Security Affairs

JANUARY 1, 2024

These are the Top 2023 Security Affairs cybersecurity stories … enjoy it. RESEARCHER DISCOVERED A NEW LOCK SCREEN BYPASS BUG FOR ANDROID 14 AND 13 Researchers discovered a lock screen bypass bug in Android 14 and 13 that could expose sensitive data in users’ Google accounts.

Cybersecurity 134

Cybersecurity Spyware Data breaches Passwords 134

Security Affairs

DECEMBER 5, 2023

Microsoft warns that the Russia-linked APT28 group is actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts. In March 2023, Microsoft published guidance for investigating attacks exploiting the patched Outlook vulnerability tracked as CVE-2023-23397.

Accountability 129

Accountability Government Phishing Authentication 129

Security Affairs

FEBRUARY 3, 2024

A vulnerability impacting the decentralized social network Mastodon can be exploited by threat actors to impersonate and take over any account. A security flaw, tracked as CVE-2024-23832 (CVSS score 9.4), in the decentralized social network Mastodon can be exploited to impersonate and take over any account.

Accountability 138

Accountability Media Hacking Information Security 138

Security Affairs

FEBRUARY 13, 2024

Maintainers behind the Ransomfeed platform have released Q3 Report 2023 including activities of 185 criminal groups operating worldwide. This report offers an exhaustive account of ransomware threats in the third quarter of 2023, spotlighting activities monitored by the OSINT Ransomfeed platform.

Ransomware 133

Ransomware Data collection Hacking Cybersecurity 133

Security Affairs

MAY 22, 2024

The digital imaging products manufacturer OmniVision disclosed a data breach after the 2023 ransomware attack. In 2023, OmniVision employed 2,200 people and had an annual revenue of $1.4 In 2023, the imaging sensors manufacturer was the victim of a Cactus ransomware attack. OmniVision Technologies Inc.

Data breaches 134

Data breaches Ransomware Manufacturing Encryption 134

Security Affairs

OCTOBER 4, 2023

Software giant Atlassian released emergency security updates to address a critical zero-day vulnerability, tracked as CVE-2023-22515 (CVSS score 10), in its Confluence Data Center and Server software. The flaw CVE-2023-22515 is a privilege escalation vulnerability that affects Confluence Data Center and Server 8.0.0 and later.

Software 142

Software Accountability Authentication Internet 142

Security Affairs

OCTOBER 31, 2023

Researchers publicly released the exploit code for the critical Cisco IOS XE vulnerability tracked as CVE-2023-20198. ai publicly released the exploit code for the critical Cisco IOS XE vulnerability tracked as CVE-2023-20198. The attacker can then use that account to gain control of the affected system.”

Internet 139

Internet Internet Software Accountability 139

Security Affairs

SEPTEMBER 27, 2023

Google assigned a maximum score to a critical security flaw, tracked as CVE-2023-5129, in the libwebp image library for rendering images in the WebP format. Google assigned a new CVE identifier for a critical vulnerability, tracked as CVE-2023-5129 (CVSS score 10,0), in the libwebp image library for rendering images in the WebP format.

Spyware 133

Spyware Surveillance Software Hacking 133

SecureList

MARCH 12, 2024

Profile of participants and applications We collected the data from a sample of the application security assessment projects our team completed in 2021–2023. Recommendations provided in these rankings are general in nature and based on information security best practices standards and guidelines, such as OWASP and NIST.

Passwords 119

Passwords Authentication Architecture Risk 119

Security Affairs

NOVEMBER 29, 2023

Cloud identity and access management solutions provider Okta revealed additional threat actor activity linked to the October 2023 breach. Okta provided additional details about the October 2023 breach and revealed additional threat actor malicious activities. On Thursday, October 19, Okta advised customers of a security incident.

Social Engineering 131

Social Engineering Authentication Engineering Accountability 131

Security Affairs

MAY 1, 2023

T-Mobile disclosed the second data breach of 2023, threat actors had access to the personal information of hundreds of customers since February. T-Mobile suffered the second data breach of 2023, threat actors had access to the personal information of hundreds of customers starting in late February 2023.

Data breaches 98

Data breaches Mobile Identity Theft Accountability 98

Security Affairs

APRIL 29, 2024

Google announced that in 2023, they have prevented 2.28 This amazing result was possible thanks to the introduction of enhanced security features, policy updates, and advanced machine learning and app review processes. These efforts resulted in the ban of 333,000 accounts for confirmed malware and repeated severe policy breaches.

Accountability 123

Accountability Malware Hacking Risk 123

Security Affairs

OCTOBER 20, 2023

More than 40,000 Cisco IOS XE devices have been compromised in attacks exploiting recently disclosed critical vulnerability CVE-2023-20198. Whatever you were thinking about CVE-2023-20198 ( #Cisco IOS EX) it's 100x worst. The attacker can then use that account to gain control of the affected system.”

Hacking 136

Hacking Internet Internet Accountability 136

Security Affairs

MARCH 29, 2023

OpenAI addressed multiple severe vulnerabilities in the popular chatbot ChatGPT that could have been exploited to take over accounts. OpenAI addressed multiple severe vulnerabilities in ChatGPT that could have allowed attackers to take over user accounts and view chat histories. Attack Flow: 1. Victims visit the legitimate link.

Accountability 98

Accountability Authentication Hacking Information Security 98

Security Affairs

JANUARY 4, 2024

An internet outage impacted Orange Spain after a hacker gained access to the company’s RIPE account to misconfigure BGP routing. The hacker, who uses the moniker ‘Snow’, gained access to the RIPE account of Orange Spain and misconfigured the BGP routing causing an internet outage. I have fixed your RIPE admin account security.

Internet 131

Internet Internet Accountability Passwords 131

Security Affairs

SEPTEMBER 18, 2023

Software development company Retool was the victim of a smishing attack that resulted in the compromise of 27 accounts of its cloud customers. Software development company Retool revealed that 27 accounts of its cloud customers were compromised as a result of an SMS-based social engineering attack.

Accountability 137

Accountability Social Engineering Authentication VPN 137

Security Affairs

JANUARY 11, 2024

The X account of cybersecurity firm Mandiant was likely hacked through a brute-force password attack, the company revealed. Last week, threat actors hacked the X account of cybersecurity firm Mandiant and used it to impersonate the Phantom crypto platform and share a cryptocurrency scam. and “Check bookmarks when you get account back.”

Accountability 136

Accountability Hacking Cryptocurrency Cybersecurity 136

Security Affairs

OCTOBER 17, 2023

Threat actors exploited the recently disclosed zero-day flaw (CVE-2023-20198) in a large-scale hacking campaign on Cisco IOS XE devices. Threat actors have exploited the recently disclosed critical zero-day vulnerability ( CVE-2023-20198 ) to compromise thousands of Cisco IOS XE devices, security firm VulnCheck warns.

Internet 132

Internet Internet Hacking Accountability 132

Security Affairs

MARCH 22, 2023

A tainted version of the legitimate ChatGPT extension for Chrome, designed to steal Facebook accounts, has thousands of downloads. Guardio ’s security team uncovered a new variant of a malicious Chat-GPT Chrome Extension that was already downloaded by thousands a day. Left: The “FakeGPT” Variant on Chrome Store.

Accountability 98

Accountability Encryption Hacking Cybercrime 98

Security Affairs

MARCH 26, 2023

Microsoft is warning of cyber attacks exploiting a recently patched Outlook vulnerability tracked as CVE-2023-23397 (CVSS score: 9.8). Microsoft published guidance for investigating attacks exploiting recently patched Outlook vulnerability tracked as CVE-2023-23397. ” concludes the guidance.

Authentication 98

Authentication Accountability Cyber Attacks Hacking 98

Security Affairs

JULY 3, 2023

Collective Anonymous Sudan has been active since January 2023, it claims to target any country that is against Sudan. However, some security researchers believe that Anonymous Sudan is a sub-group of the Pro-Russian threat group Killnet. However, Anonymous Sudan has announced to have stolen credentials for 30 million customer accounts.

Accountability 98

Accountability DDOS Data breaches Hacking 98

Security Affairs

APRIL 12, 2023

SAP April 2023 security updates include a total of 24 notes, 19 of which are new vulnerabilities. CVE-2023-28765 : An attacker with basic privileges in SAP BusinessObjects Business Intelligence Platform (Promotion Management) – versions 420, 430, can exploit the issue to access to lcmbiar file and further decrypt the file.

Education 98

Education Media Authentication Passwords 98

Security Affairs

MAY 25, 2024

The MITRE Corporation revealed that threat actors behind the December 2023 attacks created rogue virtual machines (VMs) within its environment. The MITRE Corporation has provided a new update about the December 2023 attack. In April 2024, MITRE disclosed a security breach in one of its research and prototyping networks.

Risk 128

Risk Accountability Cyber threats Hacking 128

SecureList

MAY 11, 2023

Although early 2023 saw a slight decline in the number of ransomware attacks, they were more sophisticated and better targeted. Conti was the most notorious of these and enjoyed the most attention since their archives were leaked online and analyzed by many security researchers. In 2022, Kaspersky solutions detected over 74.2M

Ransomware 132

Ransomware Malware Architecture Telecommunications 132

Security Affairs

APRIL 25, 2023

VMware released security updates to address two zero-day vulnerabilities ( CVE-2023-20869, CVE-2023-20870 ) that were chained by the STAR Labs team during the Pwn2Own Vancouver 2023 hacking contest against Workstation and Fusion software hypervisors. They earned $80,000 and 8 Master of Pwn points.

Hacking 98

Hacking Education Software Media 98

Security Affairs

APRIL 14, 2023

Google released an emergency security update to address the first Chrome zero-day vulnerability (CVE-2023-2033) in 2023, the company is aware of attacks in the wild exploiting the issue. The vulnerability was reported by Clément Lecigne of Google’s Threat Analysis Group on 2023-04-11. “Type Confusion in V8.

Education 98

Education Media Engineering Hacking 98

Security Affairs

APRIL 19, 2023

Google rolled out emergency fixes to address another actively exploited high-severity zero-day flaw, tracked as CVE-2023-2136 , in its Chrome web browser. The vulnerability is an Integer overflow in the Skia graphics library, the issue was reported by Clément Lecigne of Google’s Threat Analysis Group on April 12, 2023.

Education 98

Education Media Engineering Hacking 98

Security Affairs

MAY 1, 2023

The IT giant also announced it has banned 173k developer accounts and prevented over $2 billion in fraudulent and abusive transactions. ” The company explained that in 2022, the App Security Improvements program helped developers to address approximately 500K security weaknesses affecting approximately 300K apps. .

Accountability 98

Accountability Education Media Hacking 98

Security Affairs

JANUARY 11, 2023

Microsoft Patch Tuesday security updates for January 2023 fixed 97 flaws and an actively exploited zero-day. One of the flaws addressed this month, tracked as CVE-2023-21674 (CVSS score 8.8), is listed as being in the wild at the time of release. Another issue fixed by Microsoft is the CVE-2023-21549 (CVSS Score 8.8)

Internet 98

Internet Internet Backups Hacking 98

Security Affairs

MAY 30, 2023

The adoption of 2FA aims at protecting maintainers’ account takeover as explained in the official announcement. ” reads the announcement. “Between now and the end of the year, PyPI will begin gating access to certain site functionality based on 2FA usage. .

Authentication 98

Authentication Accountability Hacking Malware 98

SecureList

JANUARY 18, 2023

Last year, the cybersecurity of corporations and government agencies was more significant than ever before, and will become even more so in 2023. The trend for personal data leaks grew rapidly in 2022 and will continue into 2023. More personal data leaks; corporate email at risk. The number of fake reports grows along with that.

Media 120

Media Social Engineering Ransomware Hacking 120

Security Affairs

AUGUST 1, 2023

Researchers spotted a Python variant of the NodeStealer that was designed to take over Facebook business accounts and cryptocurrency wallets. The malicious code was designed to take over Facebook business accounts and steal funds from cryptocurrency wallets. ” reads the analysis published by Palo Alto Networks.

Accountability 98

Accountability Cryptocurrency Malware Phishing 98

Approachable Cyber Threats

DECEMBER 6, 2023

The 2023 update to our research on the perception of cybersecurity incident and data breach causes that’s helped organizations re-evaluate how they are at risk of a cybersecurity incident or data breach instead of what feels right. 2023 Data Breach Investigations Report. Keep reading below! Or download now!

Cybersecurity 102

Cybersecurity Social Engineering Data breaches Engineering 102

Security Affairs

MAY 15, 2023

DRM Dashboard Ransomware Monitor released the first quarterly report for the year 2023 about the activities of ransomware groups globally. DRM Dashboard Ransomware Monitor, an independent platform of cybersecurity monitoring, is pleased to release the quarterly the DRM-Report for the first quarter of 2023.

Ransomware 98

Ransomware Cybercrime Cybersecurity Hacking 98

Security Affairs

MARCH 2, 2023

The popular data breach notification service HaveIBeenPwned reported that the hack took place in December and impacted 565k user accounts, it also added that 83% of the records were already in HIBP database. The breach likely exposed personal customer information like names, addresses, and email addresses. New breach: GunAuction[.]com

Accountability 98

Accountability Hacking Data breaches Passwords 98

Security Affairs

APRIL 3, 2023

31, 2023 – Wiz Research reported the Bing issue to MSRC Jan. 31, 2023 – MSRC issues initial fix to Bing app Feb. 25, 2023 – Wiz Research reported the other vulnerable applications to MSRC Feb. 27, 2023 – MSRC starts issuing fixes for said applications Mar. 28, 2023 – MSRC awards Wiz Research with $40,000 bug bounty Mar.

Accountability 98

Accountability Education Media Authentication 98

Security Affairs

JUNE 21, 2024

French information security agency ANSSI reported that Russia-linked threat actor Nobelium is behind a series of cyber attacks that targeted French diplomatic entities. The French information security agency ANSSI reported that Russia-linked APT Nobelium targeted French diplomatic entities. ” continues the report.

Phishing 133

Phishing Accountability Information Security Cyber Attacks 133