build a real-time data defense. In cybersecurity, and in life, by the time you find out that something went wrong it is often too late. The…

Read more →

The Finnish Police attributed the attack against the parliament that occurred in March 2021 to the China-linked group APT31. The Finnish Police attributed the March 2021 attack on the parliament to the China-linked group APT31. The Finnish authorities investigated multiple…

Read more →

A new variant of TheMoon malware infected thousands of outdated small office and home office (SOHO) routers and IoT devices worldwide. The Black Lotus Labs team at Lumen Technologies uncovered an updated version of “TheMoon” bot targeting end-of-life (EoL) small…

Read more →

UK, Australia and New Zealand are accusing China-linked threat actors of cyber operations against UK institutions and parliamentarians. GCHQ’s National Cyber Security Centre believes that China-linked cyberespionage group APT31 was responsible for cyber attacks against UK parliamentarians’ emails in 2021.…

Read more →

The US Treasury Department announced sanctions on two APT31 Chinese hackers linked to attacks against organizations in the US critical infrastructure sector. The US government announced sanctions against a pair of Chinese hackers (Zhao Guangzong and Ni Gaobin), alleged members of the…

Read more →

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds FortiClient EMS, Ivanti EPM CSA, Nice Linear eMerge E3-Series bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities…

Read more →

In recent campaigns, Iran-linked APT group MuddyWater used a legitimate Remote Monitoring and Management (RMM) solution called Atera. Proofpoint researchers observed the Iran-linked APT group MuddyWater (aka SeedWorm, TEMP.Zagros, TA450, and Static Kitten) was behind a new phishing campaign in March 2024 that attempted to…

Read more →

Researchers reported that over 100 organizations in Europe and US were targeted by a wave of large-scale StrelaStealer campaigns Palo Alto Networks’ Unit42 spotted a wave of large-scale StrelaStealer campaigns impacting over 100 organizations across the EU and US. The…

Read more →

Researchers demonstrated a new side-channel attack, named GoFetch, against Apple CPUs that could allow an attacker to obtain secret keys. A team of researchers from several US universities demonstrated a new microarchitectural side-channel attack named GoFetch that could allow attackers…

Read more →

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Russia-linked…

Read more →

During the month of Ramadan, Resecurity observed a significant increase in fraudulent activities and scams. During the month of Ramadan, Resecurity observed a significant increase in fraudulent activities and scams, coinciding with a surge in retail and online transactions. Middle…

Read more →

Russia-linked threat actors employ the WINELOADER backdoor in recent attacks targeting German political parties. In late February, Mandiant researchers spotted the Russia-linked group APT29 using a new variant of the WINELOADER backdoor to target German political parties with a CDU-themed…

Read more →

Mozilla addressed two Firefox zero-day vulnerabilities exploited during the Pwn2Own Vancouver 2024 hacking competition. Mozilla has done an amazing job addressing two zero-day vulnerabilities in the Firefox web browser exploited during the recent Pwn2Own Vancouver 2024 hacking competition. The researcher…

Read more →

A large-scale malware campaign, tracked as Sign1, has already compromised 39,000 WordPress sites in the last six months. Sucurity researchers at Sucuri spotted a malware campaign, tracked as Sign1, which has already compromised 39,000 WordPress sites in the last six…

Read more →

The German police seized the infrastructure of the darknet marketplace Nemesis Market disrupting its operation. An operation conducted by the Federal Criminal Police Office in Germany (BKA) and the Frankfurt cybercrime combating unit (ZIT) led to the seizure of the…

Read more →

A flaw in Dormakaba Saflok electronic locks, dubbed Unsaflok, can allow threat actors to open millions of doors worldwide. Researchers Lennert Wouters, Ian Carroll, rqu, BusesCanFly, Sam Curry, sshell, and Will Caruana discovered a series of vulnerabilities, collectively named Unsaflok, in Dormakaba Saflok electronic RFID locks.…

Read more →

Pwn2Own Vancouver 2024 hacking competition has ended, and participants earned $1,132,500 for demonstrating 29 unique zero-days. Trend Micro’s Zero Day Initiative (ZDI) announced that participants earned $1,132,500 on the Pwn2Own Vancouver 2024 hacking competition for demonstrating 29 unique zero-days. On…

Read more →

Researchers released a PoC exploit for a critical flaw in Fortinet’s FortiClient Enterprise Management Server (EMS) software, which is actively exploited. Security researchers at Horizon3 have released a proof-of-concept (PoC) exploit for a critical vulnerability, tracked as CVE-2023-48788 (CVSS score…

Read more →

Participants earned $732,500 on the first day of the Pwn2Own Vancouver 2024 hacking competition, a team demonstrated a Tesla hack. Participants earned $732,000 on the first day of the Pwn2Own Vancouver 2024 hacking competition for demonstrating 19 unique zero-days, announced…

Read more →

Ivanti urges customers to address a critical remote code execution vulnerability impacting the Standalone Sentry solution. Ivanti addressed a critical remote code execution vulnerability, tracked as CVE-2023-41724 (CVSS score of 9.6), impacting Standalone Sentry solution. An unauthenticated attacker can exploit…

Read more →

Boffins devised a new application-layer loop DoS attack based on the UDP protocol that impacts major vendors, including Broadcom, Microsoft and MikroTik. Researchers from the CISPA Helmholtz Center for Information Security (Germany) devised a new denial-of-service (DoS) attack, called loop…

Read more →

Atlassian fixed tens of vulnerabilities in Bamboo, Bitbucket, Confluence, and Jira products, including a critical flaw that can be very dangerous. Atlassian addressed multiple vulnerabilities in its Bamboo, Bitbucket, Confluence, and Jira products. The most severe vulnerability, tracked as CVE-2024-1597…

Read more →

Multiple threat actors are exploiting the recently disclosed JetBrains TeamCity flaw CVE-2024-27198 in attacks in the wild. Trend Micro researchers are exploiting the recently disclosed vulnerabilities CVE-2024-27198 (CVSS score: 9.8) and CVE-2024-27199 (CVSS score 7.3) security flaws in JetBrains TeamCity to…

Read more →

Researchers found a new variant of the BunnyLoader malware with a modular structure and new evasion capabilities. In October 2023, Zscaler ThreatLabz researchers discovered a new malware-as-a-service (MaaS) called BunnyLoader, which was advertised for sale in multiple cybercrime forums since September 4, 2023.…

Read more →

The Pokemon Company resets some users’ passwords in response to hacking attempts against some of its users. The Pokemon Company announced it had reset the passwords for some accounts after it had detected hacking attempts, Techcrunch first reported. The company…

Read more →

Ukraine cyber police, along with the national police, arrested three hackers attempting to sell 100 million compromised emails and Instagram accounts. The Ukraine cyber police and the national police have arrested three individuals who are suspected to have hacked over…

Read more →

A new variant of the Russia-linked wiper AcidRain, tracked as AcidPour, was spotted targeting Linux x86 devices. A new variant of a data wiper AcidRain, tracked as AcidPour, is specifically designed for targeting Linux x86 devices has been detected in…

Read more →

On Sunday, two competitive esports players were hacked while participating at the Apex Legends Global Series tournament. Electronic Arts postponed the North American (NA) finals of the Apex Legends Global Series tournament after two competitive esports players were hacked during a match.…

Read more →

Trend Micro uncovered a sophisticated campaign conducted by Earth Krahang APT group that breached 70 organizations worldwide. Trend Micro researchers uncovered a sophisticated campaign conducted by a threat actor tracked as Earth Krahang while investigating the activity of China-linked APT…

Read more →

Fortra addressed a critical remote code execution vulnerability impacting its FileCatalyst file transfer product. Fortra has released updates to address a critical vulnerability, tracked as CVE-2024-25153 (CVSS score 9.8) impacting its FileCatalyst file transfer solution. A remote, unauthenticated attacker can exploit their vulnerability to…

Read more →

Technology giant Fujitsu announced it had suffered a cyberattack that may have resulted in the theft of customer information. Japanese technology giant Fujitsu on Friday announced it had suffered a malware attack, threat actors may have stolen personal and customer…

Read more →

A critical vulnerability in WordPress miniOrange’s Malware Scanner and Web Application Firewall plugins can allow site takeover. On March 1st, 2024, WordPress security firm Wordfence received a submission for a Privilege Escalation vulnerability in miniOrange’s Malware Scanner as part of the…

Read more →