Security Affairs

NOVEMBER 7, 2024

Google as usual did not share details about the attacks exploiting the above vulnerability, however, it added that another issue, tracked as CVE-2024-43047, is actively exploited in the wild. CVE-2024-43093 CVE-2024-43047″ reads the security bulletin published by Google. Versions up to 2.3.6 and unpatched 2.3.7

Firewall 123

Firewall Authentication Accountability Risk 123

Security Affairs

OCTOBER 23, 2024

For instance, organizations can leverage DSPM to detect and catalog personally identifiable information (PII) spread across the organization’s data stores, SaaS services, or multi-cloud accounts. DSPM also provides visibility of security and privacy posture, alerting potential gaps.

Data privacy 123

Data privacy Unstructured Data Risk Data breaches 123

Security Affairs

DECEMBER 7, 2024

The 8Base ransomware group attacked Croatia’s Port of Rijeka, stealing sensitive data, including contracts and accounting info. A cyber attack hit the Port of Rijeka in Croatia, the 8Base ransomware group claimed responsibility for the security breach. The Port of Rijeka (Luka Rijeka d.d.),

Ransomware 122

Ransomware Hacking Accountability Cyber Attacks 122

Krebs on Security

DECEMBER 19, 2024

The makers of Acunetix, Texas-based application security vendor Invicti Security , confirmed Silent Push’s findings, saying someone had figured out how to crack the free trial version of the software so that it runs without a valid license key. ” Orn advertising Araneida Scanner in Feb. 2023 on the forum Cracked.

Hacking 234

Hacking Cybercrime Advertising Data breaches 234

Security Affairs

DECEMBER 4, 2024

Veeam released security updates for a critical vulnerability, tracked as CVE-2024-42448 (CVSS score of 9.9) Veeam also addressed a vulnerability, tracked as CVE-2024-42449 (CVSS score 7.1) that could be exploited to leak an NTLM hash of the VSPC server service account and delete files on the VSPC server machine.

Backups 111

Backups Ransomware Accountability Hacking 111

Security Affairs

OCTOBER 14, 2024

-based financial services company Fidelity Investments is notifying 77,099 individuals that their personal information was compromised in an August cyberattack. The data breach occurred on August 17, 2024 and was discovered two days later, on August 19, 2024.

Data breaches 131

Data breaches Financial Services Accountability Hacking 131

Security Affairs

OCTOBER 17, 2024

A critical, Kubernetes Image Builder vulnerability, tracked as CVE-2024-9486 (CVSS score: 9.8), could allow attackers to gain root access if exploited under specific conditions. “A security issue was discovered in the Kubernetes Image Builder where default credentials are enabled during the image build process.

Accountability 132

Accountability Passwords Hacking Cybersecurity 132

Security Affairs

OCTOBER 22, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds ScienceLogic SL1 flaw to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added the ScienceLogic SL1 flaw CVE-2024-9537 (CVSS v4 score: 9.3) to its Known Exploited Vulnerabilities (KEV) catalog.

Encryption 121

Encryption Hacking Accountability Cybersecurity 121

Security Affairs

APRIL 15, 2025

Hertz Corporation disclosed a data breach after customer data was stolen via Cleo zero-day exploits in late 2024, affecting Hertz, Thrifty, and Dollar brands. Threat actors gained access to customer data via Cleo zero-day exploits in late 2024. In December 2024, the U.S.

Data breaches 63

Data breaches Ransomware Software Hacking 63

Security Affairs

FEBRUARY 3, 2025

The February 2025 Android security updates addressed 48 vulnerabilities, including a kernel zero-day flaw exploited in the wild. The February 2025 Android security updates addressed 48 vulnerabilities, including a zero-day flaw, tracked as CVE-2024-53104 , which is actively exploited in attacks in the wild.

Media 113

Media Authentication Hacking Accountability 113

Security Affairs

NOVEMBER 29, 2024

Rockstar 2FA targets Microsoft 365 accounts and bypasses multi-factor authentication with adversary-in-the-middle (AitM) attacks. The experts observed a phishing campaign targeting Microsoft 365 users with adversary-in-the-middle attacks that has surged since August 2024. ” concludes the report.

Phishing 111

Phishing Accountability Authentication Advertising 111

Security Affairs

NOVEMBER 4, 2024

for phishing scams that stole millions by hacking email accounts. A Nigerian national was sentenced to 26 years in prison in the US for stealing millions by compromising the email accounts of real estate businesses. for phishing scams that resulted in the compromise of millions of email accounts. million in restitution.

Scams 122

Scams Phishing Identity Theft Accountability 122

Security Affairs

JANUARY 25, 2025

Subaru Starlink flaw exposed vehicles and customer accounts in the US, Canada, and Japan to remote attacks. The experts explained that they exploited the flaw to gain unrestricted targeted access to all vehicles and customer accounts in the above countries. ” wrote Curry. ” added Curry. I sent the unlock command.

Hacking 123

Hacking Accountability Passwords Authentication 123

Security Affairs

DECEMBER 8, 2024

Anna Jaques Hospital completed the forensic investigation on November 5, 2024 and determined that the incident impacted 316,342 patients. While we conducted our investigation, out of anbundance of caution, on Janurary 24, 2024, Anna Jaques posted a notice on ther website.”

Data breaches 115

Data breaches Insurance Healthcare Ransomware 115

Security Affairs

FEBRUARY 29, 2024

A critical vulnerability in Facebook could have allowed threat actors to hijack any Facebook account, researcher warns. Meta addressed a critical Facebook vulnerability that could have allowed attackers to take control of any account. Use this code to log in/reset the FB account password for the user account.”

Accountability 145

Accountability Passwords Hacking Information Security 145

Security Affairs

NOVEMBER 3, 2024

Quad7 botnet, also known as CovertNetwork-1658 or xlogin, was first spotted in the summer of 2023 by security researcher Gi7w0rm. In September 2024, the Sekoia TDR team reported it had identified additional implants associated with the Quad7 botnet operation.

Passwords 131

Passwords Wireless VPN Accountability 131

Security Affairs

JANUARY 14, 2025

Threat actors gained unauthorized access to network devices, created accounts, and modified configurations. The campaign likely began in November 2024, the campaign unfolded in four phases: vulnerability scanning (Nov 1623, 2024), reconnaissance (Nov 2227), SSL VPN setup (Dec 47), and lateral movement (Dec 1627).

Firewall 80

Firewall VPN Accountability Firmware 80

Security Affairs

DECEMBER 25, 2024

dollars from the Japan-based cryptocurrency company DMM by North Korean cyber actors in May 2024.” dollars from the Japan-based cryptocurrency company DMM by North Korean cyber actors in May 2024.” ” reads the press release published by FBI. ” reads the press release published by FBI. BTC ($308M).

Cryptocurrency 120

Cryptocurrency Social Engineering Hacking Cybercrime 120

Security Affairs

APRIL 11, 2025

Laboratory Services Cooperative discloses a data breach from October 2024 that exposed personal and medical info of 1.6 Laboratory Services Cooperative disclosed a data breach that impacted the personal and medical information of 1.6 The incident took place in October 2024, LSC is notifying impacted individuals. million people.

Data breaches 95

Data breaches Insurance Banking Accountability 95

Security Affairs

JANUARY 11, 2025

The security breach exposed customer data and IDs between October 10 and November 10, 2024. After discovering the security breach, the company investigated the incident and notified law enforcement. We have determined that certain of our customers personal information and documents was acquired by the threat actors.”

Data breaches 110

Data breaches Retail Cybercrime Government 110

Security Affairs

NOVEMBER 8, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added a Palo Alto Expedition Missing Authentication Vulnerability, tracked as CVE-2024-5910 , to its Known Exploited Vulnerabilities (KEV) catalog. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, RCE)

Firewall 115

Firewall Authentication Internet Internet 115

Security Affairs

MARCH 19, 2025

CCB discovered unauthorized activity on its IT systems on April 21, 2024, and promptly isolated the affected systems. An investigation revealed that an unauthorized party accessed or acquired files between April 20 and April 22, 2024. At this time, it is unclear if the exposed information includes any donor data.

Data breaches 107

Data breaches Banking Insurance Hacking 107

Security Affairs

JANUARY 4, 2024

The X account of cybersecurity giant Mandiant was hacked, attackers used it to impersonate the Phantom crypto wallet and push a cryptocurrency scam. Crooks hacked the X account of cybersecurity firm Mandiant and used it to impersonate the Phantom crypto platform and share a cryptocurrency scam. “Sorry, change password please.”

Cryptocurrency 131

Cryptocurrency Scams Accountability Hacking 131

Security Affairs

JUNE 20, 2024

A researcher discovered a flaw that allows attackers to impersonate Microsoft corporate email accounts and launch phishing attacks. The security researcher Vsevolod Kokorin (@Slonser) discovered a bug that allows anyone to impersonate Microsoft corporate email accounts. Then Kokorin disclosed the flaw on X.

Accountability 145

Accountability Phishing Hacking Information Security 145

Security Affairs

OCTOBER 28, 2024

. “Free was “the victim of a cyberattack targeting a management tool” leading to “unauthorized access to some of the personal data associated with the accounts of certain subscribers ,” the second largest telephone operator in France confirmed to Agence France-Presse (AFP) on Saturday, October 26.

Cyber Attacks 123

Cyber Attacks Telecommunications Data breaches Banking 123

Security Affairs

JANUARY 24, 2024

Thousands of GitLab servers are vulnerable to zero-click account takeover attacks exploiting the flaw CVE-2023-7028. GitLab has recently released security updates to address two critical vulnerabilities impacting both the Community and Enterprise Edition. The flaw can be exploited to hijack an account without any interaction.

Accountability 142

Accountability Passwords Internet Internet 142

Security Affairs

APRIL 27, 2024

Threat actors accessed more than 19,000 online accounts on a California state platform for welfare programs. Threat actors breached over 19,000 online accounts on a California state platform dedicated to welfare programs. Your account may have been one of those accessed.” ” continues the notification.

Accountability 138

Accountability Passwords Data breaches Hacking 138

Security Affairs

MAY 24, 2024

GitLab addressed a high-severity cross-site scripting (XSS) vulnerability that allows unauthenticated attackers to take over user accounts. GitLab fixed a high-severity XSS vulnerability, tracked as CVE-2024-4835 , that allows attackers to take over user accounts.

Accountability 138

Accountability Passwords Hacking Cybersecurity 138

Security Affairs

FEBRUARY 3, 2024

A vulnerability impacting the decentralized social network Mastodon can be exploited by threat actors to impersonate and take over any account. A security flaw, tracked as CVE-2024-23832 (CVSS score 9.4), in the decentralized social network Mastodon can be exploited to impersonate and take over any account.

Accountability 136

Accountability Media Hacking Information Security 136

Security Affairs

DECEMBER 2, 2024

Operation HAECHI V (July-Nov 2024) targeted cyber frauds like phishing, romance scams, sextortion, investment fraud, online gambling, BEC, and e-commerce fraud. million to a fake account in Timor Leste, where authorities intercepted USD 39.3 Korean and Chinese authorities dismantled a voice phishing syndicate that caused $1.1B

Cryptocurrency 125

Cryptocurrency Phishing Scams Cybercrime 125

Security Affairs

MARCH 18, 2024

Threat actors compromised at least 11 International Monetary Fund (IMF) email accounts earlier this year, the organization revealed. The International Monetary Fund (IMF) disclosed a security breach, threat actors compromsed 11 email accounts earlier this year. The impacted email accounts were re-secured.

Accountability 136

Accountability Hacking Cybersecurity Data breaches 136

Security Affairs

OCTOBER 11, 2024

Sophos researchers warn that ransomware operators are exploiting the critical vulnerability CVE-2024-40711 in Veeam Backup & Replication to create rogue accounts and deploy malware. Sophos reports ransomware operators are exploiting a critical code execution flaw in Veeam Backup & Replication.

Backups 128

Backups Ransomware VPN Authentication 128

Security Affairs

FEBRUARY 2, 2025

WhatsApp linked the hacking campaign to Paragon, an Israeli commercial surveillance vendor acquired by AE Industrial Partners for $900 million in December 2024. This is the latest example of why spyware companies must be held accountable for their unlawful actions. In 2024, its U.S. subsidiary signed a contract with the U.S.

Spyware 107

Spyware Hacking Surveillance Malware 107

Webroot

MARCH 3, 2025

During this time, many government agencies and consumer protection organizations come together to help educate consumers on how to keep their personal and financial information secure. The growing risks to your data During the third quarter of 2024, data breaches exposed more than 422 million records worldwide.

Consumer Protection 97

Consumer Protection Identity Theft Scams Social Engineering 97

SecureWorld News

NOVEMBER 14, 2024

Ransomware attacks on healthcare organizations have sharply increased in 2024, as shown by recent research from Safety Detectives. Escalating Frequency and Impact: Healthcare services have become one of the most targeted industries, moving from the fifth most attacked sector in 2023 to third in 2024. Louis, Missouri.

Healthcare 121

Healthcare Ransomware Identity Theft Data breaches 121

Security Affairs

JULY 29, 2024

Microsoft warns that ransomware gangs are exploiting the recently patched CVE-2024-37085 flaw in VMware ESXi flaw. Microsoft researchers warned that multiple ransomware gangs are exploiting the recently patched vulnerability CVE-2024-37085 (CVSS score of 6.8) in VMware ESXi flaw. ” warned Microsoft. .

Ransomware 134

Ransomware Engineering Encryption Authentication 134

Security Affairs

MARCH 30, 2025

Sam’s Club reported $86 billion in net sales for fiscal year 2024, with a revenue growth of 2.2% This represents a significant portion of Walmart’s overall earnings, as Sam’s Club accounts for about 13% of Walmart’s consolidated net sales. compared to the previous year. reads the advisory.

Ransomware 114

Ransomware Data breaches Software Hacking 114