Microsoft researchers warn that threat actors are delivering the Godzilla framework using a static ASP.NET machine. In December 2024, Microsoft Threat Intelligence researchers spotted a threat actor using a public ASP.NET machine key to deploy Godzilla malware, exploiting insecure key…
Tag: Security Affairs
U.S. CISA adds Microsoft Outlook, Sophos XG Firewall, and other flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Outlook, Sophos XG Firewall, and other flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: The…
Cisco addressed two critical flaws in its Identity Services Engine (ISE)
Cisco addressed critical flaws in Identity Services Engine, preventing privilege escalation and system configuration changes. Cisco addressed multiple vulnerabilities, including two critical remote code execution flaws, tracked as CVE-2025-20124 (CVSS score of 9.9) and CVE-2025-20125 (CVSS score of 9.1), in…
Notorious hacker behind 40+ cyberattacks on strategic organizations arrested
Spanish Police arrested an unnamed hacker who allegedly breached tens of government institutions in Spain and the US. Spanish National Police arrested a hacker responsible for multiple cyberattacks on government institutions in Spain and the U.S.. Targe including the U.S.…
Lazarus APT targets crypto wallets using cross-platform JavaScript stealer
The North Korea-linked APT group Lazarus uses a cross-platform JavaScript stealer to target crypto wallets in a new hacking campaign. Bitdefender researchers reported that the North Korea-linked Lazarus group uses fake LinkedIn job offers in the cryptocurrency and travel sectors to deliver…
U.S. CISA adds Linux kernel flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Linux kernel vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Linux kernel vulnerability, tracked as CVE-2024-53104, to its Known Exploited Vulnerabilities (KEV) catalog. The February…
U.S. CISA adds Microsoft .NET Framework, Apache OFBiz, and Paessler PRTG Network Monitor flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft .NET Framework, Apache OFBiz, and Paessler PRTG Network Monitor flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited…
SparkCat campaign target crypto wallets using OCR to steal recovery phrases
In late 2024, Kaspersky experts discovered a malicious campaign, called SparkCat, spreading malware to target crypto wallets. In March 2023, ESET found malware in modified versions of messengers using OCR to scan the victim’s gallery for images with recovery phrases…
International Civil Aviation Organization (ICAO) and ACAO Breached: Cyberespionage Groups Targeting Aviation Safety Specialists
The International Civil Aviation Organization (ICAO) is investigating a data breach affecting system and employee security. The International Civil Aviation Organization (ICAO), a specialized agency of the United Nations, is investigating a significant data breach that has raised concerns about…
Online food ordering and delivery platform GrubHub discloses a data breach
Online food ordering and delivery platform GrubHub suffered a data breach that exposed the personal information of drivers and customers. This week the online food ordering and delivery firm GrubHub disclosed a data breach that exposed customer and driver information. …
Netgear urges users to upgrade two flaws impacting WiFi router models
Netgear disclosed two critical flaws impacting multiple WiFi router models and urges customers to address them. Netgear addressed two critical vulnerabilities, internally tracked as PSV-2023-0039 and PSV-2021-0117, impacting multiple WiFi router models and urged customers to install the latest firmware.…
AMD fixed a flaw that allowed to load malicious microcode
AMD released security patches to fix a flaw that could bypass SEV protection, letting attackers load malicious microcode. Researchers from Google disclosed an improper signature verification vulnerability, tracked as CVE-2024-56161 (CVSS score of 7.2), in AMD’s Secure Encrypted Virtualization (SEV). An…
Coyote Banking Trojan targets Brazilian users, stealing data from 70+ financial apps and websites
Coyote Banking Trojan targets Brazilian users, stealing data from over 70 financial applications and websites. FortiGuard Labs researchers detected a campaign using LNK files executing PowerShell commands to deploy the Coyote Banking Trojan. Threat actors target Brazilian users by stealing…
Google fixed actively exploited kernel zero-day flaw
The February 2025 Android security updates addressed 48 vulnerabilities, including a kernel zero-day flaw exploited in the wild. The February 2025 Android security updates addressed 48 vulnerabilities, including a zero-day flaw, tracked as CVE-2024-53104, which is actively exploited in attacks in…
Web Skimmer found on at least 17 websites, including Casio UK
Casio Website Infected With Skimmer A threat actor has installed a web skimmer on all pages of the Casio UK’s website, except the checkout page. Jscrambler researchers uncovered a web skimmer campaign targeting multiple websites, including Casio one (casio.co.uk). The…
Crazy Evil gang runs over 10 highly specialized social media scams
The Russian-speaking Crazy Evil group runs over 10 social media scams, tricking victims into installing StealC, AMOS, and Angel Drainer malware. Since 2021, the Crazy Evil gang has become a major cybercriminal group, using phishing, identity fraud, and malware to…
Elon Musk ’s DOGE team granted ‘full access’ to sensitive Treasury systems. What are the risks?
US Sen. Ron Wyden warns of national security risks after Elon Musk ’s DOGE was given full access to sensitive Treasury systems. Sen. Ron Wyden warned of national security risks after Elon Musk ’s team, Department of Government Efficiency (DOGE),…
Texas is the first state to ban DeepSeek on government devices
Texas bans DeepSeek and RedNote on government devices to block Chinese data-harvesting AI, citing security risks. Texas Governor Greg Abbott banned Chinese AI company DeepSeek and Chinese-owned social media apps Xiaohongshu (RedNote) and Lemon8 from all state-issued devices. The AI-powered…
Law enforcement seized the domains of HeartSender cybercrime marketplaces
U.S. and Dutch authorities seized 39 domains and servers linked to the HeartSender cybercrime group based in Pakistan. A joint law enforcement operation led to the seizure of 39 domains tied to a Pakistan-based HeartSender cybercrime group (aka Saim Raza…
SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 31
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. ESXi Ransomware Attacks: Stealthy Persistence through SSH Tunneling MintsLoader: StealC and BOINC Delivery Cloud Ransomware Developments | The Risks of Customer-Managed…
WhatsApp disrupted a hacking campaign targeting journalists with Paragon spyware
Meta announced the disruption of a malware campaign via WhatsApp that targeted journalists with the Paragon spyware. Meta announced that discovered and dismantled a malware campaign via WhatsApp that targeted journalists and civil society members with the Paragon spyware (aka…
Security Affairs newsletter Round 509 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. A ransomware attack…
Ransomware attack hit Indian multinational Tata Technologies
Indian multinational technology company Tata Technologies suspended some IT services following a ransomware attack. Indian multinational Tata Technologies, a Tata Motors subsidiary, suspended some IT services following a ransomware attack. The company, which is engaged in product engineering, provides services to automotive and aerospace original…
A ransomware attack forced New York Blood Center to reschedule appointments
The New York Blood Center faced a ransomware attack on Sunday, forcing the healthcare organization to reschedule appointments. The New York Blood Center suffered a ransomware attack on Sunday, causing appointment rescheduling. The New York Blood Center (NYBC) is a…
Contec CMS8000 patient monitors contain a hidden backdoor
The U.S. CISA and the FDA warned of a hidden backdoor in Contec CMS8000 and Epsimed MN-120 patient monitors. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Food and Drug Administration (FDA) warned that three flaws in Contec CMS8000…
Community Health Center data breach impacted over 1 million patients
Community Health Center (CHC) data breach impacted over 1 million patients in Connecticut, the healthcare provider started notifying them. Community Health Center (CHC) is a leading healthcare provider based in Connecticut, offering primary care, dental, behavioral health, and specialty services.…
Italy’s data protection authority Garante blocked the DeepSeek AI platform
Italy’s data protection authority Garante blocked the DeepSeek AI service due to insufficient transparency regarding user data process. Italy’s data protection watchdog has blocked Chinese artificial intelligence (AI) firm DeepSeek ‘s chatbot service within the country, citing a lack of information on…
Broadcom fixed information disclosure flaws in VMware Aria Operations
Broadcom patched five flaws in VMware Aria Operations and Aria Operations for Logs that could lead to privilege escalation and credential theft. Broadcom addressed the following vulnerabilities in VMware Aria Operations and Aria Operations for Logs: The above vulnerabilities impact…
DeepSeek database exposed highly sensitive information
Chinese AI platform DeepSeek has publicly exposed two databases containing highly sensitive user and backend details. Wiz Research discovered a publicly accessible ClickHouse database belonging to DeepSeek, exposing chat history, secret keys, and backend details. After responsible disclosure, DeepSeek promptly…
Operation Talent: An international law enforcement operation seized Cracked, Nulled and other cybercrime websites
An international law enforcement operation targeted several major cybercrime websites, including Cracked, Nulled, Sellix, and StarkRDP. An international law enforcement operation led by Europol, code-named Operation Talent, dismantled several major cybercrime sites, including Cracked, Nulled, Sellix, and StarkRDP. The message…
TeamViewer fixed a vulnerability in Windows client and host applications
TeamViewer has patched a high-severity privilege escalation vulnerability affecting its Windows client and host applications. TeamViewer released security patches for a high-severity elevation of privilege vulnerability, tracked as CVE-2025-0065 (CVSS score of 7.8), in its remote access solutions for Windows.…
PHP package Voyager flaws expose to one-click RCE exploits
The open-source PHP package Voyager is affected by three vulnerabilities that could be exploited to achieve one-click remote code execution on affected instances. Voyager is a popular open-source PHP package for managing Laravel applications, offering an admin interface, BREAD operations, media, and…
Italy’s Data Protection Authority Garante requested information from Deepseek
Italy’s data privacy regulator Garante has requested information from Chinese AI company DeepSeek regarding its data practices. Italy’s Data Protection Authority Garante has asked the AI firm DeepSeek to clarify its data collection, sources, purposes, legal basis, and storage, citing…
Aquabot variant v3 targets Mitel SIP phones
A new variant of the Mirai-based botnet Aquabot targets vulnerable Mitel SIP phones to recruit them into a DDoS botnet. Akamai researchers spotted a new variant of the Mirai-based botnet Aquabot that is targeting vulnerable Mitel SIP phones. Aquabot is…
U.S. CISA adds Apple products’ flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple products’ flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple Multiple Products Use-After-Free Vulnerability, tracked as CVE-2025-24085, to its Known Exploited Vulnerabilities (KEV) catalog. This…
Critical remote code execution bug found in Cacti framework
A critical flaw in Cacti open-source network monitoring and fault management framework that could allow remote code execution. Cacti is an open-source platform that provides a robust and extensible operational monitoring and fault management framework for users. A critical vulnerability, tracked…
Attackers actively exploit a critical zero-day in Zyxel CPE Series devices
Experts warn that threat actors are actively exploiting critical zero-day vulnerability, tracked as CVE-2024-40891, in Zyxel CPE Series devices. GreyNoise researchers are observing active exploitation attempts targeting a zero-day, tracked as CVE-2024-40891, in Zyxel CPE Series devices. The vulnerability is a command…
Attackers exploit SimpleHelp RMM Software flaws for initial access
Threat actors exploit recently fixed SimpleHelp RMM software vulnerabilities to breach targeted networks, experts warn. Horizon3 researchers discovered three vulnerabilities, tracked as CVE-2024-57726, CVE-2024-57727, and CVE-2024-57728, that could be used to compromise a SimpleHelp server, as well as clients machines…
VMware fixed a flaw in Avi Load Balancer
VMware fixed a high-risk blind SQL injection vulnerability in Avi Load Balancer, allowing attackers to exploit databases via crafted queries. VMware warns of a high-risk blind SQL injection vulnerability, tracked as CVE-2025-22217 (CVSS score of 8.6), in Avi Load Balancer,…
Ransomware attack on ENGlobal compromised personal information
ENGlobal reported to the SEC that personal information was compromised in a ransomware attack that took place in November 2024. ENGlobal disclosed a ransomware attack that occurred in November, in a SEC filing the company confirmed that threat actors gained access to…
EU announced sanctions on three members of Russia’s GRU Unit 29155
The EU sanctioned three members of Russia’s GRU Unit 29155 for cyberattacks on Estonia’s government agencies in 2020. The European Union announced sanctions for three members (Nikolay Korchagin, Vitaly Shevchenko, and Yuriy Denisov) of Unit 29155 of Russia’s military intelligence…
Chinese AI platform DeepSeek faced a “large-scale” cyberattack
Chinese AI company DeepSeek has disabled registrations for its DeepSeek-V3 chat platform following a “large-scale” cyberattack. DeepSeek has designed a new AI platform that quickly gained attention over the past week primarily due to its significant advancements in artificial intelligence…
Apple fixed the first actively exploited zero-day of 2025
Apple addressed the first zero-day vulnerability of 2025, which is actively exploited in attacks in the wild aimed at iPhone users. Apple released security updates to address 2025’s first zero-day vulnerability, tracked as CVE-2025-24085, actively exploited in attacks targeting iPhone users.…
TalkTalk confirms data breach involving a third-party platform
UK telecommunications firm TalkTalk disclosed a data breach after a threat actor announced the hack on a cybercrime forum. UK telecommunications company TalkTalk confirmed a data breach after a threat actor claimed responsibility for the cyber attack on a cybercrime…
Multiple Git flaws led to credentials compromise
Vulnerabilities in the Git credential retrieval protocol could have allowed threat actors to access user credentials. Security researcher RyotaK from GMO Flatt Security Inc discovered multiple vulnerabilities in the Git credential retrieval protocol that could have allowed threat actors to…
GamaCopy targets Russia mimicking Russia-linked Gamaredon APT
New threat actor GamaCopy mimics Russia-linked Gamaredon APT in attacks on Russian-speaking targets. The Knownsec 404 Advanced Threat Intelligence team recently analyzed attacks on Russian-speaking targets using military-themed bait, 7z SFX for payloads, and UltraVNC, mimicking Gamaredon’s TTPs. The researchers…
ESXi ransomware attacks use SSH tunnels to avoid detection
Threat actors behind ESXi ransomware attacks target virtualized environments using SSH tunneling to avoid detection. Researchers at cybersecurity firm Sygnia warn that threat actors behind ESXi ransomware attacks target virtualized environments using SSH tunneling to avoid detection. Ransomware groups are…
Attackers allegedly stole $69 million from cryptocurrency platform Phemex
Crooks stole at least $69 million from Singapore-based cryptocurrency platform Phemex in an alleged cyberattack. Singapore-based crypto platform Phemex paused operations after a cyberattack that resulted in the theft of $69M. Phemex CEO Federico Variola stated they are restoring withdrawals and…
Change Healthcare data breach exposed the private data of over half the U.S.
The Change Healthcare data breach is worse than initially estimated: approximately 190 million people have been affected. The Change Healthcare data breach is worse than initially estimated, the incident has impacted 190 million people. In October 2024, UnitedHealth Group announced…
Security Affairs newsletter Round 508 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Subaru Starlink flaw…
SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 30
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Gmail For Exfiltration: Malicious npm Packages Target Solana Private Keys and Drain Victims’ Wallets Threat Bulletin: Weaponized Software Targets Chinese-Speaking…
Cisco warns of a ClamAV bug with PoC exploit
Cisco addressed a ClamAV denial-of-service (DoS) vulnerability, and experts warn of the availability of a proof-of-concept (PoC) exploit code. Cisco has released security updates to address a ClamAV denial-of-service (DoS) vulnerability tracked as CVE-2025-20128. The Cisco PSIRT experts warn of…
Subaru Starlink flaw allowed experts to remotely hack cars
Subaru Starlink flaw exposed vehicles and customer accounts in the US, Canada, and Japan to remote attacks. Popular security researcher Sam Curry and he colleague Shubham Shah discovered a vulnerability in Subaru’s Starlink connected vehicle service that exposed vehicles and…
Participants in the Pwn2Own Automotive 2025 earned $886,250
The Pwn2Own Automotive 2025 hacking contest has ended, and participants earned $886,250 after demonstrating 49 zero-day flaws. The Pwn2Own Automotive 2025 hacking contest has ended, and participants earned $886,250 after demonstrating 49 zero-day flaws. Sina Kheirkhah (@SinSinology) of Summoning Team…
U.S. CISA adds SonicWall SMA1000 flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SonicWall SMA1000 vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a SonicWall SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC) vulnerability, tracked as…
J-magic malware campaign targets Juniper routers
Threat actors are targeting Juniper routers with a custom backdoor in a campaign called code-named “J-magic,” attackers are exploiting a Magic Packet flaw. Lumen Technologies researchers reported that the J-magic campaign targets Juniper routers with a custom backdoor using a…
SonicWall warns of a critical CVE-2025-23006 zero-day likely exploited in the wild
SonicWall warns customers of a critical zero-day vulnerability in SMA 1000 Series appliances, likely exploited in the wild. SonicWall is waring customers of a critical security vulnerability, tracked as CVE-2025-23006 (CVSS score of 9,8) impacting its Secure Mobile Access (SMA)…
U.S. CISA adds JQuery flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds JQuery vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a JQuery persistent cross-site scripting (XSS) vulnerability, tracked as CVE-2020-11023 (CVSS score: 6.9) to its Known Exploited…
Pwn2Own Automotive 2025 Day 2: organizers awarded $335,500
Bug hunters earned $129,000 for Tesla charger exploits and over $700,000 total in two days at Pwn2Own Automotive 2025. During Day 2 of Pwn2Own Automotive 2025 organizers awarded $335,500, which brings the event total to $718,250. So far, the researchers…
Chinese threat actors used two advanced exploit chains to hack Ivanti CSA
US agencies revealed Chinese threat actors used two advanced exploit chains to breach Ivanti Cloud Service Appliances (CSA). The US government’s cybersecurity and law enforcement revealed that Chinese threat actors used at least two sophisticated exploit chains to compromise Ivanti…
Cisco addresses a critical privilege escalation bug in Meeting Management
Cisco addressed a critical flaw in its Meeting Management that could allow it to gain administrator privileges on vulnerable instances. Cisco released security updates to fix a critical flaw, tracked as CVE-2025-20156 (CVSS score of 9.9) affecting its Meeting Management.…
U.S. President Donald Trump granted a “full and unconditional pardon” to Ross Ulbricht, Silk Road creator
Donald Trump pardoned Ross Ulbricht, creator of the notorious dark web, drug marketplace Silk Road , after 11 years in prison. Donald Trump pardoned Ross Ulbricht, creator of Silk Road, who was convicted in 2015 for narcotics and money-laundering conspiracy…
Pwn2Own Automotive 2025 Day 1: organizers awarded $382,750 for 16 zero-days
Trend Micro’s Zero Day Initiative (ZDI) announced that $380K was awarded on Day 1 of Pwn2Own Automotive 2025. Trend Micro’s Zero Day Initiative (ZDI) announced that over $380,000 was awarded on Day 1 of Pwn2Own Automotive 2025, a hacking contest…
Two ransomware groups abuse Microsoft’s Office 365 platform to gain access to target organizations
Two ransomware groups exploiting Microsoft 365 services and default settings to target internal enterprise users. Sophos researchers started investigating two distinct clusters of activity, tracked as STAC5143 and STAC5777, in response to customer ransomware attacks in November and December 2024.…
Cloudflare blocked a record-breaking 5.6 Tbps DDoS attack
Cloudflare announced that it has blocked a record-breaking 5.6 terabit-per-second (Tbps) distributed denial-of-service (DDoS) attack. Cloudflare announced that during the week of Halloween 2024, it autonomously detected and blocked a 5.6 Terabit per second (Tbps) DDoS attack, which is the…
A 7-Zip bug allows to bypass the Mark of the Web (MotW) feature
A vulnerability in the 7-Zip file software allows attackers to bypass the Mark of the Web (MotW) Windows security feature. Attackers can exploit a vulnerability, tracked as CVE-2025-0411, in the free, open-source file archiver software 7-Zip to bypass the Mark…
Former CIA analyst pleaded guilty to leaking top-secret documents
A former CIA analyst, Asif William Rahman, pleaded guilty to leaking top-secret National Defense Information on social media in 2024. Asif William Rahman, a former CIA analyst with Top-Secret clearance since 2016, pleaded guilty to leaking classified information on social…
New Mirai botnet variant Murdoc Botnet targets AVTECH IP cameras and Huawei HG532 routers
Researchers warn of a campaign exploiting AVTECH IP cameras and Huawei HG532 routers to create a Mirai botnet variant called Murdoc Botnet. Murdoc Botnet is a new Mirai botnet variant that targets vulnerabilities in AVTECH IP cameras and Huawei HG532…
CERT-UA warned of scammers impersonating the agency using fake AnyDesk requests
CERT-UA warned of scammers impersonating the agency, using fake AnyDesk requests to conduct fraudulent security audits. The Computer Emergency Response Team of Ukraine (CERT-UA) warned of cyber scams involving threat actors impersonating the agency by sending fraudulent AnyDesk connection requests…
Experts found multiple flaws in Mercedes-Benz infotainment system
Kaspersky researchers shared details about multiple vulnerabilities impacting the Mercedes-Benz MBUX infotainment system. Kaspersky published research findings on the first-generation Mercedes-Benz User Experience (MBUX) infotainment system, specifically focusing on the Mercedes-Benz Head Unit. The researchers started from the results of…
HPE is investigating IntelBroker’s claims of the company hack
HPE is probing claims by the threat actor IntelBroker who is offering to sell alleged stolen source code and data from the company. Last week, the notorious threat actor IntelBroker announced on a popular cybercrime forum the sale of data…
Esperts found new DoNot Team APT group’s Android malware
Researchers linked the threat actor DoNot Team to a new Android malware that was employed in highly targeted cyber attacks. CYFIRMA researchers linked a recently discovered Android malware to the Indian APT group known as DoNot Team. The Donot Team (aka…
Malicious npm and PyPI target Solana Private keys to steal funds from victims’ wallets
Researchers found malicious npm and PyPI packages capable of stealing and deleting sensitive data from infected systems. Socket researchers have identified multiple packages in the npm and Python Package Index (PyPI) repository designed to target Solana private keys and drain…
Planet WGS-804HPT Industrial Switch flaws could be chained to achieve remote code execution
Critical flaws in WGS-804HPT switches could be chained to gain remote code execution on Planet Technology’s industrial devices. The Planet WGS-804HPT industrial switch is used in building and home automation networks to provide connectivity of Internet of things (IoT) devices,…
Security Affairs newsletter Round 507 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. U.S. Treasury Sanctions…
SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 29
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Stealthy Credit Card Skimmer Targets WordPress Checkout Pages via Database Injection Ransomware on ESXi: The mechanization of virtualized attacks FunkSec –…
A flaw in the W3 Total Cache plugin exposes hundreds of thousands of WordPress sites to attacks
A WordPress W3 Total Cache plugin vulnerability could allow attackers to access information from internal services, including metadata on cloud-based apps. A severe vulnerability, tracked as CVE-2024-12365 (CVSS score of 8.5) in the WordPress W3 Total Cache plugin could expose…
U.S. Treasury Sanctions Chinese cybersecurity firm and actor over federal agency breach tied to Salt Typhoon
The U.S. Treasury’s OFAC sanctioned a Chinese cybersecurity firm and a Shanghai cyber actor for ties to Salt Typhoon and a federal agency breach. The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned Chinese firm Sichuan Juxinhe Network…
EU privacy non-profit group filed complaints against TikTok, SHEIN, AliExpress, and other Chinese companies
noyb files complaints against TikTok, AliExpress, and other Chinese companies for illegal EU user data transfers to China, violating data protection laws. Austrian privacy non-profit group None of Your Business (noyb) has filed complaints accusing companies like TikTok, AliExpress, SHEIN,…
U.S. CISA adds Aviatrix Controllers vulnerability to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Aviatrix Controllers vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a critical Aviatrix Controllers OS Command Injection vulnerability, tracked as CVE-2024-50603 (CVSS score of 10)…
ESET detailed a flaw that could allow a bypass of the Secure Boot in UEFI systems
Researchers detailed a now-patched vulnerability that could allow a bypass of the Secure Boot mechanism in UEFI systems. ESET disclosed details of a now-patched vulnerability, tracked as CVE-2024-7344 (CVSS score: 6.7), that could allow a bypass of the Secure Boot mechanism…
Russia-linked APT Star Blizzard targets WhatsApp accounts
The Russian group Star Blizzard targets WhatsApp accounts in a new spear-phishing campaign, shifting tactics to avoid detection. In November 2024, Microsoft researchers observed the Russia-linked APT group Star Blizzard targeting WhatsApp accounts via spear-phishing, shifting tactics to avoid detection.…
Prominent US law firm Wolf Haldenstein disclosed a data breach
The law firm Wolf Haldenstein disclosed a data breach that exposed the personal information of nearly 3.5 million individuals. The law firm Wolf Haldenstein disclosed a 2023 data breach that exposed the personal information of nearly 3.5 million individuals. Wolf…
Clop Ransomware exploits Cleo File Transfer flaw: dozens of claims, disputed breaches
The Clop ransomware gang claims dozens of victims from a Cleo file transfer vulnerability, though several companies dispute the breaches. The Clop ransomware group added 59 new companies to its leak site, the gain claims to have breached them by…
MikroTik botnet relies on DNS misconfiguration to spread malware
Researchers discovered a 13,000-device MikroTik botnet exploiting DNS flaws to spoof 20,000 domains and deliver malware. Infoblox researchers discovered a botnet of 13,000 MikroTik devices that exploits DNS misconfigurations to bypass email protections, spoof approximately 20,000 domains, and deliver malware.…
Threat actor leaked config files and VPN passwords for over Fortinet Fortigate devices
A previously unknown threat actor released config files and VPN passwords for Fortinet FortiGate devices on a popular cybercrime forum. A previously unknown threat actor named Belsen Group published configuration files and VPN passwords for over 15,000 Fortinet FortiGate appliances.…
Microsoft Patch Tuesday updates for January 2025 fixed three actively exploited flaws
Microsoft Patch Tuesday security updates for January 2025 addressed 161 vulnerabilities, including three actively exploited issues. Microsoft Patch Tuesday security updates for January 2025 addressed 161 vulnerabilities in Windows and Windows Components, Office and Office Components, Hyper-V, SharePoint Server, .NET…
U.S. CISA adds Fortinet FortiOS to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Fortinet FortiOS vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Fortinet FortiOS authorization bypass vulnerability, tracked as CVE-2024-55591 (CVSS score: 9.6) to its Known…
Codefinger ransomware gang uses compromised AWS keys to encrypt S3 bucket
The ransomware group Codefinger is using compromised AWS keys to encrypt S3 bucket data using SSE-C, Halcyon researchers warn. The ransomware group Codefinger has been spotted using compromised AWS keys to encrypt data in S3 buckets. The threat actor used…
CVE-2024-44243 macOS flaw allows persistent malware installation
Microsoft disclosed details of a vulnerability in Apple macOS that could have allowed an attacker to bypass the OS’s System Integrity Protection (SIP). Microsoft disclosed details of a now-patched macOS flaw, tracked as CVE-2024-44243 (CVSS score: 5.5), that allows attackers with…
FBI deleted China-linked PlugX malware from over 4,200 US computers
The FBI has removed Chinese PlugX malware from over 4,200 computers in networks across the United States, the U.S. Department of Justice reported. The Justice Department and FBI, along with international partners, announced they deleted PlugX malware from thousands of…
Russia-linked APT UAC-0063 target Kazakhstan in with HATVIBE malware
Russia-linked threat actor UAC-0063 targets Kazakhstan to gather economic and political intelligence in Central Asia. Russia-linked threat actors UAC-0063 is targeting Kazakhstan as part of a cyber espionage campaign to gather economic and political intelligence in Central Asia. The Computer…
A new campaign is likely targeting a zero-day in Fortinet FortiGate firewalls
Experts warn of a new campaign targeting an alleged zero-day in Fortinet FortiGate firewalls with management interfaces exposed online. Arctic Wolf researchers observed a campaign targeting Fortinet FortiGate firewalls with exposed management interfaces, likely exploiting a zero-day vulnerability. Threat actors…
Threat actors exploit Aviatrix Controller flaw to deploy backdoors and cryptocurrency miners
A critical vulnerability in Aviatrix Controller is actively exploited to deploy backdoors and cryptocurrency miners in the wild. A security researcher Jakub Korepta discovered a critical vulnerability, tracked as CVE-2024-50603 (CVSS score: 10.0), in the Aviatrix Controller. The flaw impacts Aviatrix Controller…
U.S. CISA adds BeyondTrust PRA and RS and Qlik Sense flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds BeyondTrust PRA and RS and Qlik Sense flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog:…
Inexperienced actors developed the FunkSec ransomware using AI tools
FunkSec, a new ransomware group that attacked more than 80 victims in December 2024, was developed using AI tools. The FunkSec ransomware-as-a-service (RaaS) group has been active since late 2024, the gang published over 85 victims in December 2024. The…
Credit Card Skimmer campaign targets WordPress via database injection
Stealthy credit card skimmer targets WordPress e-commerce sites, injecting malicious JavaScript into CMS database tables to evade detection. Sucuri researchers warn of a stealthy credit card skimmer campaign targeting WordPress e-commerce sites by injecting malicious JavaScript into CMS database tables.…
Microsoft took legal action against crooks who developed a tool to abuse its AI-based services
In December, Microsoft sued a group for creating tools to bypass safety measures in its cloud AI products. Microsoft filed a complaint with the Eastern District Court of Virginia against ten individuals for using stolen credentials and custom software to…
Pro-Russia hackers NoName057 targets Italy again after Zelensky’s visit to the country
Over the weekend, Italy faced new waves of DDoS attacks carried out by pro-Russia group NoName057(16). Pro-Russia hackers Noname057(16) targeted Italian ministries, institutions, critical infrastructure’s websites and private organizations over the weekend. The new wave of attacks coincides with the…
Security Affairs newsletter Round 506 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. DoJ charged three…