Security Affairs

JUNE 20, 2024

A researcher discovered a flaw that allows attackers to impersonate Microsoft corporate email accounts and launch phishing attacks. The security researcher Vsevolod Kokorin (@Slonser) discovered a bug that allows anyone to impersonate Microsoft corporate email accounts. Then Kokorin disclosed the flaw on X.

Accountability 145

Accountability Phishing Hacking Information Security 145

Security Affairs

OCTOBER 29, 2024

Fog and Akira ransomware operators are exploiting SonicWall VPN flaw CVE-2024-40766 to breach enterprise networks. Fog and Akira ransomware operators are exploiting the critical SonicWall VPN vulnerability CVE-2024-40766 (CVSS v3 score: 9.3) to breach corporate networks via SSL VPN access. reads the SonicWall’s advisory.

VPN 128

VPN Ransomware Firewall Internet 128

Security Affairs

MAY 24, 2024

GitLab addressed a high-severity cross-site scripting (XSS) vulnerability that allows unauthenticated attackers to take over user accounts. GitLab fixed a high-severity XSS vulnerability, tracked as CVE-2024-4835 , that allows attackers to take over user accounts.

Accountability 139

Accountability Passwords Hacking Cybersecurity 139

Security Affairs

OCTOBER 11, 2024

Sophos researchers warn that ransomware operators are exploiting the critical vulnerability CVE-2024-40711 in Veeam Backup & Replication to create rogue accounts and deploy malware. Sophos reports ransomware operators are exploiting a critical code execution flaw in Veeam Backup & Replication.

Backups 130

Backups Ransomware VPN Authentication 130

Security Affairs

JANUARY 11, 2024

The X account of cybersecurity firm Mandiant was likely hacked through a brute-force password attack, the company revealed. Last week, threat actors hacked the X account of cybersecurity firm Mandiant and used it to impersonate the Phantom crypto platform and share a cryptocurrency scam. and “Check bookmarks when you get account back.”

Accountability 136

Accountability Hacking Cryptocurrency Cybersecurity 136

Security Affairs

JULY 29, 2024

Microsoft warns that ransomware gangs are exploiting the recently patched CVE-2024-37085 flaw in VMware ESXi flaw. Microsoft researchers warned that multiple ransomware gangs are exploiting the recently patched vulnerability CVE-2024-37085 (CVSS score of 6.8) in VMware ESXi flaw. ” warned Microsoft. .

Ransomware 135

Ransomware Engineering Encryption Authentication 135

Security Affairs

SEPTEMBER 7, 2024

A critical flaw in the LiteSpeed Cache plugin for WordPress could allow unauthenticated users to take control of arbitrary accounts. The LiteSpeed Cache plugin is a popular caching plugin for WordPress that accounts for over 5 million active installations. An attacker can exploit this vulnerability to upload malicious plugins.

Accountability 133

Accountability Authentication Hacking Information Security 133

Security Affairs

JANUARY 4, 2024

An internet outage impacted Orange Spain after a hacker gained access to the company’s RIPE account to misconfigure BGP routing. The hacker, who uses the moniker ‘Snow’, gained access to the RIPE account of Orange Spain and misconfigured the BGP routing causing an internet outage. I have fixed your RIPE admin account security.

Internet 131

Internet Internet Accountability Passwords 131

Security Affairs

JULY 25, 2024

Progress Software addressed a critical remote code execution vulnerability, tracked as CVE-2024-6327, in the Telerik Report Server. It provides tools for report design, scheduling, and secure delivery, allowing organizations to centralize their reporting processes. ” reads the report published by the company.

Software 122

Software Authentication Hacking Accountability 122

Security Affairs

JULY 1, 2024

Experts spotted threat actors exploiting the critical vulnerability CVE-2024-0769 affects all D-Link DIR-859 WiFi routers. Researchers from cybersecurity firm GreyNoise have spotted exploitation attempts for the critical vulnerability CVE-2024-0769 (CVSS score 9.8) impacting all D-Link DIR-859 WiFi routers.

Passwords 133

Passwords Accountability Authentication Internet 133

Security Affairs

JULY 31, 2024

BingoMod is a new Android malware that can wipe devices after stealing money from the victims’ bank accounts. Researchers at Cleafy discovered a new Android malware, called ‘BingoMod,’ that can wipe devices after successfully stealing money from the victims’ bank accounts.

Banking 141

Banking Accountability Malware Mobile 141

Security Affairs

FEBRUARY 8, 2024

26 key cyber security stats for 2024 that every user should know, from rising cyber crime rates to the impact of AI technolog y. Market Growth: AI cyber security technology is projected to grow by 23.6% every year until 2027, pointing to rapid progress and investment in AI-based security. million per incident.

Social Engineering 141

Social Engineering Cyber Attacks Cyber Insurance IoT 141

Security Affairs

JANUARY 10, 2024

Threat actors hacked the X account of the US Securities and Exchange Commission (SEC) and used it to publish the fake news on the Bitcoin ETF approval. Hackers hijacked the X account of the US Securities and Exchange Commission (SEC) and used it to publish fake news on the Bitcoin ETF approval. ” Gensler wrote.

Accountability 128

Accountability Hacking Cryptocurrency Surveillance 128

Security Affairs

JANUARY 24, 2024

Researchers with cybersecurity firm Horizon3’s Attack Team published technical details of the recently disclosed vulnerability CVE-2024-0204 impacting Fortra GoAnywhere MFT. The security experts also published a proof-of-concept (PoC) exploit that allows the creation of new admin users on vulnerable instances exposed online.

Authentication 134

Authentication Hacking Engineering Encryption 134

Security Boulevard

JANUARY 18, 2024

So, let’s explore what 2024 and beyond has in store for all of us in the digital world. This demand leads to the development of cybersecurity predictions which must take into account underlying drivers of the attackers, defenders, and technology where the battles will play out. 2024 Cybersecurity Predictions 1. In 2024: 1.

Risk 115

Risk Cybersecurity CISO Technology 115

Security Affairs

DECEMBER 7, 2024

The 8Base ransomware group attacked Croatia’s Port of Rijeka, stealing sensitive data, including contracts and accounting info. A cyber attack hit the Port of Rijeka in Croatia, the 8Base ransomware group claimed responsibility for the security breach. The Port of Rijeka (Luka Rijeka d.d.),

Ransomware 123

Ransomware Hacking Accountability Cyber Attacks 123

Security Affairs

AUGUST 28, 2024

Cisco Talos observed the BlackByte ransomware group exploiting the recently patched security flaw CVE-2024-37085 in VMware ESXi hypervisors in recent attacks. The flaw CVE-2024-37085 (CVSS score of 6.8) BlackByte ransomware operators are exploiting a recently patched VMware ESXi hypervisors vulnerability in recent attacks.

Ransomware 126

Ransomware Authentication Encryption VPN 126

Security Affairs

NOVEMBER 9, 2024

A critical flaw, tracked as CVE-2024-40711, in Veeam Backup & Replication (VBR) was also recently exploited to deploy Frag ransomware. In mid-October, Sophos researchers warned that ransomware operators are exploiting the critical vulnerability CVE-2024-40711 in Veeam Backup & Replication to create rogue accounts and deploy malware.

Backups 132

Backups Ransomware VPN Accountability 132

Security Affairs

OCTOBER 19, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added the Veeam Backup and Replication flaw CVE-2024-40711 (CVSS score of 9.8) This week, Sophos researchers warned that ransomware operators are exploiting the critical vulnerability CVE-2024-40711 in Veeam Backup & Replication to create rogue accounts and deploy malware.

Backups 130

Backups VPN Ransomware Authentication 130

Security Affairs

NOVEMBER 4, 2024

The July 2024 ransomware attack that hit the City of Columbus, Ohio, exposed the personal and financial data of 500,000 individuals. On July 18, 2024, the City of Columbus, Ohio, suffered a cyber attack that impacted the City’s services.

Ransomware 114

Ransomware Identity Theft Data breaches Cyber threats 114

Security Affairs

MAY 21, 2024

The most severe vulnerability is a flaw tracked as CVE-2024-27130. The WatchTowr Labs researchers also published technical details of the flaw CVE-2024-27130 and a proof of concept (PoC) exploit code. The WatchTowr Labs researchers also published technical details of the flaw CVE-2024-27130 and a proof of concept (PoC) exploit code.

Authentication 134

Authentication Accountability Social Engineering Engineering 134

Security Affairs

NOVEMBER 7, 2024

Google as usual did not share details about the attacks exploiting the above vulnerability, however, it added that another issue, tracked as CVE-2024-43047, is actively exploited in the wild. CVE-2024-43093 CVE-2024-43047″ reads the security bulletin published by Google. Versions up to 2.3.6 and unpatched 2.3.7

Firewall 125

Firewall Authentication Accountability Risk 125

eSecurity Planet

SEPTEMBER 21, 2024

Each of these regulations addresses different aspects of cybersecurity and data protection, making it essential for businesses and organizations to stay informed and proactive. The act also requires institutions to allow customers to opt out of having their information shared with non-affiliated third parties.

Cybersecurity 114

Cybersecurity Computers and Electronics Cyber threats Healthcare 114

Krebs on Security

MAY 22, 2023

Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms. Chaput said that at one point last week the volume of bot accounts being registered for the crypto spam campaign started overwhelming the servers that handle new signups at Mastodon.social.

Scams 283

Scams DDOS Cryptocurrency Accountability 283

Krebs on Security

APRIL 20, 2023

In many cases, the phony profiles spoofed chief information security officers at major corporations , and some attracted quite a few connections before their accounts were terminated. We learned some remarkable new details this week about the recent supply-chain attack on VoIP software provider 3CX. Microsoft Corp.

Malware 321

Malware Software Technology Accountability 321

Security Affairs

OCTOBER 23, 2024

For instance, organizations can leverage DSPM to detect and catalog personally identifiable information (PII) spread across the organization’s data stores, SaaS services, or multi-cloud accounts. DSPM also provides visibility of security and privacy posture, alerting potential gaps.

Data privacy 125

Data privacy Unstructured Data Risk Data breaches 125

Security Affairs

AUGUST 7, 2024

Researchers warn of flaws in the Roundcube webmail software that could be exploited to steal sensitive information from target accounts. The experts discovered two XSS vulnerabilities tracked as CVE-2024-42009 and CVE-2024-42008 , which have critical and high ratings respectively. and below, and version 1.5.7

Passwords 144

Passwords Government Accountability Software 144

Security Affairs

APRIL 28, 2024

From March 18, 2024, to April 16, 2024, Duo Security and Cisco Talos observed large-scale brute-force attacks against a variety of targets, including VPN services, web application authentication interfaces and SSH services. ” reads the advisory published by Okta. ” continues the advisory.

VPN 139

VPN Accountability Firewall Data breaches 139

Security Affairs

MAY 9, 2024

Two high-severity vulnerabilities in BIG-IP Next Central Manager can be exploited to gain admin control and create hidden accounts on any managed assets. F5 has addressed two high-severity vulnerabilities, respectively tracked as CVE-2024-26026 and CVE-2024-21793 , in BIG-IP Next Central Manager that can lead to device takeover.

Accountability 135

Accountability Hacking Cybersecurity Information Security 135

Security Affairs

MAY 22, 2024

A critical security vulnerability in Veeam Backup Enterprise Manager could allow threat actors to bypass authentication. A critical vulnerability, tracked as CVE-2024-29849 (CVSS score: 9.8), in Veeam Backup Enterprise Manager could allow attackers to bypass authentication.

Backups 130

Backups Authentication Accountability Software 130

Security Affairs

JUNE 21, 2024

French information security agency ANSSI reported that Russia-linked threat actor Nobelium is behind a series of cyber attacks that targeted French diplomatic entities. The French information security agency ANSSI reported that Russia-linked APT Nobelium targeted French diplomatic entities. ” continues the report.

Phishing 133

Phishing Accountability Information Security Cyber Attacks 133

Security Affairs

JUNE 19, 2024

Kraken Security Update: On June 9 2024, we received a Bug Bounty program alert from a security researcher. — Nick Percoco (@c7five) June 19, 2024 Percoco revealed that a security researcher reported an “extremely critical” bug to the exchange on June 9.

Cryptocurrency 132

Cryptocurrency Accountability Hacking Marketing 132

Security Affairs

DECEMBER 4, 2024

Veeam released security updates for a critical vulnerability, tracked as CVE-2024-42448 (CVSS score of 9.9) Veeam also addressed a vulnerability, tracked as CVE-2024-42449 (CVSS score 7.1) that could be exploited to leak an NTLM hash of the VSPC server service account and delete files on the VSPC server machine.

Backups 113

Backups Ransomware Accountability Hacking 113

Security Affairs

JULY 12, 2024

Palo Alto Networks released security updates to address five security flaws impacting its products, the most severe issue, tracked as CVE-2024-5910 (CVSS score: 9.3), is a missing authentication for a critical function in Palo Alto Networks Expedition that can lead to an admin account takeover. ” reads the advisory.

Authentication 131

Authentication Firewall Accountability Hacking 131

Krebs on Security

DECEMBER 19, 2024

The makers of Acunetix, Texas-based application security vendor Invicti Security , confirmed Silent Push’s findings, saying someone had figured out how to crack the free trial version of the software so that it runs without a valid license key. ” Orn advertising Araneida Scanner in Feb. 2023 on the forum Cracked.

Hacking 204

Hacking Cybercrime Advertising Data breaches 204

Security Affairs

OCTOBER 17, 2024

A critical, Kubernetes Image Builder vulnerability, tracked as CVE-2024-9486 (CVSS score: 9.8), could allow attackers to gain root access if exploited under specific conditions. “A security issue was discovered in the Kubernetes Image Builder where default credentials are enabled during the image build process.

Accountability 133

Accountability Passwords Hacking Cybersecurity 133

Security Affairs

OCTOBER 14, 2024

-based financial services company Fidelity Investments is notifying 77,099 individuals that their personal information was compromised in an August cyberattack. The data breach occurred on August 17, 2024 and was discovered two days later, on August 19, 2024.

Data breaches 133

Data breaches Financial Services Accountability Hacking 133