A new variant of Cicada ransomware targets VMware ESXi systems

pTor Project needs 200 WebTunnel bridges more to bypass Russia censorshipppInterpol Operation HAECHIV led to more than 5500 suspects arrestedppHow threat actors can use generative artificial intelligenceppSECURITY AFFAIRS MALWARE NEWSLETTER ROUND 22ppSecurity Affairs newsletter Round 500 by Pierluigi Paganini INTERNATIONAL EDITIONppHackers stole millions of dollars from Uganda Central BankppNotorious ransomware programmer Mikhail Pavlovich Matveev arrested in RussiappPhishingasaService Rockstar 2FA continues to be prevalentppZello urges users to reset passwords following a cyber attackppA cyberattack impacted operations at UK Wirral University Teaching HospitalppTMobile detected network intrusion attempts and blocked themppProjectSend critical flaw actively exploited in the wild experts warnppBootkitty is the first UEFI Bootkit designed for Linux systemsppVMware fixed five vulnerabilities in Aria Operations productppOperation Serengeti INTERPOL arrested 1006 suspects in 19 African countriesppRussian group RomCom exploited Firefox and Tor Browser zerodays to target attacks Europe and North AmericappThe source code of Banshee Stealer leaked onlineppUS CISA adds Array Networks AG and vxAG ArrayOS flaw to its Known Exploited Vulnerabilities catalogppThai police arrested Chinese hackers involved in SMS blaster attacksppZyxel firewalls targeted in recent ransomware attacksppMalware campaign abused flawed Avast AntiRootkit driverppRussialinked APT TAG110 uses targets Europe and AsiappRussialinked threat actors threaten the UK and its allies minister to sayppSecurity Affairs newsletter Round 499 by Pierluigi Paganini INTERNATIONAL EDITIONppDoJ seized credit card marketplace PopeyeTools and charges its administratorsppA cyberattack on gambling giant IGT disrupted portions of its IT systemsppChinalinked APT Gelsemium uses a new Linux backdoor dubbed WolfsBaneppMicrosoft seized 240 sites used by the ONNX phishing serviceppUS CISA adds Apple Oracle Agile PLM bugs to its Known Exploited Vulnerabilities catalogppMore than 2000 Palo Alto Networks firewalls hacked exploiting recently patched zerodaysppRansomhub ransomware gang claims the hack of Mexican government Legal Affairs OfficeppUS DoJ charges five alleged members of the Scattered Spider cybercrime gangppThreat actor sells data of over 750000 patients from a French hospitalppDecadeold local privilege escalation bugs impacts Ubuntu needrestart packageppFord data breach involved a thirdparty supplierppHacker obtained documents tied to lawsuit over Matt Gaetzs sexual misconduct allegationsppApple addressed two actively exploited zeroday vulnerabilitiesppUnsecured JupyterLab and Jupyter Notebooks servers abused for illegal streaming of Sports eventsppRussian Phobos ransomware operator faces cybercrime chargesppGreat Plains Regional Medical Center ransomware attack impacted 133000 individualsppRecently disclosed VMware vCenter Server bugs are actively exploited in attacksppForeign adversary hacked email communications of the Library of Congress saysppTMobile is one of the victims of the massive Chinese breach of telecom firmsppIncreased GDPR Enforcement Highlights the Need for Data SecurityppCritical Really Simple Security plugin flaw impacts 4M WordPress sitesppSECURITY AFFAIRS MALWARE NEWSLETTER ROUND 20ppA botnet exploits e GeoVision zeroday to compromise EoL devicesppPalo Alto Networks confirmed active exploitation of recently disclosed zerodayppGlove Stealer bypasses Chromes AppBound Encryption to steal cookiesppBitfinex hacker Ilya Lichtenstein was sentenced to 5 years in prisonppUS CISA adds Palo Alto Networks Expedition bugs to its Known Exploited Vulnerabilities catalogppChinalinked threat actors compromised multiple telecos and spied on a limited number of US government officialsppBitdefender released a decryptor for the ShrinkLocker ransomwareppChinas Volt Typhoon botnet has reemergedppZoom addressed two highseverity issues in its platformppMicrosoft Patch Tuesday security updates for November 2024 fix two actively exploited zerodaysppAhold Delhaize experienced a cyber incident affecting several of its US brandsppA cyberattack on payment systems blocked cards readers across stores and gas stations in IsraelppApple indeed added a feature called inactivity reboot in iOS 181 that reboots locked devicesppYmir ransomware a new stealthy ransomware grow in the wildppAmazon discloses employee data breach after May 2023 MOVEit attacksppA new fileless variant of Remcos RAT observed in the wildppA surge in ProRussia cyberattacks after decision to monitor North Korean Troops in UkraineppSECURITY AFFAIRS MALWARE NEWSLETTER ROUND 19ppSecurity Affairs newsletter Round 497 by Pierluigi Paganini INTERNATIONAL EDITIONppUS agency cautions employees to limit phone use due to Salt Typhoon hack of telco providersppMazda Connect flaws allow to hack some Mazda vehiclesppVeeam Backup Replication exploit reused in new Frag ransomware attackppTexas oilfield supplier Newpark Resources suffered a ransomware attackppPalo Alto Networks warns of potential RCE in PANOS management interfaceppiPhones in a law enforcement forensics lab mysteriously rebooted losing their After First Unlock AFU stateppUS CISA adds Palo Alto Expedition Android CyberPanel and Nostromo nhttpd bugs to its Known Exploited Vulnerabilities catalogppDPRKlinked BlueNoroff used macOS malware with novel persistenceppCanada ordered ByteDance to shut down TikTok operations in the country over security concernsppCritical bug in Cisco UWRB access points allows attackers to run commands as rootppINTERPOL Operation Synergia II disrupted 22000 malicious IPsppMemorial Hospital and Manor suffered a ransomware attackppSouth Korea fined Meta 1567M for illegally collecting and sharing Facebook usersppSynology fixed critical flaw impacting millions of DiskStation and BeePhotos NAS devicesppToxicPanda Android banking trojan targets Europe and LATAM with a focus on ItalyppUS CISA adds PTZOptics camera bugs to its Known Exploited Vulnerabilities catalogppCanadian authorities arrested alleged Snowflake hackerppAndroid flaw CVE202443093 may be under limited targeted exploitationppJuly 2024 ransomware attack on the City of Columbus impacted 500000 peopleppNigerian man Sentenced to 26 years in real estate phishing scamsppRussian disinformation campaign active ahead of 2024 US electionppInternational law enforcement operation shut down DDoSforhire platform DstatccppSECURITY AFFAIRS MALWARE NEWSLETTER ROUND 18ppSecurity Affairs newsletter Round 496 by Pierluigi Paganini INTERNATIONAL EDITIONppUS Election 2024 FBI warning about fake election videosppChinese threat actors use Quad7 botnet in passwordspray attacksppFBI arrested former Disney World employee for hacking computer menus and mislabeling allergy infoppSophos details five years of Chinalinked threat actors activity targeting network devices worldwideppPTZOptics cameras zerodays actively exploited in the wildppNew LightSpy spyware version targets iPhones with destructive capabilitiesppLottieFiles confirmed a supply chain attack on LottiePlayerppThreat actor says Interbank refused to pay the ransom after a twoweek negotiationppQNAP fixed second zeroday demonstrated at Pwn2Own Ireland 2024ppNew version of Android malware FakeCall redirects bank calls to scammersppRussialinked Midnight Blizzard APT targeted 100 organizations with a spearphishing campaign using RDP filesppQNAP fixed NAS backup zeroday demonstrated at Pwn2Own Ireland 2024ppInternational law enforcement operation dismantled RedLine and Meta infostealersppFog and Akira ransomware attacks exploit SonicWall VPN flaw CVE202440766ppRussialinked espionage group UNC5812 targets Ukraines military with malwareppFrances secondlargest telecoms provider Free suffered a cyber attackppA crime ring compromised Italian state databases reselling stolen infoppThirdParty Identities The Weakest Link in Your Cybersecurity Supply ChainppBlack Basta affiliates used Microsoft Teams in recent attacksppSECURITY AFFAIRS MALWARE NEWSLETTER ROUND 17ppFour REvil Ransomware members sentenced for hacking and money launderingppChinese cyber spies targeted phones used by Trump and VanceppIrish Data Protection Commission fined LinkedIn 310M for GDPR infringementppChange Healthcare data breach impacted over 100 million peopleppOnePoint Patient Care data breach impacted 795916 individualsppFrom Risk Assessment to Action Improving Your DLP ResponseppUS CISA adds Cisco ASA and FTD and RoundCube Webmail bugs to its Known Exploited Vulnerabilities catalogppPwn2Own Ireland 2024 Day 2 participants demonstrated an exploit against Samsung Galaxy S24ppCisco fixed tens of vulnerabilities including an actively exploited oneppFortiJump flaw CVE202447575 has been exploited in zeroday attacks since June 2024ppUS CISA adds Fortinet FortiManager flaw to its Known Exploited Vulnerabilities catalogppDigital Echo Chambers and Erosion of Trust Key Threats to the US ElectionsppCrooks are targeting Docker API servers to deploy SRBMinerppWhy DSPM is Essential for Achieving Data Privacy in 2024ppSEC fined 4 companies for misleading disclosures about the impact of the SolarWinds attackppSamsung zeroday flaw actively exploited in the wildppExperts warn of a new wave of Bumblebee malware attacksppUS CISA adds ScienceLogic SL1 flaw to its Known Exploited Vulnerabilities catalogppVMware failed to fully address vCenter Server RCE flaw CVE202438812ppCisco states that data published on cybercrime forum was taken from publicfacing DevHub environmentppInternet Archive was breached twice in a monthppUnknown threat actors exploit Roundcube Webmail flaw in phishing campaignppSECURITY AFFAIRS MALWARE NEWSLETTER ROUND 16ppSecurity Affairs newsletter Round 494 by Pierluigi Paganini INTERNATIONAL EDITIONppF5 fixed a highseverity elevation of privilege vulnerability in BIGIPppUS CISA adds Veeam Backup and Replication flaw to its Known Exploited Vulnerabilities catalogppNorth Korealinked APT37 exploited IE zeroday in a recent attackppOmni Family Health data breach impacts 468344 individualsppIranlinked actors target critical infrastructure organizationsppmacOS HM Surf flaw in TCC allows bypass Safari privacy settingsppTwo Sudanese nationals indicted for operating the Anonymous Sudan groupppRussialinked RomCom group targeted Ukrainian government agencies since late 2023ppA critical flaw in Kubernetes Image Builder could allow attackers to gain root accessppVMware fixes highseverity SQL injection flaw CVE202438814 in HCXppBrazils Polícia Federal arrested the notorious hacker USDoDppFinnish Customs dismantled the dark web drugs market SipulitieppUS CISA adds Microsoft Windows Kernel Mozilla Firefox and SolarWinds Web Help Desk bugs to its Known Exploited Vulnerabilities catalogppGitHub addressed a critical vulnerability in Enterprise ServerppA new Linux variant of FASTCash malware targets financial systemsppWordPress Jetpack plugin critical flaw impacts 27 million sitesppPokemon dev Game Freak discloses data breachppUS CISA adds Fortinet products and Ivanti CSA bugs to its Known Exploited Vulnerabilities catalogppNationstate actor exploited three Ivanti CSA zerodaysppDutch police dismantled dual dark web market BohemiaCannabiappFidelity Investments suffered a second data breach this yearppSECURITY AFFAIRS MALWARE NEWSLETTER ROUND 15ppSecurity Affairs newsletter Round 493 by Pierluigi Paganini INTERNATIONAL EDITIONppRussialinked group APT29 is targeting Zimbra and JetBrains TeamCity servers on a large scaleppA cyber attack hit Iranian government sites and nuclear facilitiesppRansomware operators exploited Veeam Backup Replication flaw CVE202440711 in recent attacksppGitLab fixed a critical flaw that could allow arbitrary CICD pipeline executionppIran and Chinalinked actors used ChatGPT for preparing attacksppInternet Archive data breach impacted 31M usersppEskimming campaign uses Unicode obfuscation to hide the Mongolian SkimmerppUS CISA adds Ivanti CSA and Fortinet bugs to its Known Exploited Vulnerabilities catalogppMozilla issued an urgent Firefox update to fix an actively exploited flawppPalo Alto fixed critical flaws in PANOS firewalls that allow for full compromise of the devicesppCybercriminals Are Targeting AI Conversational PlatformsppAwaken Likho APT group targets Russian government with a new implantppUS CISA adds Windows and Qualcomm bugs to its Known Exploited Vulnerabilities catalogppUkrainian national pleads guilty in US court for operating the Raccoon InfostealerppMoneyGram discloses data breach following September cyberattackppAmerican Water shut down some of its systems following a cyberattackppUniversal Music data breach impacted 680 individualsppFBCS data breach impacted 238000 Comcast customersppCritical Apache Avro SDK RCE flaw impacts Java applicationsppMan pleads guilty to stealing over 37 Million worth of cryptocurrencyppUS CISA adds Synacor Zimbra Collaboration flaw to its Known Exploited Vulnerabilities catalogppChinalinked group Salt Typhoon hacked US broadband providers and breached wiretap systemsppSECURITY AFFAIRS MALWARE NEWSLETTER ROUND 14ppSecurity Affairs newsletter Round 492 by Pierluigi Paganini INTERNATIONAL EDITIONppGoogle Pixel 9 supports new security features to mitigate baseband attacksppWordPress LiteSpeed Cache plugin flaw could allow site takeoverppApple iOS 1801 and iPadOS 1801 fix media session and passwords bugsppGoogle removed Kasperskys security apps from the Play StoreppNew Perfctl Malware targets Linux servers in cryptomining campaignppMicrosoft and DOJ seized the attack infrastructure used by Russialinked Callisto GroupppDutch police breached by a state actorppThousands of Adobe Commerce estores hacked by exploiting the CosmicSting bugppTelegram revealed it shared US user data with law enforcementppUS CISA adds Ivanti Endpoint Manager EPM flaw to its Known Exploited Vulnerabilities catalogpp14 New DrayTek routers flaws impacts over 700000 devices in 168 countriesppRhadamanthys information stealer introduces AIdriven capabilitiesppCritical Zimbra Postjournal flaw CVE202445519 actively exploited in the wild Patch it nowppPolice arrested four new individuals linked to the LockBit ransomware operationppUMC Health System diverted patients following a ransomware attackppUS CISA adds DLink DIR820 Router DrayTek Multiple Vigor Router Motion Spell GPAC SAP Commerce Cloud bugs to its Known Exploited Vulnerabilities catalogppNews agency AFP hit by cyberattack client services impactedppNorth Korealinked APT Kimsuky targeted German defense firm Diehl DefenceppPatelco Credit Union data breach impacted over 1 million peopleppCommunity Clinic of Maui discloses a data breach following May Lockbit ransomware attackppA British national has been charged for his execution of a hacktotrade schemeppCritical NVIDIA Container Toolkit flaw could allow access to the underlying hostppIsrael army hacked the communication network of the Beirut Airport control towerppSECURITY AFFAIRS MALWARE NEWSLETTER ROUND 13ppSecurity Affairs newsletter Round 491 by Pierluigi Paganini INTERNATIONAL EDITIONppIrish Data Protection Commission fined Meta 91 million for storing passwords in readable formatppA cyberattack on Kuwait Health Ministry impacted hospitals in the countryppCyber vandalism on WiFi networks at UK train stations spread an antiIslam messageppCUPS flaws allow remote code execution on Linux systems under certain conditionsppUS sanctioned virtual currency exchanges Cryptex and PM2BTC for facilitating illegal activitiesppHacking Kia cars made after 2013 using just their license plateppCritical RCE vulnerability found in OpenPLCppChinalinked APT group Salt Typhoon compromised some US internet service providers ISPsppPrivacy nonprofit noyb claims that Firefox tracks users with privacy preserving featureppData of 3191 congressional staffers leaked in the dark webppNew variant of Necro Trojan infected more than 11 million devicesppUS CISA adds Ivanti Virtual Traffic Manager flaw to its Known Exploited Vulnerabilities catalogppArkansas City water treatment facility switched to manual operations following a cyberattackppNew Android banking trojan Octo2 targets European banksppA generative artificial intelligence malware used in phishing attacksppA cyberattack on MoneyGram caused its service outageppDid Israel infiltrate Lebanese telecoms networksppTelegram will provide user data to law enforcement in response to legal requestsppESET fixed two privilege escalation flaws in its productsppNorth Korealinked APT Gleaming Pisces deliver new PondRAT backdoor via malicious Python packagesppChinese APT Earth Baxia target APAC by exploiting GeoServer flawppHacktivist group Twelve is back and targets Russian entitiesppSECURITY AFFAIRS MALWARE NEWSLETTER ROUND 12ppSecurity Affairs newsletter Round 490 by Pierluigi Paganini INTERNATIONAL EDITIONppNoise Storms Mysterious massive waves of spoofed traffic observed since 2020ppHackers stole over 44 million from Asian crypto platform BingXppOP KAERB Europol dismantled phishing scheme targeting mobile usersppUkraine bans Telegram for government agencies military and critical infrastructureppTor Project responded to claims that law enforcement can deanonymize Tor usersppUNC1860 provides Iranlinked APTs with access to Middle Eastern networksppUS DoJ charged two men with stealing and laundering 230 Million worth of cryptocurrencyppThe Vanilla Tempest cybercrime gang used INC ransomware for the first time in attacks on the healthcare sectorppUS CISA adds new Ivanti Cloud Services Appliance Vulnerability to its Known Exploited Vulnerabilities catalogppIvanti warns of a new actively exploited Cloud Services Appliance CSA flawppInternational law enforcement operation dismantled criminal communication platform GhostppUS CISA adds Microsoft Windows Apache HugeGraphServer Oracle JDeveloper Oracle WebLogic Server and Microsoft SQL Server bugs to its Known Exploited Vulnerabilities catalogppSIEM for Small and MediumSized Enterprises What you need to knowppExperts warn of Chinalinked APTs Raptor Train IoT BotnetppCredential Flusher understanding the threat and how to protect your login datappUS Treasury issued fresh sanctions against entities linked to the Intellexa ConsortiumppBroadcom fixed Critical VMware vCenter Server flaw CVE202438812ppRemote attack on pagers used by Hezbollah caused 9 deaths and thousands of injuriesppChinese man charged for spearphishing against NASA and US GovernmentppUS CISA adds Microsoft Windows MSHTML Platform and Progress WhatsUp Gold bugs to its Known Exploited Vulnerabilities catalogppTaking Control Online Ensuring Awareness of Data Usage and ConsentppQilin ransomware attack on Synnovis impacted over 900000 patientsppDLink addressed three critical RCE in wireless router modelsppRecently patched Windows flaw CVE202443461 was actively exploited as a zeroday before July 2024ppSolarWinds fixed critical RCE CVE202428991 in Access Rights ManagerppApple dismisses lawsuit against surveillance firm NSO Group due to risk of threat intelligence exposureppHacker tricked ChatGPT into providing detailed instructions to make a homemade bombppPort of Seattle confirmed that Rhysida ransomware gang was behind the August attackppSECURITY AFFAIRS MALWARE NEWSLETTER ROUND 11ppUS CISA adds Ivanti Cloud Services Appliance Vulnerability to its Known Exploited Vulnerabilities catalogppIvanti Cloud Service Appliance flaw is being actively exploited in the wildppGitLab fixed a critical flaw in GitLab CE and GitLab EEppNew Linux malware called Hadooken targets Oracle WebLogic serversppLehigh Valley Health Network hospital network has agreed to a 65 million settlement after data breachppVo1d malware infected 13 Million Androidbased TV Boxes in 197 countriesppCybersecurity giant Fortinet discloses a data breachppSingapore Police arrest six men allegedly involved in a cybercrime syndicateppAdobe Patch Tuesday security updates fixed multiple critical issues in the companys productsppHighline Public Schools school district suspended its activities following a cyberattackppRansomHub ransomware gang relies on Kaspersky TDSKiller tool to disable EDRppIvanti fixed a maximum severity flaw in its Endpoint Management software EPMppMicrosoft Patch Tuesday security updates for September 2024 addressed four actively exploited zerodaysppQuad7 botnet evolves to more stealthy tactics to evade detectionppPoland thwarted cyberattacks that were carried out by Russia and BelarusppUS CISA adds SonicWall SonicOS ImageMagick and Linux Kernel bugs to its Known Exploited Vulnerabilities catalogppElectronic payment gateway Slim CD disclosed a data breach impacting 17M individualsppPredator spyware operation is back with a new infrastructureppTIDRONE APT targets drone manufacturers in TaiwanppMultiple malware families delivered exploiting GeoServer GeoTools flaw CVE202436401ppProgress Software fixed a maximum severity flaw in LoadMasterppFeds indicted two alleged administrators of WWH Club dark web marketplaceppSECURITY AFFAIRS MALWARE NEWSLETTER ROUND 10ppSecurity Affairs newsletter Round 488 by Pierluigi Paganini INTERNATIONAL EDITIONppUS CISA adds Draytek VigorConnect and Kingsoft WPS Office bugs to its Known Exploited Vulnerabilities catalogppA flaw in WordPress LiteSpeed Cache Plugin allows account takeoverppCar rental company Avis discloses a data breachppSonicWall warns that SonicOS bug exploited in attacksppApache fixed a new remote code execution flaw in Apache OFBizppRussialinked GRU Unit 29155 targeted critical infrastructure globallyppVeeam fixed a critical flaw in Veeam Backup Replication softwareppEarth Lusca adds multiplatform malware KTLVdoor to its arsenalppIs Russian group APT28 behind the cyber attack on the German air traffic control agency DFSppQuishing an insidious threat to electric car ownersppDiscontinued DLink DIR846 routers are affected by code execution flaws Replace themppHead Mare hacktivist group targets Russia and BelarusppZyxel fixed critical OS command injection flaw in multiple routersppVMware fixed a code execution flaw in Fusion hypervisorppVulnerabilities in Microsoft apps for macOS allow stealing permissionsppThree men plead guilty to running MFA bypass service OTPAgencyppTransport for London TfL is dealing with an ongoing cyberattackppLockbit gang claims the attack on the Toronto District School Board TDSBppA new variant of Cicada ransomware targets VMware ESXi systemsppAn air transport security system flaw allowed to bypass airport security screeningsppSECURITY AFFAIRS MALWARE NEWSLETTER ROUND 9ppSecurity Affairs newsletter Round 487 by Pierluigi Paganini INTERNATIONAL EDITIONppFortra fixed two severe issues in FileCatalyst Workflow including a critical flawppSouth Korealinked group APTC60 exploited a WPS Office zerodayppThreat actors exploit Atlassian Confluence bug in cryptomining campaignsppRussialinked APT29 reused iOS and Chrome exploits previously developed by NSO Group and IntellexappCisco addressed a highseverity flaw in NXOS softwareppCorona Mirai botnet spreads via AVTECH CCTV zeroday ppTelegram CEO Pavel Durov charged in France for facilitating criminal activitiesppIranlinked group APT33 adds new Tickler malware to its arsenalppUS CISA adds Google Chromium V8 bug to its Known Exploited Vulnerabilities catalogppYoung Consulting data breach impacts 954177 individualsppBlackByte Ransomware group targets recently patched VMware ESXi flaw CVE202437085ppUS offers 25M reward for Belarusian man involved in mass malware distributionppUS CISA adds Apache OFBiz bug to its Known Exploited Vulnerabilities catalogppChinalinked APT Volt Typhoon exploited a zeroday in Versa DirectorppResearchers unmasked the notorious threat actor USDoDppThe Dutch Data Protection Authority DPA has fined Uber a record 290MppGoogle addressed the tenth actively exploited Chrome zeroday this yearppSonicWall addressed an improper access control issue in its firewallsppA cyberattack impacted operations at the Port of Seattle and SeaTac AirportppLinux malware sedexp uses udev rules for persistence and evasionppFrance police arrested Telegram CEO Pavel DurovppSECURITY AFFAIRS MALWARE NEWSLETTER ROUND 8ppSecurity Affairs newsletter Round 486 by Pierluigi Paganini INTERNATIONAL EDITIONppUS CISA adds Versa Director bug to its Known Exploited Vulnerabilities catalogppHackers can take over Ecovacs home robots to spy on their ownersppRussian national arrested in Argentina for laundering money of crooks and Lazarus APTppQilin ransomware steals credentials stored in Google ChromeppPhishing attacks target mobile users via progressive web applications PWAppMember of cybercrime group Karakurt charged in the USppNew malware Cthulhu Stealer targets Apple macOS usersppChinalinked APT Velvet Ant exploited zeroday to compromise Cisco switchesppA cyberattack hit US oil giant HalliburtonppSolarWinds fixed a hardcoded credential issue in Web Help DeskppA cyberattack disrupted operations of US chipmaker Microchip TechnologyppGoogle addressed the ninth actively exploited Chrome zeroday this yearppGitHub fixed a new critical flaw in the GitHub Enterprise Server ppExperts disclosed a critical informationdisclosure flaw in Microsoft Copilot StudioppNorth Korealinked APT used a new RAT called MoonPeakppProRussia group Vermin targets Ukraine with a new malware familyppA backdoor in millions of Shanghai Fudan Microelectronics RFID cards allows cloningppRansomware payments rose from 4491 million to 4598 millionppPreviously unseen Msupedge backdoor targeted a university in TaiwanppOracle NetSuite misconfiguration could lead to data exposureppToyota disclosed a data breach after ZeroSevenGroup leaked stolen data on a cybercrime forumppCISA adds Jenkins Command Line Interface CLI bug to its Known Exploited Vulnerabilities catalogppResearchers uncovered new infrastructure linked to the cybercrime group FIN7ppExperts warn of exploit attempt for Ivanti vTM bugppMicrosoft ZeroDay CVE202438193 was exploited by North Korealinked Lazarus APTppThe Mad Liberator ransomware group uses socialengineering techniquesppFrom 2018 DeepMasterPrints deceive fingerprint recognition systems with MasterPrints generated with GANsppSECURITY AFFAIRS MALWARE NEWSLETTER ROUND 7ppSecurity Affairs newsletter Round 485 by Pierluigi Paganini INTERNATIONAL EDITIONppLargescale extortion campaign targets publicly accessible environment variable files envppOpenAI dismantled an Iranian influence operation targeting the US presidential electionppNational Public Data confirms a data breachppCISA adds SolarWinds Web Help Desk bug to its Known Exploited Vulnerabilities catalogppRussian national sentenced to 40 months for selling stolen data on the dark webppBanshee Stealer a new macOS malware with a monthly subscription price of 3000ppMillions of Pixel devices can be hacked due to a preinstalled vulnerable appppMicrosoft urges customers to fix zeroclick Windows RCE in the TCPIP stackppA group linked to RansomHub operation employs EDRkilling tool EDRKillShifterppGoogle disrupted hacking campaigns carried out by Iranlinked APT42ppBlack Basta ransomware gang linked to a SystemBC malware campaignppA massive cyber attack hit Central Bank of Iran and other Iranian banksppChinalinked APT Earth Baku targets Europe the Middle East and AfricappSolarWinds addressed a critical RCE in all Web Help Desk versionsppKootenai Health data breach impacted 464000 patientsppMicrosoft Patch Tuesday security updates for August 2024 addressed six actively exploited bugsppA PoC exploit code is available for critical Ivanti vTM bugppElon Musk claims that a DDoS attack caused problems with the livestream interview with Donald TrumpppCERTUA warns of a phishing campaign targeting government entitiesppUS DoJ dismantled remote IT worker fraud schemes run by North KoreappA FreeBSD flaw could allow remote code execution patch it nowppEastWind campaign targets Russian organizations with sophisticated backdoorsppMicrosoft found OpenVPN bugs that can be chained to achieve RCE and LPEppForeign nationstate actors hacked Donald Trumps campaignppSECURITY AFFAIRS MALWARE NEWSLETTER ROUND 6ppSecurity Affairs newsletter Round 484 by Pierluigi Paganini INTERNATIONAL EDITIONppADT disclosed a data breach that impacted more than 30000 customersppIs the INC ransomware gang behind the attack on McLaren hospitalsppCrooks took control of a cow milking robot causing the death of a cowppSonos smart speakers flaw allowed to eavesdrop on usersppFive zerodays impacts EoL Cisco Small Business IP Phones Replace them with newer models asapppCISA adds Apache OFBiz and Android kernel bugs to its Known Exploited Vulnerabilities catalogppRussian cyber spies stole data and emails from UK government systemspp0000 Day flaw allows malicious websites to bypass security in major browsersppFBI and CISA update a joint advisory on the BlackSuit Ransomware groupppRhysida Ransomware group claims to have breached Bayhealth Hospital in DelawareppCritical XSS bug in Roundcube Webmail allows attackers to steal emails and sensitive datappNew Android spyware LianSpy relies on Yandex Cloud to avoid detectionppHackers breached MDM firm Mobile Guardian and wiped thousands of devicesppA ransomware attack hit French museum networkppCISA adds Microsoft COM for Windows bug to its Known Exploited Vulnerabilities catalogppGoogle warns of an actively exploited Android kernel flawppShould Organizations Pay Ransom DemandsppNorth Korealinked hackers target construction and machinery sectors with watering hole and supply chain attacksppResearchers warn of a new critical Apache OFBiz flawppKeytronic incurred approximately 17 million of expenses following ransomware attackppA flaw in Rockwell Automation ControlLogix 1756 could expose critical control systems to unauthorized accessppChinalinked APT41 breached Taiwanese research institute ppChinese StormBamboo APT compromised ISP to deliver malwareppHackers attempt to sell the personal data of 3 billion people resulting from an April data breachppSecurity Affairs Malware Newsletter Round 5ppSecurity Affairs newsletter Round 483 by Pierluigi Paganini INTERNATIONAL EDITIONppUS sued TikTok and ByteDance for violating childrens privacy lawsppRussialinked APT used a car for sale as a phishing lure to target diplomats with HeadLace malwareppInvestors sued CrowdStrike over false claims about its Falcon platformppAvtech camera vulnerability actively exploited in the wild CISA warnsppUS released Russian cybercriminals in diplomatic prisoner exchangeppSitting Ducks attack technique exposes over a million domains to hijackingppOver 20000 internetexposed VMware ESXi instances vulnerable to CVE202437085ppBingoMod Android RAT steals money from victims bank accounts and wipes datappA ransomware attack disrupted operations at OneBlood blood bankppApple fixed dozens of vulnerabilities in iOS and macOSppPhishing campaigns target SMBs in Poland Romania and Italy with multiple malware familiesppA Fortune 50 company paid a recordbreaking 75 million ransomppCISA adds VMware ESXi bug to its Known Exploited Vulnerabilities catalogppMandrake Android spyware found in five apps in Google Play with over 32000 downloads since 2022ppSideWinder phishing campaign targets maritime facilities in multiple countriesppA crafty phishing campaign targets Microsoft OneDrive usersppRansomware gangs exploit recently patched VMware ESXi bug CVE202437085ppAcronis Cyber Infrastructure bug actively exploited in the wildppFake Falcon crash reporter installer used to target German Crowdstrike usersppBelaruslinked APT Ghostwriter targeted Ukraine with PicassoLoader malwareppFrench authorities launch disinfection operation to eradicate PlugX malware from infected hostsppSecurity Affairs Malware Newsletter Round 4ppSecurity Affairs newsletter Round 482 by Pierluigi Paganini INTERNATIONAL EDITIONppUkraines cyber operation shut down the ATM services of major Russian banksppA bug in Chrome Password Manager caused user credentials to disappearppBIND updates fix four highseverity DoS bugs in the DNS software suiteppTerrorist Activity is Accelerating in Cyberspace Risk Precursor to Summer Olympics and ElectionsppProgress Software fixed critical RCE CVE20246327 in the Telerik Report ServerppCritical bug in Docker Engine allowed attackers to bypass authorization pluginsppHackers exploit Microsoft Defender SmartScreen bug CVE202421412 to deliver ACR Lumma and Meduza StealersppMichigan Medicine data breach impacted 56953 patientsppUS CISA adds Microsoft Internet Explorer and Twilio Authy bugs to its Known Exploited Vulnerabilities catalogppChinalinked APT group uses new Macma macOS backdoor versionppFrostyGoop ICS malware targets UkraineppHackers abused swap files in eskimming attacks on Magento sitesppUS Gov sanctioned key members of the Cyber Army of Russia Reborn hacktivists groupppEvilVideo a Telegram Android zeroday allowed sending malicious APKs disguised as videosppSocGholish malware used to spread AsyncRAT malwareppUK police arrested a 17yearold linked to the Scattered Spider gangppSecurity Affairs Malware Newsletter Round 3ppSecurity Affairs newsletter Round 481 by Pierluigi Paganini INTERNATIONAL EDITIONppUS CISA adds Adobe Commerce and Magento SolarWinds ServU and VMware vCenter Server bugs to its Known Exploited Vulnerabilities catalogppThreat actors attempted to capitalize CrowdStrike incidentppRussian nationals plead guilty to participating in the LockBit ransomware groupppMediSecure data breach impacted 129 million individualsppCrowdStrike update epic fail crashed Windows systems worldwideppCisco fixed a critical flaw in Security Email Gateway that could allow attackers to add root usersppSAPwned flaws in SAP AI core could expose customers datappCybercrime group FIN7 advertises new EDR bypass tool on hacking forumsppHow to Protect Privacy and Build Secure AI ProductsppA critical flaw in Cisco SSM OnPrem allows attackers to change any users passwordppMarineMax data breach impacted over 123000 individualsppVoid Banshee exploits CVE202438112 zeroday to spread malwareppThe Octo Tempest group adds RansomHub and Qilin ransomware to its arsenalppCISA adds OSGeo GeoServer GeoTools bug to its Known Exploited Vulnerabilities catalogppKaspersky leaves US market following the ban on the sale of its software in the countryppFBI unlocked the phone of the suspect in the assassination attempt on Donald TrumpppRansomware groups target Veeam Backup Replication bugppATT paid a 370000 ransom to prevent stolen data from being leakedppHardBit ransomware version 40 supports new obfuscation techniquesppDark Gate malware campaign uses Samba file sharesppSecurity Affairs Malware Newsletter Round 2ppSecurity Affairs newsletter Round 480 by Pierluigi Paganini INTERNATIONAL EDITIONppVyacheslav Igorevich Penchukov was sentenced to prison for his role in Zeus and IcedID operationsppRite Aid disclosed data breach following RansomHub ransomware attackppNew ATT data breach exposed call logs of almost all customersppCritical flaw in Exim MTA could allow to deliver malware to users inboxesppPalo Alto Networks fixed a critical bug in the Expedition toolppSmishing Triad Is Targeting India To Steal Personal and Payment Data at ScaleppOctober ransomware attack on Dallas County impacted over 200000 peopleppCrystalRay operations have scaled 10x to over 1500 victimsppMultiple threat actors exploit PHP flaw CVE20244577 to deliver malwareppAIPowered Russias bot farm operates on X US and its allies warnppVMware fixed critical SQLInjection in Aria Automation productppCitrix fixed critical and highseverity bugs in NetScaler productppA new flaw in OpenSSH can lead to remote code executionppMicrosoft Patch Tuesday for July 2024 fixed 2 actively exploited zerodaysppUS CISA adds Microsoft Windows and Rejetto HTTP File Server bugs to its Known Exploited Vulnerabilities catalogppEvolve Bank data breach impacted over 76 million individualsppMore than 31 million customer email addresses exposed following Neiman Marcus data breachppAvast released a decryptor for DoNex Ransomware and its predecessorsppRockYou2024 compilation containing 10 billion passwords was leaked onlineppCritical Ghostscript flaw exploited in the wild Patch it nowppApple removed 25 VPN apps from the App Store in Russia following Moscows requestsppCISA adds Cisco NXOS Command Injection bug to its Known Exploited Vulnerabilities catalogppApache fixed a source code disclosure flaw in Apache HTTP ServerppSecurity Affairs Malware Newsletter Round 1ppSecurity Affairs newsletter Round 479 by Pierluigi Paganini INTERNATIONAL EDITIONppAlabama State Department of Education suffered a data breach following a blocked attackppGootLoader is still active and efficientppHackers stole OpenAI secrets in a 2023 security breachppHackers leak 170k Taylor Swifts ERAS Tour BarcodesppPolyfillio Supply Chain Attack 384773 hosts still embedding a polyfill JS script linking to the malicious domainppNew Golangbased Zergeca Botnet appeared in the threat landscapeppMicrosoft discloses 2 flaws in Rockwell Automation PanelView PlusppHackers compromised Ethereum mailing list and launched a crypto draining attackppOVHcloud mitigated a recordbreaking DDoS attack in April 2024ppHealthcare fintech firm HealthEquity disclosed a data breachppBrazil data protection authority bans Meta from training AI models with data originating in the countryppSplunk fixed tens of flaws in Splunk Enterprise and Cloud PlatformppOperation Morpheus took down 593 Cobalt Strike servers used by threat actorsppLockBit group claims the hack of the Fairfield Memorial Hospital in the USppAmerican Patelco Credit Union suffered a ransomware attackppPolish government investigates Russialinked cyberattack on state news agencyppEvolve Bank data breach impacted fintech firms Wise and AffirmppPrudential Financial data breach impacted over 25 million individualsppAustralian man charged for Evil Twin WiFi attacks on domestic flightsppChinalinked APT exploited Cisco NXOS zeroday to deploy custom malwareppCritical unauthenticated remote code execution flaw in OpenSSH serverppMonti gang claims the hack of the Wayne Memorial Hospital in PennsylvaniappThreat actors actively exploit DLink DIR859 router flaw CVE20240769ppRussialinked Midnight Blizzard stole email of more Microsoft customersppRussialinked group APT29 likely breached TeamViewers corporate networkppSecurity Affairs newsletter Round 478 by Pierluigi Paganini INTERNATIONAL EDITIONppInfosys McCamish Systems data breach impacted over 6 million peopleppA cyberattack shut down the University Hospital Centre Zagreb in CroatiappUS announces a 10M reward for Russias GRU hacker behind attacks on UkraineppLockBit group falsely claimed the hack of the Federal ReserveppCISA adds GeoSolutionsGroup JAIEXT Linux Kernel and Roundcube Webmail bugs to its Known Exploited Vulnerabilities catalogppNew P2Pinfect version delivers miners and ransomware on Redis serversppNew MOVEit Transfer critical bug is actively exploitedppNew Caesar Cipher Skimmer targets popular CMS used by estoresppMirailike botnet is exploiting recently disclosed Zyxel NAS flawppWikileaks founder Julian Assange is freeppCISA confirmed that its CSAT environment was breached in JanuaryppThreat actors compromised 1590 CoinStats crypto walletsppExperts observed approximately 120 malicious campaigns using the Rafel RATppLockBit claims the hack of the US Federal ReserveppRansomware threat landscape JanApr 2024 insights and challengesppExCobalt Cybercrime group targets Russian organizations in multiple sectorsppThreat actor attempts to sell 30 million customer records allegedly stolen from TEGppSecurity Affairs newsletter Round 477 by Pierluigi Paganini INTERNATIONAL EDITIONppThreat actors are actively exploiting SolarWinds ServU bug CVE202428995ppUS government sanctions twelve Kaspersky Lab executivesppExperts found a bug in the Linux version of RansomHub ransomwareppUEFICANHAZBUFFEROVERFLOW flaw in Phoenix SecureCore UEFI firmware potentially impacts hundreds of PC and server modelsppRussialinked APT Nobelium targets French diplomatic entitiesppUS bans sale of Kaspersky products due to risks to national securityppAtlassian fixed six highseverity bugs in Confluence Data Center and ServerppChinalinked spies target Asian Telcos since at least 2021ppNew Rust infostealer Fickle Stealer spreads through various attack methodsppAn unpatched bug allows anyone to impersonate Microsoft corporate email accountsppSmishing Triad Is Targeting Pakistan To Defraud Banking Customers At ScaleppAlleged researchers stole 3 million from Kraken exchangeppGoogle Chrome 126 update addresses multiple highseverity flawsppChip maker giant AMD investigates a data breachppCryptojacking campaign targets exposed Docker APIsppVMware fixed RCE and privilege escalation bugs in vCenter ServerppMeta delays training its AI using public content shared by EU users ppKeytronic confirms data breach after ransomware attackppThe Financial Dynamics Behind Ransomware AttacksppEmpire Market owners charged with operating 430M dark web marketplaceppChinalinked Velvet Ant uses F5 BIGIP malware in cyber espionage campaignppLA Countys Department of Public Health DPH data breach impacted over 200000 individualsppSpanish police arrested an alleged member of the Scattered Spider groupppOnline job offers the reshipping and money mule scamsppSecurity Affairs newsletter Round 476 by Pierluigi Paganini INTERNATIONAL EDITIONppASUS fixed critical remote authentication bypass bug in several routersppLondon hospitals canceled over 800 operations in the week after Synnovis ransomware attackppDORA Compliance Strategy for Business LeadersppCISA adds Android Pixel Microsoft Windows Progress Telerik Report Server bugs to its Known Exploited Vulnerabilities catalogppCity of Cleveland still working to fully restore systems impacted by a cyber attackppGoogle fixed an actively exploited zeroday in the Pixel FirmwareppMultiple flaws in Fortinet FortiOS fixedppCISA adds Arm Mali GPU Kernel Driver PHP bugs to its Known Exploited Vulnerabilities catalogppUkraine Police arrested a hacker who developed a crypter used by Conti and LockBit ransomware operationppJetBrains fixed IntelliJ IDE flaw exposing GitHub access tokensppMicrosoft Patch Tuesday security updates for June 2024 fixed only one critical issueppCylance confirms the legitimacy of data offered for sale in the dark webppArm zeroday in Mali GPU Drivers actively exploited in the wildppExpert released PoC exploit code for Veeam Backup Enterprise Manager flaw CVE202429849 Patch it nowppJapanese videosharing platform Niconico was victim of a cyber attackppUK NHS call for Otype blood donations following ransomware attack on London hospitalsppChristies data breach impacted 45798 individualsppSticky Werewolf targets the aviation industry in Russia and BelarusppFrontier Communications data breach impacted over 750000 individualsppPHP addressed critical RCE flaw potentially impacting millions of serversppSecurity Affairs newsletter Round 475 by Pierluigi Paganini INTERNATIONAL EDITIONppSolarWinds fixed multiple flaws in ServU and SolarWinds PlatformppPandabuy was extorted twice by the same threat actorppUAC0020 threat actor used the SPECTR Malware to target Ukraines defense forcesppA new Linux version of TargetCompany ransomware targets VMware ESXi environmentsppFBI obtained 7000 LockBit decryption keys victims should contact the feds to get supportppRansomHub operation is a rebranded version of the Knight RaaSppMalware can steal data collected by the Windows Recall tool experts warnppCisco addressed Webex flaws used to compromise German government meetingsppCNN Paris Hilton and Sony TikTok accounts hacked via DMsppZyxel addressed three RCEs in endoflife NAS devicesppA ransomware attack on Synnovis impacted several London hospitalsppRansomHub gang claims the hack of the telecommunications giant Frontier CommunicationsppCybercriminals attack banking customers in EU with V3B phishing kit PhotoTAN and SmartID supportedppExperts released PoC exploit code for a critical bug in Progress Telerik Report ServersppMultiple flaws in Cox modems could have impacted millions of devicesppCISA adds Oracle WebLogic Server flaw to its Known Exploited Vulnerabilities catalogppSpanish police shut down illegal TV streaming networkppAPT28 targets key networks in Europe with HeadLace malwareppExperts found information of European politicians on the dark webppFlyingYeti targets Ukraine using WinRAR exploit to deliver COOKBOX MalwareppSecurity Affairs newsletter Round 474 by Pierluigi Paganini INTERNATIONAL EDITIONppTicketmaster confirms data breach impacting 560 million customersppCritical Apache Log4j2 flaw still threatens global financeppCrooks stole more than 300M worth of Bitcoin from the exchange DMM BitcoinppShinyHunters is selling data of 30 million Santander customersppOver 600000 SOHO routers were destroyed by Chalubo malware in 72 hours ppLilacSquid APT targeted organizations in the US Europe and Asia since at least 2021ppBBC disclosed a data breach impacting its Pension Scheme membersppCISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalogppExperts found a macOS version of the sophisticated LightSpy spywareppOperation Endgame the largest law enforcement operation ever against botnetsppLaw enforcement operation dismantled 911 S5 botnetppOkta warns of credential stuffing attacks targeting its CrossOrigin Authentication featureppCheck Point released hotfix for actively exploited VPN zerodayppABN Amro discloses data breach following an attack on a thirdparty providerppChristie disclosed a data breach after a RansomHub attackppExperts released PoC exploit code for RCE in Fortinet SIEMppWordPress Plugin abused to install eskimmers in ecommerce sitesppTPLink Archer C5400X gaming router is affected by a critical flawppSavRx data breach impacted over 28 million individualsppThe Impact of Remote Work and Cloud Migrations on Security PerimetersppNew ATM Malware family emerged in the threat landscapeppA highseverity vulnerability affects Cisco Firepower Management CenterppCERTUA warns of malware campaign conducted by threat actor UAC0006ppSecurity Affairs newsletter Round 473 by Pierluigi Paganini INTERNATIONAL EDITIONppMalwarelaced JAVS Viewer deploys RustDoor implant in supply chain attackppFake AV websites used to distribute infostealer malwareppMITRE December 2023 attack Threat actors created rogue VMs to evade detectionppAn XSS flaw in GitLab allows attackers to take over accountsppGoogle fixes eighth actively exploited Chrome zeroday this year the third in a monthppCISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalogppUsage of TLS in DDNS Services leads to Information Disclosure in Multiple VendorsppRecall feature in Microsoft Copilot PCs raises privacy and security concernsppAPT41 The threat of KeyPlug against Italian industriesppCritical SQL Injection flaws impact Ivanti Endpoint Manager EPMppChinese actor Unfading Sea Haze remained undetected for five yearsppA consumergrade spyware app found in checkin systems of 3 US hotelsppCritical Veeam Backup Enterprise Manager authentication bypass bugppCybercriminals are targeting elections in India with influence campaignsppCritical GitHub Enterprise Server Authentication Bypass bug Fix it nowppOmniVision disclosed a data breach after the 2023 Cactus ransomware attackppCISA adds NextGen Healthcare Mirth Connect flaw to its Known Exploited Vulnerabilities catalog ppBlackbasta group claims to have hacked Atlas one of the largest US oil distributorsppExperts warn of a flaw in Fluent Bit utility that is used by major cloud platforms and firmsppExperts released PoC exploit code for RCE in QNAP QTSppGitCaught campaign relies on Github and Filezilla to deliver multiple malwareppTwo students uncovered a flaw that allows to use laundry machines for freeppGrandoreiro Banking Trojan is back and targets banks worldwideppHealthcare firm WebTPA data breach impacted 25 million individualsppSecurity Affairs newsletter Round 472 by Pierluigi Paganini INTERNATIONAL EDITIONppNorth Korealinked Kimsuky used a new Linux backdoor in recent attacksppNorth Korealinked IT workers infiltrated hundreds of US firmsppTurla APT used two new backdoors to infiltrate a European ministry of foreign affairsppCity of Wichita disclosed a data breach after the recent ransomware attackppCISA adds DLink DIR router flaws to its Known Exploited Vulnerabilities catalogppCISA adds Google Chrome zerodays to its Known Exploited Vulnerabilities catalogppNorth Korealinked Kimsuky APT attack targets victims via MessengerppElectronic prescription provider MediSecure impacted by a ransomware attackppGoogle fixes seventh actively exploited Chrome zeroday this year the third in a weekppSantander a data breach at a thirdparty provider impacted customers and employeesppFBI seized the notorious BreachForums hacking forumppA Tornado Cash developer has been sentenced to 64 months in prisonppAdobe fixed multiple critical flaws in Acrobat and ReaderppRansomware attack on Singing River Health System impacted 895000 peopleppMicrosoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zerodaysppVMware fixed zeroday flaws demonstrated at Pwn2Own Vancouver 2024ppMITRE released EMB3D Threat Model for embedded devicesppGoogle fixes sixth actively exploited Chrome zeroday this yearppPhorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomwareppThreat actors may have exploited a zeroday in older iPhones Apple warnsppCity of Helsinki suffered a data breachppRussian hackers defaced local British news sitesppAustralian Firstmac Limited disclosed a data breach after cyber attackppProRussia hackers targeted Kosovos government websitesppSecurity Affairs newsletter Round 471 by Pierluigi Paganini INTERNATIONAL EDITIONppAs of May 2024 Black Basta ransomware affiliates hacked over 500 organizations worldwideppOhio Lottery data breach impacted over 538000 individualsppNotorius threat actor IntelBroker claims the hack of the EuropolppA cyberattack hit the US healthcare giant AscensionppGoogle fixes fifth actively exploited Chrome zeroday this yearppRussialinked APT28 targets government Polish institutionsppCitrix warns customers to update PuTTY version installed on their XenCenter system manuallyppDell discloses data breach impacting millions of customersppMirai botnet also spreads through the exploitation of Ivanti Connect Secure bugsppZscaler is investigating data breach claimsppExperts warn of two BIGIP Next Central Manager flaws that allow device takeoverppLockBit gang claimed responsibility for the attack on City of WichitappNew TunnelVision technique can bypass the VPN encapsulationppLiteSpeed Cache WordPress plugin actively exploited in the wildppMost Tinyproxy Instances are potentially vulnerable to flaw CVE202349606ppUK Ministry of Defense disclosed a thirdparty data breach exposing military personnel data ppLaw enforcement agencies identified LockBit ransomware admin and sanctioned himppMITRE attributes the recent attack to Chinalinked UNC5221ppAlexander Vinnik the operator of BTCe exchange pleaded guilty to money launderingppCity of Wichita hit by a ransomware attackppEl Salvador suffered a massive leak of biometric datappFinland authorities warn of Android malware campaign targeting bank usersppNATO and the EU formally condemned Russialinked APT28 cyber espionageppSecurity Affairs newsletter Round 470 by Pierluigi Paganini INTERNATIONAL EDITIONppBlackbasta gang claimed responsibility for Synlab Italia attackppLockBit published data stolen from Simone Veil hospital in CannesppRussialinked APT28 and crooks are still using the Moobot botnetppDirty stream attack poses billions of Android installs at riskppZLoader Malware adds Zeuss antianalysis featureppUkrainian REvil gang member sentenced to 13 years in prisonppHPE Aruba Networking addressed four critical ArubaOS RCE flawsppThreat actors hacked the Dropbox Sign production environmentppCISA adds GitLab flaw to its Known Exploited Vulnerabilities catalogppPanda Restaurant Group disclosed a data breachppExNSA employee sentenced to 262 months in prison for attempting to transfer classified documents to RussiappCuttlefish malware targets enterprisegrade SOHO routersppA flaw in the R programming language could allow code executionppMuddling Meerkat a mysterious DNS Operation involving Chinas Great FirewallppNotorious Finnish Hacker sentenced to more than six years in prisonppCISA guidelines to protect critical infrastructure against AIbased threatsppNCSC New UK law bans default passwords on smart devices ppThe FCC imposes 200 million in fines on four US carriers for unlawfully sharing user location datappGoogle prevented 228 million policyviolating apps from being published on Google Play in 2023ppFinancial Business and Consumer Solutions FBCS data breach impacted 2M individualsppCyberPartisans hacktivists claim to have breached Belarus KGBppThe Los Angeles County Department of Health Services disclosed a data breachppMultiple Brocade SANnav SAN Management SW flaws allow device compromiseppICICI Bank exposed credit card data of 17000 customersppOkta warns of unprecedented scale in credential stuffing attacks on online servicesppSecurity Affairs newsletter Round 469 by Pierluigi Paganini INTERNATIONAL EDITIONppTargeted operation against Ukraine exploited 7yearold MS Office bugppHackers may have accessed thousands of accounts on the California state welfare platformppBrokewell Android malware supports an extensive set of Device Takeover capabilitiesppExperts warn of an ongoing malware campaign targeting WPAutomatic pluginppCryptocurrencies and cybercrime A critical interminglingppKaiser Permanente data breach may have impacted 134 million patientsppOver 1400 CrushFTP internetfacing servers vulnerable to CVE20244040 bugppSwedens liquor supply severely impacted by ransomware attack on logistics companyppCISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalogppCISA adds Microsoft Windows Print Spooler flaw to its Known Exploited Vulnerabilities catalogppDOJ arrested the founders of crypto mixer Samourai for facilitating 2 Billion in illegal transactionsppGoogle fixed critical Chrome vulnerability CVE20244058ppNationstate actors exploited two zerodays in ASA and FTD firewalls to breach government networksppHackers hijacked the eScan Antivirus update mechanism in malware campaignppUS offers a 10 million reward for information on four Iranian nationalsppThe street lights in Leicester City cannot be turned off due to a cyber attackppNorth Korealinked APT groups target South Korean defense contractorsppUS Gov imposed Visa restrictions on 13 individuals linked to commercial spyware activityppA cyber attack paralyzed operations at Synlab ItaliappRussialinked APT28 used postcompromise tool GooseEgg to exploit CVE202238028 Windows flawppHackers threaten to leak a copy of the WorldCheck database used to assess potential risks associated with entitiesppA flaw in the Forminator plugin impacts hundreds of thousands of WordPress sitesppAkira ransomware received 42M in ransom payments from over 250 victimsppDuneQuixote campaign targets the Middle East with a complex backdoorppSecurity Affairs newsletter Round 468 by Pierluigi Paganini INTERNATIONAL EDITIONppCritical CrushFTP zeroday exploited in attacks in the wildppA French hospital was forced to reschedule procedures after cyberattackppMITRE revealed that nationstate actors breached its systems via Ivanti zerodaysppFBI chief says China is preparing to attack US critical infrastructureppUnited Nations Development Programme UNDP investigates data breachppFIN7 targeted a large US carmaker with phishing attacksppLaw enforcement operation dismantled phishingasaservice platform LabHostppPreviously unknown Kapeka backdoor linked to Russian Sandworm APTppCisco warns of a command injection escalation flaw in its IMC PoC publicly availableppLinux variant of Cerber ransomware targets Atlassian serversppIvanti fixed two critical flaws in its Avalanche MDMppResearchers released exploit code for actively exploited Palo Alto PANOS bugppCisco warns of largescale bruteforce attacks against VPN and SSH servicesppPuTTY SSH Client flaw allows of private keys recoveryppA renewed espionage campaign targets South Asia with iOS spyware LightSpyppMisinformation and hacktivist campaigns targeting the Philippines skyrocketppRussia is trying to sabotage European railways Czech minister saidppRansomware group Dark Angels claims the theft of 1TB of data from chipmaker Nexperia ppCisco Duo warns telephony supplier data breach exposed MFA SMS logsppUkrainian Blackjack group used ICS malware Fuxnet against Russian targetsppCISA adds Palo Alto Networks PANOS Command Injection flaw to its Known Exploited Vulnerabilities catalogppThreat actors exploited Palo Alto PanOS issue to deploy a Python BackdoorppUS and Australian police arrested Firebird RAT author and operator ppCanadian retail chain Giant Tiger data breach may have impacted millions of customersppSecurity Affairs newsletter Round 467 by Pierluigi Paganini INTERNATIONAL EDITIONppCrooks manipulate GitHubs search results to distribute malwareppBatBadBut flaw allowed an attacker to perform command injection on WindowsppRoku disclosed a new security breach impacting 576000 accountsppLastPass employee targeted via an audio deepfake callppTA547 targets German organizations with Rhadamanthys malwareppCISA adds DLink multiple NAS devices bugs to its Known Exploited Vulnerabilities catalogppUS CISA published an alert on the Sisense data breachppPalo Alto Networks fixed multiple DoS bugs in its firewallsppApple warns of mercenary spyware attacks on iPhone users in 92 countriesppMicrosoft fixed two zeroday bugs exploited in malware attacksppGroup Health Cooperative data breach impacted 530000 individuals ppATT states that the data breach impacted 51 million former and current customersppFortinet fixed a critical remote code execution bug in FortiClientLinuxppMicrosoft Patches Tuesday security updates for April 2024 fixed hundreds of issuesppCybersecurity in the Evolving Threat LandscapeppOver 91000 LG smart TVs running webOS are vulnerable to hackingppScrubCrypt used to drop VenomRAT along with many malicious pluginsppGoogle announces V8 Sandbox to protect Chrome usersppChina is using generative AI to carry out influence operationsppGreylock McKinnon Associates data breach exposed DOJ data of 341650 peopleppCrowdfense is offering a larger 30M USD exploit acquisition programppUS Department of Health warns of attacks against IT help desksppSecurity Affairs newsletter Round 466 by Pierluigi Paganini INTERNATIONAL EDITIONppOver 92000 Internetfacing DLink NAS devices can be easily hackedppMore than 16000 Ivanti VPN gateways still vulnerable to RCE CVE202421894ppCisco warns of XSS flaw in endoflife small business routersppMagento flaw exploited to deploy persistent backdoor hidden in XMLppCyberattack disrupted services at Omni Hotels ResortsppHTTP2 CONTINUATION Flood technique can be exploited in DoS attacksppUS cancer center City of Hope data breach impacted 827149 individualsppIvanti fixed for 4 new issues in Connect Secure and Policy SecureppJackson County Missouri discloses a ransomware attackppGoogle addressed another Chrome zeroday exploited at Pwn2Own in MarchppThe New Version of JsOutProx is Attacking Financial Institutions in APAC and MENA via Gitlab AbuseppGoogle fixed two actively exploited Pixel vulnerabilitiesppHighly sensitive files mysteriously disappeared from EUROPOL headquartersppXSS flaw in WordPress WPMembers Plugin can lead to script injectionppBinarly released the free online scanner to detect the CVE20243094 BackdoorppGoogle agreed to erase billions of browser records to settle a class action lawsuitppPandaBuy data breach allegedly impacted over 13 million customersppOWASP discloses a data breachppNew Vultur malware version includes enhanced remote control and evasion capabilitiesppPentagon established the Office of the Assistant Secretary of Defense for Cyber PolicyppInfo stealer attacks target macOS usersppSecurity Affairs newsletter Round 465 by Pierluigi Paganini INTERNATIONAL EDITIONppDinodasRAT Linux variant targets users worldwideppATT confirmed that a data breach impacted 73 million customersppExpert found a backdoor in XZ tools used many Linux distributionsppGerman BSI warns of 17000 unpatched Microsoft Exchange serversppCisco warns of passwordspraying attacks targeting Secure Firewall devicesppAmerican fastfashion firm Hot Topic hit by credential stuffing attacksppCisco addressed highseverity flaws in IOS and IOS XE softwareppGoogle China dominates government exploitation of zeroday vulnerabilities in 2023ppGoogle addressed 2 Chrome zerodays demonstrated at Pwn2Own 2024ppCISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalogppThe DDR Advantage RealTime Data DefenseppFinnish police linked APT31 to the 2021 parliament attackppTheMoon bot infected 40000 devices in January and FebruaryppUK New Zealand against Chinalinked cyber operationsppUS Treasury Dep announced sanctions against members of Chinalinked APT31ppCISA adds FortiClient EMS Ivanti EPM CSA Nice Linear eMerge E3Series bugs to its Known Exploited Vulnerabilities catalogppIranLinked APT TA450 embeds malicious links in PDF attachmentsppStrelaStealer targeted over 100 organizations across the EU and USppGoFetch sidechannel attack against Apple systems allows secret keys extractionppSecurity Affairs newsletter Round 464 by Pierluigi Paganini INTERNATIONAL EDITIONppCybercriminals Accelerate Online Scams During Ramadan and Eid FitrppRussialinked APT29 targeted German political parties with WINELOADER backdoorppMozilla fixed Firefox zerodays exploited at Pwn2Own Vancouver 2024ppLargescale Sign1 malware campaign already infected 39000 WordPress sitesppGerman police seized the darknet marketplace Nemesis MarketppUnsaflok flaws allow to open millions of doors using Dormakaba Saflok electronic locksppPwn2Own Vancouver 2024 participants earned 1132500 for 29 unique 0daysppCritical Fortinets FortiClient EMS flaw actively exploited in the wildppPwn2Own Vancouver 2024 Day 1 team Synacktiv hacked a TeslappNew Loop DoS attack may target 300000 vulnerable hostsppCritical flaw in Atlassian Bamboo Data Center and Server must be fixed immediatelyppThreat actors actively exploit JetBrains TeamCity flaws to deliver malwareppBunnyLoader 30 surfaces in the threat landscapeppPokemon Company resets some users passwordsppUkraine cyber police arrested crooks selling 100 million compromised accountsppNew AcidPour wiper targets Linux x86 devices Is it a Russias weaponppPlayers hacked during the matches of Apex Legends Global Series Tournament suspendedppEarth Krahang APT breached tens of government organizations worldwideppPoC exploit for critical RCE flaw in Fortra FileCatalyst transfer tool releasedppFujitsu suffered a malware attack and probably a data breachppRemove WordPress miniOrange plugins a critical flaw can allow site takeoverppThe Aviation and Aerospace Sectors Face Skyrocketing Cyber ThreatsppEmail accounts of the International Monetary Fund compromisedppThreat actors leaked 70000000 records allegedly stolen from ATTppgitgub malware campaign targets Github users with RisePro infostealerppSecurity Affairs newsletter Round 463 by Pierluigi Paganini INTERNATIONAL EDITIONppFrance Travail data breach impacted 43 Million peopleppScranton School District in Pennsylvania suffered a ransomware attackppLazarus APT group returned to Tornado Cash to launder stolen fundsppMoldovan citizen sentenced in connection with the ERoot cybercrime marketplace caseppUK Defence Secretary jet hit by an electronic warfare attack in PolandppCisco fixed highseverity elevation of privilege and DoS bugsppRecent DarkGate campaign exploited Microsoft Windows zerodayppNissan Oceania data breach impacted roughly 100000 peopleppResearchers found multiple flaws in ChatGPT pluginsppFortinet fixes critical bugs in FortiOS FortiProxy and FortiClientEMSppAcer Philippines disclosed a data breach after a thirdparty vendor hackppStanford University announced that 27000 individuals were impacted in the 2023 ransomware attackppMicrosoft Patch Tuesday security updates for March 2024 fixed 59 flawsppRussias Foreign Intelligence Service SVR alleges US is plotting to interfere in presidential electionppFirstever South Korean national detained for espionage in RussiappInsurance scams via QR codes how to recognise and defend yourselfppMassive cyberattacks hit French government agenciesppBianLian group exploits JetBrains TeamCity bugs in ransomware attacksppExperts released PoC exploit for critical Progress Software OpenEdge bugppMagnet Goblin group used a new Linux variant of NerbianRAT malwareppHackers exploited WordPress Popup Builder plugin flaw to compromise 3300 sitesppLithuania security services warn of Chinas espionage against the countryppSecurity Affairs newsletter Round 462 by Pierluigi Paganini INTERNATIONAL EDITIONppThreat actors breached two crucial systems of the US CISAppCISA adds JetBrains TeamCity bug to its Known Exploited Vulnerabilities catalogppCritical Fortinet FortiOS bug CVE202421762 potentially impacts 150000 internetfacing devicesppQNAP fixed three flaws in its NAS devices including an authentication bypassppRussialinked Midnight Blizzard breached Microsoft systems againppCisco addressed severe flaws in its Secure ClientppPlay ransomware attack on Xplain exposed 65000 files containing data relevant to the Swiss Federal Administrationpp2023 FBI Internet Crime Report reported cybercrime losses reached 125 billion in 2023ppNational intelligence agency of Moldova warns of Russia attacks ahead of the presidential electionppCISA adds Apple iOS and iPadOS memory corruption bugs to its Known Exploited Vulnerabilities CatalogppLinux Malware targets misconfigured misconfigured Apache Hadoop Confluence Docker and Redis serversppCISA ADDS ANDROID PIXEL AND SUNHILLO SURELINE BUGS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOGppWatch out GhostSec and Stourmous groups jointly conducting ransomware attacksppLockBit 30s Bungled Comeback Highlights the Undying Risk of TorrentBased P2P Data LeakageppApple emergency security updates fix two new iOS zerodaysppVMware urgent updates addressed Critical ESXi Sandbox Escape bugsppUS Gov sanctioned Intellexa Consortium individuals and entities behind Predator spyware attacksppCISA ADDS MICROSOFT WINDOWS KERNEL BUG USED BY LAZARUS APT TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOGppExperts disclosed two severe flaws in JetBrains TeamCity OnPremises softwareppUkraines GUR hacked the Russian Ministry of DefenseppSome American Express customers data exposed in a thirdparty data breachppMETA hit with privacy complaints by EU consumer groupsppNew GTPDOOR backdoor is designed to target telecom carrier networksppThreat actors hacked Taiwanbased Chunghwa TelecomppNew Linux variant of BIFROSE RAT uses deceptive domain strategiesppEken camera doorbells allow illintentioned individuals to spy on youppSecurity Affairs newsletter Round 461 by Pierluigi Paganini INTERNATIONAL EDITIONppUS Judge ordered NSO Group to hand over the Pegasus spyware code to WhatsAppppUS authorities charged an Iranian national for longrunning hacking campaignppUS cyber and law enforcement agencies warn of Phobos ransomware attacksppPolice seized Crimemarket the largest Germanspeaking cybercrime marketplaceppFive Eyes alliance warns of attacks exploiting known Ivanti Gateway flawsppCrooks stole 15 Million from European retail company PepcoppCISA adds Microsoft Streaming Service bug to its Known Exploited Vulnerabilities catalogppResearchers found a zeroclick Facebook account takeoverppNew SPIKEDWINE APT group is targeting officials in EuropeppIs the LockBit gang resuming its operationppLazarus APT exploited zeroday in Windows driver to gain kernel privilegesppPharmaceutical giant Cencora discloses a data breachppUnmasking 2024s Email Security LandscapeppFBI CISA HHS warn of targeted ALPHVBlackcat ransomware attacks against the healthcare sectorppRussialinked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operationsppBlack Basta and Bl00dy ransomware gangs exploit recent ConnectWise ScreenConnect bugsppXSS flaw in LiteSpeed Cache plugin exposes millions of WordPress sites at riskppSecurity Affairs newsletter Round 460 by Pierluigi Paganini INTERNATIONAL EDITIONppUS GOV OFFERS A REWARD OF UP TO 15M FOR INFO ON LOCKBIT GANG MEMBERS AND AFFILIATESppNew Redis miner Migo uses novel system weakening techniquesppCritical flaw found in deprecated VMware EAP Uninstall it immediatelyppMicrosoft Exchange flaw CVE202421410 could impact up to 97000 serversppConnectWise fixed critical flaws in ScreenConnect remote access toolppMore details about Operation Cronos that disrupted Lockbit operationppCactus ransomware gang claims the theft of 15TB of data from Energy management and industrial automation firm Schneider ElectricppOperation Cronos law enforcement disrupted the LockBit operationppA Ukrainian Raccoon Infostealer operator is awaiting trial in the USppRussialinked APT TAG70 targets European government and military mail servers exploiting Roundcube XSSppHow BRICS Got Rug Pulled Cryptocurrency Counterfeiting is on the RiseppSolarWinds addressed critical RCEs in Access Rights Manager ARMppESET fixed highseverity local privilege escalation bug in Windows productsppSecurity Affairs newsletter Round 459 by Pierluigi Paganini INTERNATIONAL EDITIONppUkrainian national faces up to 20 years in prison for his role in Zeus IcedID malware schemesppCISA Cisco ASAFTD bug CVE20203259 exploited in ransomware attacksppCISA adds Microsoft Exchange and Cisco ASA and FTD bugs to its Known Exploited Vulnerabilities catalogppUS gov offers a reward of up to 10M for info on ALPHVBlackcat gang leadersppUS CISA hackers breached a state government organizationppRussialinked Turla APT uses new TinyTurlaNG backdoor to spy on Polish NGOsppUS Gov dismantled the Moobot botnet controlled by Russialinked APT28ppA cyberattack halted operations at Varta production plantsppNorth Korealinked actors breached the emails of a Presidential Office memberppCISA adds Microsoft Windows bugs to its Known Exploited Vulnerabilities catalogppNationstate actors are using AI services and LLMs for cyberattacksppAbusing the Ubuntu commandnotfound utility to install malicious packagesppZoom fixed critical flaw CVE202424691 in Windows softwareppAdobe Patch Tuesday fixed critical vulnerabilities in Magento Acrobat and ReaderppMicrosoft Patch Tuesday for February 2024 fixed 2 actively exploited 0daysppA ransomware attack took 100 Romanian hospitals downppBank of America customer data compromised after a thirdparty services provider data breachppRansomfeed Third Quarter Report 2023 is outppGlobal Malicious Activity Targeting Elections is SkyrocketingppResearchers released a free decryption tool for the Rhysida RansomwareppResidential Proxies vs Datacenter Proxies Choosing the Right OptionppCISA adds Roundcube Webmail Persistent XSS bug to its Known Exploited Vulnerabilities catalogppCanada Gov plans to ban the Flipper Zero to curb car theftspp9 Possible Ways Hackers Can Use Public WiFi to Steal Your Sensitive DatappUS Feds arrested two men involved in the Warzone RAT operationppRaspberry Robin spotted using two new 1day LPE exploitsppSecurity Affairs newsletter Round 458 by Pierluigi Paganini INTERNATIONAL EDITIONppCISA adds Fortinet FortiOS bug to its Known Exploited Vulnerabilities catalogppmacOS Backdoor RustDoor likely linked to AlphvBlackCat ransomware operationsppExploiting a vulnerable Minifilter Driver to create a process killerppBlack Basta ransomware gang hacked Hyundai Motor EuropeppFortinet warns of a new actively exploited RCE flaw in FortiOS SSL VPNppIvanti warns of a new auth bypass flaw in its Connect Secure Policy Secure and ZTA gateway devicespp26 Cyber Security Stats Every User Should Be Aware Of in 2024ppUS offers 10 million reward for info on Hive ransomware group leadersppUnraveling the truth behind the DDoS attack from electric toothbrushesppChinalinked APT Volt Typhoon remained undetected for years in US infrastructureppCisco fixes critical Expressway Series CSRF vulnerabilitiesppCISA adds Google Chromium V8 Type Confusion bug to its Known Exploited Vulnerabilities catalogppFortinet addressed two critical FortiSIEM vulnerabilitiesppExperts warn of a critical bug in JetBrains TeamCity OnPremisesppCritical shim bug impacts every Linux boot loader signed in the past decadeppChinalinked APT deployed malware in a network of the Dutch Ministry of DefenceppCommercial spyware vendors are behind most zeroday exploits discovered by Google TAGppGoogle fixed an Android critical remote code execution flawppA man faces up to 25 years in prison for his role in operating unlicensed crypto exchange BTCeppUS Gov imposes visa restrictions on individuals misusing Commercial SpywareppHPE is investigating claims of a new security breachppExperts warn of a surge of attacks targeting Ivanti SSRF flaw ppHow to hack the Airbus NAVBLUE Flysmart ManagerppCrooks stole 255 million from a multinational firm using a deepfake video callppSoftware firm AnyDesk disclosed a security breachppThe Mother of all Breaches Navigating the Aftermath and Fortifying Your Data with DSPMppUS government imposed sanctions on six Iranian intel officialsppA cyberattack impacted operations at Lurie Childrens HospitalppAnyDesk Incident Customer Credentials Leaked and Published for Sale on the Dark WebppSecurity Affairs newsletter Round 457 by Pierluigi Paganini INTERNATIONAL EDITIONppClorox estimates the costs of the August cyberattack will exceed 49 MillionppMastodon fixed a flaw that can allow the takeover of any accountppIranian hackers breached Albanias Institute of Statistics INSTATppOperation Synergia led to the arrest of 31 individualsppEx CIA employee Joshua Adam Schulte sentenced to 40 years in prisonppCloudflare breached on Thanksgiving Day but the attack was promptly containedppPurpleFox malware infected at least 2000 computers in UkraineppMan sentenced to six years in prison for stealing millions in cryptocurrency via SIM swappingppCISA orders federal agencies to disconnect Ivanti VPN instances by February 2ppMultiple malware used in attacks exploiting Ivanti VPN flawsppPolice seized 50000 Bitcoin from operator of the nowdefunct piracy site movie2kppCrooks stole around 112 million worth of XRP from Ripples cofounderppCISA adds Apple improper authentication bug to its Known Exploited Vulnerabilities catalogppIvanti warns of a new actively exploited zerodayppThreat actors exploit Ivanti VPN bugs to deploy KrustyLoader MalwareppData leak at fintech giant Direct Trading TechnologiesppRoot access vulnerability in GNU Library C glibc impacts many Linux distrosppItalian data protection authority said that ChatGPT violated EU privacy lawspp750 million Indian mobile subscribers data offered for sale on dark webppJuniper Networks released outofband updates to fix highseverity flawsppHundreds of network operators credentials found circulating in Dark WebppCactus ransomware gang claims the Schneider Electric hackppMercedesBenz accidentally exposed sensitive data including source codeppExperts detailed Microsoft Outlook flaw that can leak NTLM v2 hashed passwordsppNSA buys internet browsing records from data brokers without a warrantppUkraines SBU arrested a member of ProRussia hackers group Cyber Army of RussiappMultiple PoC exploits released for Jenkins flaw CVE202423897ppMedusa ransomware attack hit Kansas City Area Transportation AuthorityppSecurity Affairs newsletter Round 456 by Pierluigi Paganini INTERNATIONAL EDITIONppProUkraine hackers wiped 2 petabytes of data from Russian research centerppParticipants earned more than 13M at the Pwn2Own Automotive competitionppA TrickBot malware developer sentenced to 64 months in prisonppRussian Midnight Blizzard APT is targeting orgs worldwide Microsoft warnsppWatch out experts warn of a critical flaw in JenkinsppPwn2Own Automotive 2024 Day 2 Tesla hacked againppYearly Intel Trend Review The 2023 RedSense reportppCisco warns of a critical bug in Unified Communications products patch it nowppRussialinked APT group Midnight Blizzard hacked Hewlett Packard Enterprise HPEppCISA adds Atlassian Confluence Data Center bug to its Known Exploited Vulnerabilities catalogpp5379 GitLab servers vulnerable to zeroclick account takeover attacksppExperts released PoC exploit for Fortra GoAnywhere MFT flaw CVE20240204ppSplunk fixed highseverity flaw impacting Windows versionsppWatch out a new critical flaw affects Fortra GoAnywhere MFTppAustralian government announced sanctions for Medibank hackerppLoanDepot data breach impacted roughly 166 individualsppBlack Basta gang claims the hack of the UK water utility Southern WaterppCISA adds VMware vCenter Server bug to its Known Exploited Vulnerabilities catalogppMother of all breaches a historic data leak reveals 26 billion records check whats exposedppApple fixed actively exploited zeroday CVE202423222ppMy Slice an Italian adaptive phishing campaignppThreat actors exploit Apache ActiveMQ flaw to deliver the Godzilla Web ShellppCybercriminals leaked massive volumes of stolen PII data from Thailand in Dark WebppBackdoored pirated applications targets Apple macOS usersppLockBit ransomware gang claims the attack on the sandwich chain SubwayppSecurity Affairs newsletter Round 455 by Pierluigi Paganini INTERNATIONAL EDITIONppAdmin of the BreachForums hacking forum sentenced to 20 years supervised releaseppVF Corp December data breach impacts 35 million customersppChinalinked APT UNC3886 exploits VMware zeroday since 2021ppRansomware attacks break records in 2023 the number of victims rose by 128ppUS CISA warns of actively exploited Ivanti EPMM flaw CVE202335082ppThe Quantum Computing Cryptopocalypse Ill Know It When I See ItppKansas State University suffered a serious cybersecurity incidentppCISA adds Chrome and Citrix NetScaler to its Known Exploited Vulnerabilities catalogppGoogle TAG warns that Russian COLDRIVER APT is using a custom backdoorppPixieFail Nine flaws in UEFI opensource reference implementation could have severe impactsppiShutdown lightweight method allows to discover spyware infections on iPhonesppProRussia group hit Swiss govt sites after Zelensky visit in DavosppGithub rotated credentials after the discovery of a vulnerabilityppFBI CISA warn of AndroxGh0st botnet for victim identification and exploitationppCitrix warns admins to immediately patch NetScaler for actively exploited zerodaysppGoogle fixed the first actively exploited Chrome zeroday of 2024ppAtlassian fixed critical RCE in older Confluence versionsppVMware fixed a critical flaw in Aria Automation Patch it nowppExperts warn of mass exploitation of Ivanti Connect Secure VPN flawsppExperts warn of a vulnerability affecting Bosch BCC100 ThermostatppOver 178000 SonicWall nextgeneration firewalls NGFW online exposed to hackppPhemedrone info stealer campaign exploits Windows smartScreen bypassppBalada Injector continues to infect thousands of WordPress sitesppAttackers target Apache Hadoop and Flink to deliver cryptominersppApple fixed a bug in Magic Keyboard that allows to monitor Bluetooth trafficppSecurity Affairs newsletter Round 454 by Pierluigi Paganini INTERNATIONAL EDITIONppGitLab fixed a critical zeroclick account hijacking flawppJuniper Networks fixed a critical RCE bug in its firewalls and switchesppVast Voter Data Leaks Cast Shadow Over Indonesia s 2024 Presidential ElectionppResearchers created a PoC for Apache OFBiz flaw CVE202351467ppTeam Liquids wiki leak exposes 118K usersppCISA adds Ivanti and Microsoft SharePoint bugs to its Known Exploited Vulnerabilities catalogppTwo zeroday bugs in Ivanti Connect Secure actively exploitedppX Account of leading cybersecurity firm Mandiant was hacked because not adequately protectedppCisco fixed critical Unity Connection vulnerability CVE202420272ppShinyHunters member sentenced to three years in prisonppHMG Healthcare disclosed a data breachppThreat actors hacked the X account of the Securities and Exchange Commission SEC and announced fake Bitcoin ETF approvalppDecryptor for Tortilla variant of Babuk ransomware releasedppMicrosoft Patch Tuesday for January 2024 fixed 2 critical flawsppCISA adds Apache Superset bug to its Known Exploited Vulnerabilities catalogppSyrian group Anonymous Arabic distributes stealthy malware Silver RATppSwiss Air Force sensitive files stolen in the hack of Ultra Intelligence CommunicationsppDoJ charged 19 individuals in a transnational cybercrime investigation xDedic MarketplaceppLongexisting Bandook RAT targets Windows machinesppA cyber attack hit the Beirut International AirportppIranian crypto exchange Bit24cash leaks user passports and IDsppSecurity Affairs newsletter Round 453 by Pierluigi Paganini INTERNATIONAL EDITIONppTurkish Sea Turtle APT targets Dutch IT and Telecom firmsppExperts spotted a new macOS Backdoor named SpectralBlur linked to North KoreappMerck settles with insurers regarding a 14 billion claim over NotPetya damagesppThe source code of Zeppelin Ransomware sold on a hacking forumppRussialinked APT Sandworm was inside Ukraine telecoms giant Kyivstar for monthsppIvanti fixed a critical EPM flaw that can result in remote code executionppMyEstatePoint Property Search Android app leaks user passwordsppHacker hijacked Orange Spain RIPE account causing internet outage to company customersppHealthEC data breach impacted more than 45 Million peopleppExperts found 3 malicious packages hiding crypto miners in PyPi repositoryppCrooks hacked Mandiant X account to push cryptocurrency scamppCybercriminals Implemented Artificial Intelligence AI for Invoice FraudppCISA ADDS CHROME AND PERL LIBRARY FLAWS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOGppDont trust links with known domains BMW affected by redirect vulnerabilityppHackers stole more than 81 million worth of crypto assets from Orbit ChainppUkraines SBU said that Russias intelligence hacked surveillance cameras to direct a missile strike on KyivppExperts warn of JinxLoader loader used to spread Formbook and XLoaderppTerrapin attack allows to downgrade SSH protocol securityppMultiple organizations in Iran were breached by a mysterious hackerppTop 2023 Security Affairs cybersecurity storiesppMalware exploits undocumented Google OAuth endpoint to regenerate Google cookiesppCactus RANSOMWARE gang hit the Swedish retail and grocery provider CoopppGoogle agreed to settle a 5 billion privacy lawsuitppSecurity Affairs newsletter Round 452 by Pierluigi Paganini INTERNATIONAL EDITIONppINC RANSOM ransomware gang claims to have breached Xerox CorpppSpotify music converter TuneFab puts users at riskppCyber attacks hit the Assembly of the Republic of Albania and telecom company One AlbaniappRussialinked APT28 used new malware in a recent phishing campaignppClash of Clans gamers at risk while using thirdparty appppNew Version of Meduza Stealer Released in Dark WebppOperation Triangulation attacks relied on an undocumented hardware featureppCybercriminals launched Leaksmas event in the Dark Web exposing massive volumes of leaked PII and compromised datappLockbit ransomware attack interrupted medical emergencies gang at a German hospital networkppExperts warn of critical ZeroDay in Apache OfBizppXamalicious Android malware distributed through the Play StoreppBarracuda fixed a new ESG zeroday exploited by Chinese group UNC4841ppElections 2024 artificial intelligence could upset world balancesppExperts analyzed attacks against poorly managed Linux SSH serversppA cyberattack hit Australian healthcare provider St Vincents Health AustraliappRhysida ransomware group hacked Abdali Hospital in JordanppCarbanak malware returned in ransomware attacksppResecurity Released a 2024 Cyber Threat Landscape ForecastppAPT group UAC0099 targets Ukraine exploiting a WinRAR flawppIranlinked APT33 targets Defense Industrial Base sector with FalseFont backdoorppSecurity Affairs newsletter Round 451 by Pierluigi Paganini INTERNATIONAL EDITIONppEuropol and ENISA spotted 443 estores compromised with digital skimmingppVideo game giant Ubisoft investigates reports of a data breachppLockBit ransomware gang claims to have breached accountancy firm XeinadinppMobile virtual network operator Mint Mobile discloses a data breachppAkira ransomware gang claims the theft of sensitive data from Nissan AustraliappMember of Lapsus gang sentenced to an indefinite hospital orderppReal estate agency exposes details of 690k customersppESET fixed a highseverity bug in the Secure Traffic Scanning Feature of several productsppPhishing attacks use an old Microsoft Office flaw to spread Agent Tesla malwareppData leak exposes users of carsharing service Blink MobilityppGoogle addressed a new actively exploited Chrome zerodayppGerman police seized the dark web marketplace Kingdom MarketppLaw enforcement Operation HAECHI IV led to the seizure of 300 MillionppSophisticated JaskaGO info stealer targets macOS and WindowsppBMW dealer at risk of takeover by cybercriminalsppComcasts Xfinity customer data exposed after CitrixBleed attackppFBI claims to have dismantled AlphVBlackcat ransomware operation but the group denies itppSmishing Triad Cybercriminals Impersonate UAE Federal Authority for Identity and Citizenship on the Peak of Holidays SeasonppThe ransomware attack on Westpole is disrupting digital services for Italian public administrationppInfo stealers and how to protect against themppProIsrael Predatory Sparrow hacker group disrupted services at around 70 of Irans fuel stationsppQakbot is back and targets the Hospitality industryppA supply chain attack on crypto hardware wallet Ledger led to the theft of 600KppMongoDB investigates a cyberattack customer data exposedppInfectedSlurs botnet targets QNAP VioStor NVR vulnerabilityppSecurity Affairs newsletter Round 450 by Pierluigi Paganini INTERNATIONAL EDITIONppNew NKAbuse malware abuses NKN decentralized P2P network protocolppSnatch ransomware gang claims the hack of the food giant Kraft HeinzppMultiple flaws in pfSense firewall can lead to arbitrary code executionppBianLian White Rabbit and Mario Ransomware Gangs Spotted in a Joint CampaignppData of over a million users of the crypto exchange GokuMarket exposedppIdaho National Laboratory data breach impacted 45047 individualsppUbiquiti users claim to have access to other peoples devicesppRussialinked APT29 spotted targeting JetBrains TeamCity serversppMicrosoft seized the US infrastructure of the Storm1152 cybercrime groupppFrench authorities arrested a Russian national for his role in the Hive ransomware operationppChinalinked APT Volt Typhoon linked to KVBotnetppUK Home Office is ignoring the risk of catastrophic ransomware attacks report warnsppOAuth apps used in cryptocurrency mining phishing campaigns and BEC attacksppSophos backports fix for CVE20223236 for EOL firewall firmware versions due to ongoing attacksppDecember 2023 Microsoft Patch Tuesday fixed 4 critical flawsppUkrainian military intelligence service hacked the Russian Federal Taxation ServiceppKyivstar Ukraines largest mobile carrier brought down by a cyber attackppDubais largest taxi app exposes 220K usersppOperation Blacksmith Lazarus exploits Log4j flaws to deploy DLang malwareppApple released iOS 172 to address a dozen of security flawsppToyota Financial Services discloses a data breachppApache fixed Critical RCE flaw CVE202350164 in Struts 2ppCISA adds Qlik Sense flaws to its Known Exploited Vulnerabilities catalogppCISA and ENISA signed a Working Arrangement to enhance cooperationppResearcher discovered a new lock screen bypass bug for Android 14 and 13ppWordPress 642 fixed a Remote Code Execution RCE flawppSecurity Affairs newsletter Round 449 by Pierluigi Paganini INTERNATIONAL EDITIONppHacktivists hacked an Irish water utility and interrupted the water supplypp5Ghoul flaws impact hundreds of 5G devices with Qualcomm MediaTek chipsppNorton Healthcare disclosed a data breach after a ransomware attackppBypassing major EDRs using Pool Party process injection techniquesppFounder of Bitzlato exchange has pleaded for unlicensed money transmittingppAndroid barcode scanner app exposes user passwordsppUK and US expose Russia Callisto Groups activity and sanction membersppA cyber attack hit Nissan OceaniappNew Krasue Linux RAT targets telecom companies in ThailandppAtlassian addressed four new RCE flaws in its productsppCISA adds Qualcomm flaws to its Known Exploited Vulnerabilities catalogppExperts demonstrate a postexploitation tampering technique to display Fake Lockdown modeppGST Invoice Billing Inventory exposes sensitive data to threat actorsppThreat actors breached US govt systems by exploiting Adobe ColdFusion flawppENISA published the ENISA Threat Landscape for DoS Attacks ReportppRussialinked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accountsppGoogle fixed critical zeroclick RCE in AndroidppNew P2PInfect bot targets routers and IoT devicesppMalvertising attacks rely on DanaBot Trojan to spread CACTUS RansomwareppLockBit on a Roll ICBC Ransomware Attack Strikes at the Heart of the Global Financial OrderppZyxel fixed tens of flaws in Firewalls Access Points and NAS devicesppNew Agent Raccoon malware targets the Middle East Africa and the USppSecurity Affairs newsletter Round 448 by Pierluigi Paganini INTERNATIONAL EDITIONppResearchers devised an attack technique to extract ChatGPT training datappFortunetelling website WeMystic exposes 13M user recordsppExpert warns of Turtle macOS ransomwareppBlack Basta Ransomware gang accumulated at least 107 million in Bitcoin ransom payments since early 2022ppCISA adds ownCloud and Google Chrome bugs to its Known Exploited Vulnerabilities catalogppApple addressed 2 new iOS zeroday vulnerabilitiesppCritical Zoom Room bug allowed to gain access to Zoom TenantsppRhysida ransomware group hacked King Edward VIIs Hospital in LondonppGoogle addressed the sixth Chrome ZeroDay vulnerability in 2023ppOkta reveals additional attackers activities in October 2023 BreachppThousands of secrets lurk in app images on Docker HubppThreat actors started exploiting critical ownCloud flaw CVE202349103ppInternational police operation dismantled a prominent Ukrainebased Ransomware groupppDaixin Team group claimed the hack of North Texas Municipal Water DistrictppHealthcare provider Ardent Health Services disclosed a ransomware attackppUkraines intelligence service hacked Russias Federal Air Transport Agency RosaviatsiappIranian hacker group Cyber Av3ngers hacked the Municipal Water Authority of Aliquippa in PennsylvaniappThe hack of MSP provider CTS potentially impacted hundreds of UK law firmsppSecurity Affairs newsletter Round 447 by Pierluigi Paganini INTERNATIONAL EDITIONppRhysida ransomware gang claimed China Energy hackppNorth Korealinked APT Lazarus is using a MagicLine4NX zeroday flaw in supply chain attackppHamaslinked APT uses Rustbased SysJoker backdoor against IsraelppApp used by hundreds of schools leaking childrens datappMicrosoft launched its new Microsoft Defender Bounty ProgramppExposed Kubernetes configuration secrets can fuel supply chain attacksppNorth Korealinked Konni APT uses Russianlanguage weaponized documentsppClearFake campaign spreads macOS AMOS information stealerppWelltok data breach impacted 85 million patients in the USppNorth Korealinked APT Diamond Sleet supply chain attack relies on CyberLink softwareppAutomotive parts giant AutoZone disclosed data breach after MOVEit hackppNew InfectedSlurs Miraibased botnet exploits two zerodaysppSiegedSec hacktivist group hacked Idaho National Laboratory INLppCISA adds Looney Tunables Linux bug to its Known Exploited Vulnerabilities catalogppCitrix provides additional measures to address Citrix BleedppTor Project removed several relays associated with a suspicious cryptocurrency schemeppExperts warn of a surge in NetSupport RAT attacks against education and government sectorsppThe Top 5 Reasons to Use an API Management PlatformppCanadian government impacted by data breaches of two of its contractorsppRhysida ransomware gang is auctioning data stolen from the British LibraryppRussialinked APT29 group exploited WinRAR 0day in attacks against embassiesppDarkCasino joins the list of APT groups exploiting WinRAR zerodayppUS teenager pleads guilty to his role in credential stuffing attack on a betting siteppSecurity Affairs newsletter Round 446 by Pierluigi Paganini INTERNATIONAL EDITIONpp8Base ransomware operators use a new variant of the Phobos ransomwareppRussian APT Gamaredon uses USB worm LitterDrifter against UkraineppThe board of directors of OpenAI fired Sam AltmanppMedusa ransomware gang claims the hack of Toyota Financial ServicesppCISA adds Sophos Web Appliance bug to its Known Exploited Vulnerabilities catalogppZimbra zeroday exploited to steal government emails by four groupsppVietnam Post exposes 12TB of data including email addressesppSamsung suffered a new data breachppFBI and CISA warn of attacks by Rhysida ransomware gangppCritical flaw fixed in SAP Business One productppLaw enforcement agencies dismantled the illegal botnet proxy service IPStormppGamblers data compromised after casino giant Strendus fails to set passwordppVMware disclosed a critical and unpatched authentication bypass flaw in VMware Cloud Director ApplianceppDanish critical infrastructure hit by the largest cyber attack in Denmarks historyppMajor Australian ports blocked after a cyber attack on DP WorldppNuclear and Oil Gas are Major Targets of Ransomware Groups in 2024ppCISA adds five vulnerabilities in Juniper devices to its Known Exploited Vulnerabilities catalogppLockBit ransomware gang leaked data stolen from BoeingppNorth Korealinked APT Sapphire Sleet targets IT job seekers with bogus skills assessment portalsppThe Lorenz ransomware group hit Texasbased Cogdell Memorial HospitalppThe State of Maine disclosed a data breach that impacted 13M peopleppSecurity Affairs newsletter Round 445 by Pierluigi Paganini INTERNATIONAL EDITIONppPolice seized BulletProftLink phishingasaservice PhaaS platformppSerbian pleads guilty to running Monopoly dark web drug marketppMcLaren Health Care revealed that a data breach impacted 22 million peopleppAfter ChatGPT Anonymous Sudan took down the Cloudflare websiteppIndustrial and Commercial Bank of China ICBC suffered a ransomware attackppSysAid zeroday exploited by Clop ransomware groupppDollycom pays ransom attackers release data anywayppDDoS attack leads to significant disruption in ChatGPT servicesppRussian Sandworm disrupts power in Ukraine with a new OT attackppVeeam fixed multiple flaws in Veeam ONE including critical issuesppProPalestinian hackers group Soldiers of Solomon disrupted the production cycle of the biggest flour production plant in IsraelppIranian Agonizing Serpens APT is targeting Israeli entities with destructive cyber attacksppCritical Confluence flaw exploited in ransomware attacksppQNAP fixed two critical vulnerabilities in QTS OS and appsppAttackers use Google Calendar RAT to abuse Calendar service as C2 infrastructureppSocks5Systemz proxy service delivered via PrivateLoader and AmadeyppUS govt sanctioned a Russian woman for laundering virtual currency on behalf of threat actorsppSecurity Affairs newsletter Round 444 by Pierluigi Paganini INTERNATIONAL EDITIONppLazarus targets blockchain engineers with new KandyKorn macOS MalwareppKinsing threat actors probed the Looney Tunables flaws in recent attacksppZDI discloses four zeroday flaws in Microsoft ExchangeppOkta customer support system breach impacted 134 customersppMultiple WhatsApp mods spotted containing the CanesSpy SpywareppRussian FSB arrested Russian hackers who supported Ukrainian cyber operationsppMuddyWater has been spotted targeting two Israeli entitiesppClop group obtained access to the email addresses of about 632000 US federal employeesppOkta discloses a new data breach after a thirdparty vendor was hackedppSuspected exploitation of Apache ActiveMQ flaw CVE202346604 to install HelloKitty ransomwareppBoeing confirmed its services division suffered a cyberattackppResecurity Insecurity of 3rdparties leads to Aadhaar data leaks in IndiappWho is behind the Mozi Botnet kill switchppCISA adds two F5 BIGIP flaws to its Known Exploited Vulnerabilities catalogppThreat actors actively exploit F5 BIGIP flaws CVE202346747 and CVE202346748ppProHamas hacktivist group targets Israel with BiBiLinux wiperppBritish Library suffers major outage due to cyberattackppCritical Atlassian Confluence flaw can lead to significant data lossppWiHD leak exposes details of all torrent usersppExperts released PoC exploit code for Cisco IOS XE flaw CVE202320198ppCanada bans WeChat and Kaspersky apps on governmentissued mobile devicesppFlorida man sentenced to prison for SIM Swapping conspiracy that led to theft of 1M in cryptocurrencyppWikiSlack attack allows redirecting business professionals to malicious websitesppHackerOne awarded over 300 million bug huntersppStripedFly a complex malware that infected one million devices without being noticedppIT Army of Ukraine disrupted internet providers in territories occupied by RussiappSecurity Affairs newsletter Round 443 by Pierluigi Paganini INTERNATIONAL EDITIONppBug hunters earned 1038250 for 58 unique 0days at Pwn2Own Toronto 2023ppLockbit ransomware gang claims to have stolen data from BoeingppHow to Collect Market Intelligence with Residential ProxiesppF5 urges to address a critical flaw in BIGIPppHello Alfred app exposes user datappiLeakage attack exploits Safari to steal data from Apple devicesppCloudflare mitigated 89 hypervolumetric HTTP distributed DDoS attacks exceeding 100 million rpsppSeiko confirmed a data breach after BlackCat attackppWinter Vivern APT exploited zeroday in Roundcube webmail software in recent attacksppPwn2Own Toronto 2023 Day 1 organizers awarded 438750 in prizesppVMware addressed critical vCenter flaw also for EndofLife productsppCitrix warns admins to patch NetScaler CVE20234966 bug immediatelyppNew England Biolabs leak sensitive datappFormer NSA employee pleads guilty to attempted selling classified documents to RussiappExperts released PoC exploit code for VMware Aria Operations for Logs flaw Patch it nowppHow did the Okta Support breach impact 1PasswordppPII Belonging to Indian Citizens Including their Aadhaar IDs Offered for Sale on the Dark WebppSpain police dismantled a cybercriminal group who stole the data of 4 million individualsppCISA adds second Cisco IOS XE flaw to its Known Exploited Vulnerabilities catalogppCisco warns of a second IOS XE zeroday used to infect devices worldwideppCity of Philadelphia suffers a data breachppSolarWinds fixed three critical RCE flaws in its Access Rights Manager productppDont use AIbased apps Philippine defense ordered its personnelppVietnamese threat actors linked to DarkGate malware campaignppMI5 chief warns of Chinese cyber espionage reached an unprecedented scaleppThe attack on the International Criminal Court was targeted and sophisticatedppSecurity Affairs newsletter Round 442 by Pierluigi Paganini INTERNATIONAL EDITIONppA threat actor is selling access to Facebook and Instagrams Police PortalppThreat actors breached Okta support system and stole customers datappUS DoJ seized domains used by North Korean IT workers to defraud businesses worldwideppAlleged developer of the Ragnar Locker ransomware was arrestedppCISA adds Cisco IOS XE flaw to its Known Exploited Vulnerabilities catalogppTens of thousands Cisco IOS XE devices were hacked by exploiting CVE202320198ppLaw enforcement operation seized Ragnar Locker groups infrastructureppTHE 11TH EDITION OF THE ENISA THREAT LANDSCAPE REPORT IS OUTppNorth Korealinked APT groups actively exploit JetBrains TeamCity flawppMultiple APT groups exploited WinRAR flaw CVE202338831ppCalifornian IT company DNA Micro leaks private mobile phone datappThreat actors have been exploiting CVE20234966 in Citrix NetScaler ADCGateway devices since AugustppA flaw in Synology DiskStation Manager allows admin account takeoverppDLink confirms data breach but downplayed the impactppCVE202320198 zeroday widely exploited to install implants on Cisco IOS XE systemsppRussialinked Sandworm APT compromised 11 Ukrainian telecommunications providersppRansomware realities in 2023 one employee mistake can cost a company millionsppMalwarelaced RedAlert Rocket Alerts app targets Israeli users ppCisco warns of active exploitation of IOS XE zerodayppSignal denies claims of an alleged zeroday flaw in its platformppMicrosoft Defender thwarted Akira ransomware attack on an industrial engineering firmppDarkGate malware campaign abuses Skype and TeamsppThe Alphv ransomware gang stole 5TB of data from the Morrison Community HospitalppSecurity Affairs newsletter Round 441 by Pierluigi Paganini INTERNATIONAL EDITIONppLockbit ransomware gang demanded an 80 million ransom to CDWppCISA warns of vulnerabilities and misconfigurations exploited in ransomware attacksppStayin Alive campaign targets highprofile Asian government and telecom entities Is it linked to ToddyCat APTppFBI and CISA published a new advisory on AvosLocker ransomwareppMore than 17000 WordPress websites infected with the Balada Injector in SeptemberppRansomlooker a new tool to track and analyze ransomware groups activitiesppPhishing the campaigns that are targeting ItalyppA new Magecart campaign hides the malicious code in 404 error pageppCISA adds Adobe Acrobat Reader flaw to its Known Exploited Vulnerabilities catalogppMiraibased DDoS botnet IZ1H9 added 13 payloads to target routersppAir Europa data breach exposed customers credit cardsppOpIsrael FreePalestine OpSaudiArabia How Cyber Actors Capitalize On War Actions Via PsyOpsppMicrosoft Patch Tuesday updates for October 2023 fixed three actively exploited zeroday flawsppNew HTTP2 Rapid Reset technique behind recordbreaking DDoS attacksppExposed security cameras in Israel and Palestine pose significant risksppA flaw in libcue library impacts GNOME Linux systemsppHacktivists in Palestine and Israel after SCADA and other industrial control systemsppLargescale Citrix NetScaler Gateway credential harvesting campaign exploits CVE20233519ppThe source code of the 2020 variant of HelloKitty ransomware was leaked on a cybercrime forumppGazalinked hackers and ProRussia groups are targeting IsraelppFlagstar Bank suffered a data breach once againppAndroid devices shipped with backdoored firmware as part of the BADBOX networkppSecurity Affairs newsletter Round 440 by Pierluigi Paganini International editionppNorth Korealinked Lazarus APT laundered over 900 million through crosschain crimeppQakBot threat actors are still operational after the August takedownppRansomware attack on MGM Resorts costs 110 MillionppCybersecurity why a hotline number could be importantppMultiple experts released exploits for Linux local privilege escalation flaw Looney TunablesppCisco Emergency Responder is affected by a critical Static Credentials bug Fix it immediatelyppBelgian intelligence service VSSE accused Alibaba of possible espionage at European hub in LiegeppCISA adds JetBrains TeamCity and Windows flaws to its Known Exploited Vulnerabilities catalogppNATO is investigating a new cyber attack claimed by the SiegedSec groupppGlobal CRM Provider Exposed Millions of Clients Files OnlineppSony sent data breach notifications to about 6800 individualsppApple fixed the 17th zeroday flaw exploited in attacksppAtlassian Confluence zeroday CVE202322515 actively exploited in attacksppA cyberattack disrupted Lyca Mobile servicesppChipmaker Qualcomm warns of three actively exploited zerodaysppDRM Report Q2 2023 Ransomware threat landscapeppPhishing campaign targeted US executives exploiting a flaw in Indeed job search platformppSan Franciscos transport agency exposes drivers parking permits and addressesppBunnyLoader a new MalwareasaService advertised in cybercrime forumsppExclusive Lighting the Exfiltration Infrastructure of a LockBit Affiliate and moreppTwo hacker groups are back in the news LockBit 30 Black and BlackCatAlphVppEuropean Telecommunications Standards Institute ETSI suffered a data breachppWSFTP flaw CVE202340044 actively exploited in the wildppNational Logistics Portal NLP data leak seaports in India were left vulnerable to takeover by hackersppNorth Korealinked Lazarus targeted a Spanish aerospace companyppRansomware attack on Johnson Controls may have exposed sensitive DHS datappBlackCat gang claims they stole data of 25 million patients of McLaren Health CareppSecurity Affairs newsletter Round 439 by Pierluigi Paganini International editionppALPHVBlackCat ransomware gang hacked the hotel chain Motel OneppFBI warns of dual ransomware attacksppProgress Software fixed two critical severity flaws in WSFTP ServerppChild abuse site taken down organized child exploitation crime suspected exclusiveppA still unpatched zeroday RCE impacts more than 35M Exim serversppChinese threat actors stole around 60000 emails from US State Department in Microsoft breachppMisconfigured WBSC server leaks thousands of passportsppCISA adds JBoss RichFaces Framework flaw to its Known Exploited Vulnerabilities catalogppCisco urges to patch actively exploited IOS zeroday CVE202320109ppDark Angels Team ransomware group hit Johnson ControlsppGOOGLE FIXED THE FIFTH CHROME ZERODAY OF 2023ppRussian zeroday broker is willing to pay 20M for zeroday exploits for iPhones and Android devicesppChinalinked APT BlackTech was spotted hiding in Cisco router firmwareppWatch out CVE20235129 in libwebp library affects millions applicationsppDarkBeam leaks billions of email and password combinationsppRansomedvc in the Spotlight What is Known About the Ransomware Group Targeting Sony and NTT DocomoppTop 5 Problems Solved by Data LineageppThreat actors claim the hack of Sony and the company investigatesppCanadian Flair Airlines left user data leaking for monthsppThe Rhysida ransomware group hit the Kuwait Ministry of FinanceppBORN Ontario data breach impacted 34 million newborns and pregnancy care patientsppXenomorph malware is back after months of hiatus and expands the list of targetsppSmishing Triad Stretches Its Tentacles into the United Arab EmiratesppCrooks stole 200 million worth of assets from Mixin NetworkppA phishing campaign targets Ukrainian military entities with drone manual luresppAlert Patch your TeamCity instance to avoid server hackppIs Gelsemium APT behind a targeted attack in Southeast Asian GovernmentppNigerian National pleads guilty to participating in a millionaire BEC schemeppNew variant of BBTok Trojan targets users of 40 banks in LATAMppDeadglyph a very sophisticated and unknown backdoor targets the Middle EastppAlphv group claims the hack of Clarion a global manufacturer of audio and video equipment for carsppSecurity Affairs newsletter Round 438 by Pierluigi Paganini International editionppNational Student Clearinghouse data breach impacted approximately 900 US schoolsppGovernment of Bermuda blames Russian threat actors for the cyber attackppRecently patched Apple and Chrome zerodays exploited to infect devices in Egypt with Predator spywareppCISA adds Trend Micro Apex One and WorryFree Business Security flaw to its Known Exploited Vulnerabilities catalogppInformation of Air Canada employees exposed in recent cyberattackppSandman APT targets telcos with LuaDream backdoorppApple rolled out emergency updates to address 3 new actively exploited zeroday flawsppUkrainian hackers are behind the Free Download Manager supply chain attackppSpace and defense tech maker Exail Technologies exposes database accessppProRussia hacker group NoName launched a DDoS attack on Canadian airports causing severe disruptionsppExperts found critical flaws in Nagios XI network monitoring softwareppThe dark web drug marketplace PIILOPUOTI was dismantled by Finnish CustomsppInternational Criminal Court hit with a cyber attackppGitLab addressed critical vulnerability CVE20235009ppTrend Micro addresses actively exploited zeroday in Apex One and other security ProductsppShroudedSnooper threat actors target telecom companies in the Middle EastppRecent cyber attack is causing Clorox products shortageppEarth Lusca expands its arsenal with SprySOCKS Linux malwareppMicrosoft AI research division accidentally exposed 38TB of sensitive datappGerman intelligence warns cyberattacks could target liquefied natural gas LNG terminalsppDeepfake and smishing How hackers compromised the accounts of 27 Retool customers in the crypto industryppFBI hacker USDoD leaks highly sensitive TransUnion datappNorth Koreas Lazarus APT stole almost 240 million in crypto assets since JuneppClop gang stolen data from major North Carolina hospitalsppCardX released a data leak notification impacting their customers in ThailandppSecurity Affairs newsletter Round 437 by Pierluigi Paganini International editionppTikTok fined 345M by Irish DPC for violating childrens privacyppDariy Pankov the NLBrute malware author pleads guiltyppDangerous permissions detected in top Android health appsppCaesars Entertainment paid a ransom to avoid stolen data leaksppFree Download Manager backdoored to serve Linux malware for more than 3 yearsppLockbit ransomware gang hit the Carthage Area Hospital and the ClaytonHepburn Medical Center in New YorkppThe iPhone of a Russian journalist was infected with the Pegasus spywareppKubernetes flaws could lead to remote code execution on Windows endpointsppThreat actor leaks sensitive data belonging to AirbusppA new ransomware family called 3AM appears in the threat landscapeppRedfly group infiltrated an Asian national grid as long as six monthsppMozilla fixed a critical zeroday in Firefox and ThunderbirdppMicrosoft September 2023 Patch Tuesday fixed 2 actively exploited zeroday flawsppSave the Children confirms it was hit by cyber attackppAdobe fixed actively exploited zeroday in Acrobat and ReaderppA new Repojacking attack exposed over 4000 GitHub repositories to hackppMGM Resorts hit by a cyber attackppAnonymous Sudan launched a DDoS attack against TelegramppIranian Charming Kitten APT targets various entities in Brazil Israel and the UAE using a new backdoorppGOOGLE FIXED THE FOURTH CHROME ZERODAY OF 2023ppCISA adds recently discovered Apple zerodays to Known Exploited Vulnerabilities CatalogppUK and US sanctioned 11 members of the Russiabased TrickBot gangppNew HijackLoader malware is rapidly growing in popularity in the cybercrime communityppSome of TOP universities wouldnt pass cybersecurity exam left websites vulnerableppEvil Telegram campaign Trojanized Telegram apps found on Google PlayppRhysida Ransomware gang claims to have hacked three more US hospitalsppAkamai prevented the largest DDoS attack on a US financial companyppSecurity Affairs newsletter Round 436 by Pierluigi Paganini International editionppUS CISA added critical Apache RocketMQ flaw to its Known Exploited Vulnerabilities catalogppRagnar Locker gang leaks data stolen from the Israels Mayanei Hayeshua hospitalppNorth Korealinked threat actors target cybersecurity experts with a zerodayppZeroday in Cisco ASA and FTD is actively exploited in ransomware attacksppZerodays fixed by Apple were used to deliver NSO Groups Pegasus spywareppApple discloses 2 new actively exploited zeroday flaws in iPhones MacsppA malvertising campaign is delivering a new version of the macOS Atomic StealerppTwo flaws in Apache SuperSet allow to remotely hack serversppChinese cyberspies obtained Microsoft signing key from Windows crash dump due to a mistakeppGoogle addressed an actively exploited zeroday in AndroidppA zeroday in Atlas VPN Linux Client leaks users IP addressppMITRE and CISA release Caldera for OT attack emulationppASUS routers are affected by three critical remote code execution flawsppHackers stole 41M worth of crypto assets from crypto gambling firm StakeppFreecycle data breach impacted 7 Million usersppMeta disrupted two influence campaigns from China and RussiappA massive DDoS attack took down the site of the German financial agency BaFinppSmishing Triad Targeted USPS and US Citizens for Data TheftppUniversity of Sydney suffered a security breach caused by a thirdparty service providerppCybercrime will cost Germany 224 billion in 2023ppPoC exploit code released for CVE202334039 bug in VMware Aria Operations for NetworksppSecurity Affairs newsletter Round 435 by Pierluigi Paganini International editionppLockBit ransomware gang hit the Commission des services electriques de Montréal CSEMppUNRAVELING EternalBlue inside the WannaCrys enablerppResearchers released a free decryptor for the Key Group ransomwareppFashion retailer Forever 21 data breach impacted 500000 individualsppRussialinked hackers target Ukrainian military with Infamous Chisel Android malwareppAkira Ransomware gang targets Cisco ASA without MultiFactor AuthenticationppParamount Global disclosed a data breachppNational Safety Council data leak Credentials of NASA Tesla DoJ Verizon and 2K others leaked by workplace safety organizationppAbusing Windows Container Isolation Framework to avoid detection by security productsppCritical RCE flaw impacts VMware Aria Operations NetworksppUNC4841 threat actors hacked US government email servers exploiting Barracuda ESG flawppHackers infiltrated Japans National Center of Incident Readiness and Strategy for Cybersecurity NISC for monthsppFIN8linked actor targets Citrix NetScaler systemsppJapans JPCERT warns of new MalDoc in PDF attack techniqueppAttackers can discover IP address by sending a link over the Skype mobile appppCisco fixes 3 highseverity DoS flaws in NXOS and FXOS softwareppCloud and hosting provider Leaseweb took down critical systems after a cyber attackppCrypto investor data exposed by a SIM swapping attack against a Kroll employeeppChinalinked Flax Typhoon APT targets TaiwanppResearchers released PoC exploit for Ivanti Sentry flaw CVE202338035ppResecurity identified a zeroday vulnerability in Schneider Electric Accutech ManagerppCicada3301 is a new ransomwareasaservice RaaS operation that appeared in the threat landscape The group appears to be very active and already listed 23 victims on its extortion portal since midJune The following image shows the list of victims published by the gang on its Dark Web leak siteppCicada 3301 is the name given to three sets of puzzles posted under the name 3301 online between 2012 and 2014 The first puzzle started on January 4 2012 on 4chan and ran for nearly a month A second round of puzzles began one year later on January 4 2013 and then a third round following the confirmation of a fresh clue posted on Twitter on January 4 2014 The third puzzle has not been solved yet The stated intent was to recruit intelligent individuals by presenting a series of puzzles to be solved no new puzzles were published on January 4 2015ppHowever the operation seems to have no links with Cicada3301ppSince June the operators behind Cicada3301 have started recruiting affiliates on the RAMP cybercrime forumppThe Cicada3301 ransomware is written in Rust and targets both Windows and LinuxESXi hosts Truesec researchers dissected a variant that targets VMware ESXi systems which appears to be a version of the same malware for Windows The experts pointed out that while many ransomware groups are now targeting ESXi systems only a few including the nowdefunct BlackCatALPHV group have used Rustbased ransomware Analysis reveals significant similarities between Cicada3301s ransomware and the ALPHV ransomwareppThe Cicada3301 ransomware has several interesting similarities to the ALPHV ransomware reported TruesecppThe initial attack by the Cicada3301 group began with the use of stolen or bruteforced credentials to log in via ScreenConnect The IP address used by the ransomware group is linked to the Brutus botnet a circumstance that suggests possible connections between the two This timeline coincides with the apparent exit of the BlackCatALPHV ransomware group raising the possibility that Cicada3301 could be a rebranding of ALPHV a collaboration with its developers or a separate group using modified ALPHV code ppThe Cicada3301 ransomware supports multiple configurable parameters that operators can use to alter its behavior during the execution These parameters managed via the clapargs library include options likeppThese functionalities provide flexibility in how the ransomware operates potentially making it more effective in different scenariosppThe Cicada3301 ransomware generates a symmetric key for encryption using the OsRng random number generator The ransomware uses a function called encryptfile to handle file encryption This process involves extracting a public PGP key stored in the binarys data section which is used to encrypt the generated symmetric keyppThen the malware creates a note titled RECOVERencrypted file endingDATAtxt in each folder containing encrypted files The encryption targets specific file extensions mostly related to documents and pictures suggesting the ransomware was initially designed to target Windows systems before being adapted for ESXi hostsppAfter the encryption is done the ransomware encrypts the ChaCha20 key with the provided RSA key and finally writes the extension to the encrypted file Adding the encryption file extension The file extension is also added to the end of the encrypted file together with the RSA encrypted ChaCha20 key concludes the analysis that includes YARA Rule for this version of the malwarePierluigi PaganinippFollow me on Twitter securityaffairs and Facebook and MastodonppSecurityAffairs  hacking Cicada3301ppppppDigital ID December 02 2024ppCyber Crime December 02 2024ppUncategorized December 02 2024ppMalware December 01 2024ppBreaking News December 01 2024ppTo contact me write an email to
Pierluigi Paganini
email protected
pp
Copyrightsecurityaffairs 2024 p