Security Affairs

JANUARY 23, 2024

The Black Basta ransomware gang claimed to have hacked the UK water utility Southern Water, a major player in the UK water industry. The gang published some screenshots as proof of the attack, including passports, ID cards, and personal information of some employees. The bad news is that Black Bast has fixed the issue.

Hacking 144

Hacking Encryption Ransomware Insurance 144

Security Affairs

DECEMBER 13, 2023

Sophos backports the patch for CVE-2022-3236 for end-of-life (EOL) firewall firmware versions due to ongoing attacks exploiting the issue. The security firm reported that this vulnerability is being used in attacks against a small set of specific organizations, primarily in South Asia. reads the advisory. GA, MR1, and MR1-1 v18.5

Firmware 137

Firmware Firewall Internet Internet 137

Security Affairs

NOVEMBER 27, 2023

Ukraine’s intelligence service announced the hack of the Russian Federal Air Transport Agency, ‘Rosaviatsia.’ ’ Ukraine’s intelligence service announced they have hacked Russia’s Federal Air Transport Agency, ‘Rosaviatsia.’ In the same period in 2022, 50 such incidents were recorded.

Hacking 143

Hacking Engineering Government Manufacturing 143

Security Affairs

JULY 18, 2024

On May 19th, 2022, a user named “goodsoft” advertised an AV killer tool for $4,000 on the exploit[.]in Later, on June 14th, 2022, a user named “lefroggy” posted a similar ad on the xss[.]is On August 10, 2022, a user named “goodsoft” advertised “PentestSoftware” for $6,500 per month on the exploit[.]in

Advertising 143

Advertising Cybercrime Hacking Ransomware 143

Security Affairs

OCTOBER 3, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability to its Known Exploited Vulnerabilities catalog in July 2024. According to Sansec, CosmicSting (CVE-2024-34102) is the most severe bug impacting Magento and Adobe Commerce stores in two years, with hacks occurring at a rate of 3 to 5 per hour.

Hacking 141

Hacking Passwords Cybersecurity Cybercrime 141

Security Affairs

FEBRUARY 5, 2024

.” The experts reported the issue to Airbus in June 2022. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, Airbus) The company confirmed that the next version of the software would address the issue.

Hacking 139

Hacking Engineering Encryption Software 139

Security Affairs

NOVEMBER 28, 2023

The Daixin Team group claims to have hacked the North Texas Municipal Water District (US) and threatened to leak the stolen data. In October 2022, CISA, the FBI, and the Department of Health and Human Services (HHS) warned that the Daixin Team cybercrime group is actively targeting U.S.

Hacking 141

Hacking VPN Ransomware Cybercrime 141

Security Affairs

DECEMBER 15, 2023

The Snatch ransomware group announced it had hacked the food giant Kraft Heinz, the company is investigating the claims. The Snatch ransomware group claims to have hacked Kraft Heinz in August and on December 14, it added the company to the list of victims on its leak site.

Hacking 140

Hacking Ransomware Computers and Electronics Marketing 140

Security Affairs

JANUARY 15, 2024

SonicWall next-generation firewall (NGFW) series 6 and 7 devices are affected by two unauthenticated denial-of-service vulnerabilities, tracked as CVE-2022-22274 and CVE-2023-0656 , that could potentially lead to remote code execution.

Firewall 145

Firewall Hacking Firmware Internet 145

Krebs on Security

OCTOBER 20, 2023

In an interview with KrebsOnSecurity, Okta’s Deputy Chief Information Security Officer Charlotte Wylie said Okta initially believed that BeyondTrust’s alert on Oct. The disclosure from Okta comes just weeks after casino giants Caesar’s Entertainment and MGM Resorts were hacked. But she said that by Oct.

Social Engineering 329

Social Engineering Engineering Accountability Hacking 329

Security Affairs

NOVEMBER 2, 2023

In December 2022, the American identity and access management giant revealed that its private GitHub repositories were hacked. The company did not attribute the attack to a specific threat actor.

Data breaches 143

Data breaches Hacking Social Engineering Healthcare 143

Security Affairs

SEPTEMBER 26, 2024

Researchers discovered critical flaws in Kia’s dealer portal that could allow to hack Kia cars made after 2013 using just their license plate. Additionally, attackers could secretly obtain personal information such as the victim’s name, phone number, email, and physical address.

Hacking 143

Hacking Accountability Mobile Internet 143

Security Affairs

MAY 2, 2024

In November 2022, Dropbox announced that threat actors gained unauthorized access to 130 of its source code repositories on GitHub. Pierluigi Paganini Follow me on Twitter: @securityaffairs and Facebook and Mastodon ( SecurityAffairs – hacking, CISA) DropBox is notifying all impacted customers.

Hacking 139

Hacking Authentication Passwords Accountability 139

Security Affairs

APRIL 25, 2024

CISA added the Windows Print Spooler flaw CVE-2022-38028 to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added the CVE-2022-38028 Microsoft Windows Print Spooler Privilege Escalation vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.

Education 143

Education Government Hacking Risk 143

Security Affairs

DECEMBER 4, 2024

Black Basta ransomware-as-a-service (RaaS) has been active since April 2022, it impacted several businesses and critical infrastructure entities across North America, Europe, and Australia. Black Basta is a ransomware-as-a-service (RaaS) variant, first identified in April 2022. reads the CSA.

Ransomware 133

Ransomware Telecommunications Healthcare Insurance 133

Krebs on Security

APRIL 20, 2023

3CX hired incident response firm Mandiant , which released a report on Wednesday that said the compromise began in 2022 when a 3CX employee installed a malware-laced software package distributed via an earlier software supply chain compromise that began with a tampered installer for X_TRADER , a software package provided by Trading Technologies.

Malware 322

Malware Software Technology Accountability 322

Security Affairs

JANUARY 23, 2024

The Australian government announced sanctions for a member of the REvil ransomware group for the Medibank hack that occurred in 2022. The man is responsible for the cyber attacks that in 2022 hit the Australian insurance provider Medibank. “ In November 2022, Medibank announced that personal data belonging to around 9.7M

Government 141

Government Insurance Ransomware Hacking 141

Security Affairs

DECEMBER 11, 2024

has charged a Chinese national for hacking thousands of Sophos firewall devices worldwide in 2020. has charged the Chinese national Guan Tianfeng (aka gbigmao and gxiaomao) for hacking thousands of Sophos firewall devices worldwide in 2020. Tianfeng worked at Sichuan Silence Information Technology Co., ” The U.S.

Firewall 84

Firewall Hacking Malware Passwords 84

Krebs on Security

JANUARY 24, 2023

First advertised in the cybercrime underground in 2014, RSOCKS was the web-based storefront for hacked computers that were sold as “proxies” to cybercriminals looking for ways to route their Web traffic through someone else’s device. “Thanks to you, we are now developing in the field of information security and anonymity!,”

Cybercrime 259

Cybercrime Advertising IoT Malware 259

Krebs on Security

NOVEMBER 16, 2023

In November 2022, Kivimäki was charged with attempting to extort money from the Vastaamo Psychotherapy Center. Security experts soon discovered Ransom Man had mistakenly included an entire copy of their home folder, where investigators found many clues pointing to Kivimäki’s involvement.

Cybercrime 250

Cybercrime Hacking Data breaches Banking 250

Security Affairs

DECEMBER 3, 2024

The news of the hack was reported by the Gazeta Wyborcza daily, and unfortunately, it isn’t the first time that the Pegasus spyware was used in the country. In 2021, the University of Toronto-based Citizen Lab Internet reported that a Polish opposition duo was hacked with NSO spyware.

Spyware 126

Spyware Government Surveillance Hacking 126

Security Affairs

JUNE 27, 2024

in April 2022. Technical details and PoC exploit code are publicly available since August 2022. Linux Kernel Flaw CVE-2022-2586 (CVSS score of 7.8) White hat hackers demonstrated an exploit for this issue during the Pwn2Own Vancouver 2022. is a code injection issue in the Jai-Ext open source project. and 1.3.12.

Hacking 131

Hacking Cybersecurity Risk Information Security 131

Security Affairs

NOVEMBER 15, 2024

. “Ilya Lichtenstein was sentenced today to five years in prison for his involvement in a money laundering conspiracy arising from the hack and theft of approximately 120,000 bitcoin from Bitfinex, a global cryptocurrency exchange.” Billion in stolen cryptocurrency stolen during the 2016 hack of Bitfinex.

Cryptocurrency 113

Cryptocurrency Hacking Government Accountability 113

Security Affairs

MAY 23, 2024

Below is the list of the addressed vulnerabilities: CVE Description CVSS Vector CVE-2024-29822 An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.

Authentication 136

Authentication Hacking Information Security 136

Krebs on Security

SEPTEMBER 24, 2022

Denis Emelyantsev , as the apparent owner of RSOCKS, a collection of millions of hacked devices that were sold as “proxies” to cybercriminals looking for ways to route their malicious traffic through someone else’s computer. “Thanks to you, we are now developing in the field of information security and anonymity!

Cybercrime 228

Cybercrime Data breaches Malware Ransomware 228

Security Affairs

APRIL 23, 2024

North Korea-linked APT groups Lazarus , Andariel , and Kimsuky hacked multiple defense companies in South Korea, reported the National Police Agency. The state-sponsored hackers hacked into the subcontractors of defense companies by exploiting vulnerabilities in the targeted systems and deployed malware. concludes the advisory.

Hacking 130

Hacking Malware Accountability Technology 130

Security Affairs

JUNE 21, 2024

French information security agency ANSSI reported that Russia-linked threat actor Nobelium is behind a series of cyber attacks that targeted French diplomatic entities. The French information security agency ANSSI reported that Russia-linked APT Nobelium targeted French diplomatic entities.

Phishing 139

Phishing Accountability Information Security Cyber Attacks 139

Security Affairs

NOVEMBER 20, 2023

3 On or about November 18, 2022, the man launched a credential stuffing attack on the Betting Website and gained access to approximately 60,000 accounts. According to court documents, on November 18, 2022, Garrison launched the attack against the betting site, obtaining access to approximately 60,000 user accounts.

Accountability 142

Accountability Hacking Passwords Cybercrime 142

Security Affairs

JANUARY 30, 2024

in August 2022. “This vulnerability was introduced in glibc 2.37 (in August 2022) by the following commit: [link] and was also backported to glibc 2.36 because this commit was a fix for another, minor vulnerability in __vsyslog_internal() (CVE-2022-39046, an “uninitialized memory [read] from the heap”).”

Hacking 142

Hacking Software Information Security 142

Security Affairs

MAY 15, 2024

The FIOD arrested the man in Amsterdam in August 2022, it is accused of concealing criminal financial flows and facilitating money laundering using Tornado Cash. Tornado Cash was also used to launder more than $96 million of malicious cyber actors’ funds derived from the June 24, 2022 Harmony Bridge Heist, and at least $7.8

Cryptocurrency 133

Cryptocurrency Hacking Cybercrime Information Security 133

Security Affairs

OCTOBER 12, 2024

Since April 2021, Russian state-sponsored hackers have exploited vulnerabilities, including Zimbra’s CVE-2022-27924 for injecting commands to access credentials and emails, and JetBrains TeamCity’s CVE-2023-42793 for arbitrary code execution through an authentication bypass.

Data collection 141

Data collection Authentication Government Hacking 141

Security Affairs

DECEMBER 6, 2023

CVE-2022-22071 was included in our May 2022 public bulletin. CVE-2022-22071 was included in our May 2022 public bulletin. Google Threat Analysis Group and Google Project Zero first reported that the CVE-2023-33106, CVE-2023-33107, CVE-2022-22071 and CVE-2023-33063 were actively exploited in targeted attacks.

Surveillance 141

Surveillance Hacking Cybersecurity Risk 141

Security Affairs

APRIL 9, 2024

BatCloak is a fully undetectable (FUD) malware obfuscation engine used by threat actors to stealthily deliver their malware since September 2022. After the repository containing the open-source tool was taken down in September 2022, it has since been cloned and modified by other threat actors.

Engineering 139

Engineering Malware Phishing Hacking 139

Security Affairs

SEPTEMBER 11, 2024

“Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.” ” reads the advisory published by the company. High) CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N Critical) CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Software 137

Software Authentication IoT Hacking 137

Security Affairs

JUNE 17, 2024

. “A 22-year-old British man has been arrested in Palma de Mallorca in a joint effort by Spanish police and the FBI on suspicion of being the ringleader of a hacking group which targeted 45 companies and people in the United States.” He is accused of stealing at least $800,000 from five victims between August 2022 and March 2023.

Cybercrime 136

Cybercrime Hacking Social Engineering Cryptocurrency 136

Security Affairs

MARCH 7, 2024

The figure marks a 22% surge in reported losses compared to 2022. In 2023, the FBI IC3 received a record number of complaints, totaling 880,418, which represents a nearly 10% increase in complaints received compared to 2022. billion in 2022 to $4.57 billion in 2023. billion in 2023 (+38%). billion in losses.

Cybercrime 143

Cybercrime Internet Internet Scams 143

Security Affairs

NOVEMBER 29, 2024

Russian authorities arrested ransomware affiliate Mikhail Matveev, aka Wazawaka, for developing malware and ties to hacking groups. On or about May 27, 2022, the man and his Hive coconspirators allegedly hit a nonprofit behavioral healthcare organization in New Jersey. The attacks hit law enforcement agencies in Washington, D.C.

Ransomware 126

Ransomware Healthcare Hacking Malware 126