Security Affairs

OCTOBER 31, 2024

QNAP addressed the second zero-day vulnerability demonstrated by security researchers during the recent Pwn2Own Ireland 2024. Taiwanese manufacturer QNAP patched the second zero-day vulnerability, tracked as CVE-2024-50387 , which was exploited by security researchers during the recent Pwn2Own Ireland 2024.

Backups 118

Backups Manufacturing Hacking Information Security 118

Security Affairs

SEPTEMBER 16, 2024

Microsoft warns that a recently patched Windows flaw, tracked as CVE-2024-43461, was actively exploited as a zero-day before July 2024. Microsoft warns that attackers actively exploited the Windows vulnerability CVE-2024-43461 as a zero-day before July 2024. MSHTML is a platform used by Internet Explorer. “Yes.

Internet 136

Internet Internet Malware Passwords 136

Security Affairs

OCTOBER 3, 2024

Over 4,000 unpatched Adobe Commerce and Magento stores have been compromised by exploiting critical vulnerability CVE-2024-34102. Adobe warned that it is aware that CVE-2024-34102 has been exploited in the wild in limited attacks targeting Adobe Commerce merchants. Merchants are urged to implement countermeasures immediately.

Hacking 136

Hacking Passwords Cybersecurity Cybercrime 136

Security Affairs

OCTOBER 24, 2024

On the second day of Pwn2Own Ireland 2024, researchers demonstrated an exploit for the Samsung Galaxy S24. On day two of Pwn2Own Ireland 2024 , hackers demonstrated attacks against 51 zero-day vulnerabilities, earning a total of $358,625, prizes that we have sum to the $516,250 earned by participants on the first day of the event.

Hacking 127

Hacking Information Security 127

Security Affairs

NOVEMBER 9, 2024

Below are the vulnerabilities reported by ZDI: CVE-2024-8355 : SQL injection in DeviceManager, enabling database manipulation or code execution via spoofed Apple device connections. CVE-2024-8358 : Command injection in UPDATES_ExtractFile , enabling command execution via file paths during updates. ” concludes the report.

Hacking 128

Hacking Firmware Software Manufacturing 128

Security Affairs

AUGUST 1, 2024

Shadowserver researchers reported that over 20,000 internet-exposed VMware ESXi instances are affected by the actively exploited flaw CVE-2024-37085. Researchers at the Shadowserver Foundation reported that approximately 20,000 VMware ESXi servers exposed online appear impacted by the exploited vulnerability CVE-2024-37085.

Internet 141

Internet Internet Ransomware Authentication 141

Security Affairs

JUNE 24, 2024

” The Lockbit ransomware group added the Federal Reserve to the list of victims on its Tor data leak site and threatened to leak the stolen data on 25 June, 2024 20:27:10 UTC. said Bryan Vorndran, the Assistant Director at the FBI Cyber Division, during the 2024 Boston Conference on Cyber Security. “We

Hacking 145

Hacking Banking Ransomware Encryption 145

Security Affairs

AUGUST 14, 2024

Microsoft’s August 2024 Patch Tuesday addressed 90 vulnerabilities, including six that are actively exploited. No Yes RCE CVE-2024-38178 Scripting Engine Memory Corruption Vulnerability Important 7.5 No Yes RCE CVE-2024-38193 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Important 7.8

Engineering 140

Engineering Hacking Information Security 140

Security Affairs

SEPTEMBER 18, 2024

Broadcom released security updates to address a critical vulnerability, tracked as CVE-2024-38812 (CVSS score: 9.8), in VMware vCenter Server that could lead to remote code execution. The company also addressed a privilege escalation vulnerability, tracked as CVE-2024-38813, in vCenter Server. ” reads the advisory.

Hacking 128

Hacking Software Information Security 128

Security Affairs

OCTOBER 29, 2024

Fog and Akira ransomware operators are exploiting SonicWall VPN flaw CVE-2024-40766 to breach enterprise networks. Fog and Akira ransomware operators are exploiting the critical SonicWall VPN vulnerability CVE-2024-40766 (CVSS v3 score: 9.3) to breach corporate networks via SSL VPN access. reads the SonicWall’s advisory.

VPN 128

VPN Ransomware Firewall Internet 128

Security Affairs

OCTOBER 17, 2024

VMWare warns to address a remote code execution vulnerability, tracked as CVE-2024-38814 (CVSS score of 8.8), in its HCX application mobility platform. The vulnerability CVE-2024-38814 impacts multiple versions of the HCX platform, including versions 4.8.x, x, and 4.10.x. The vulnerability was fixed with versions 4.8.3, and 4.10.1.

Authentication 131

Authentication Mobile Hacking Information Security 131

Security Affairs

JULY 29, 2024

Microsoft warns that ransomware gangs are exploiting the recently patched CVE-2024-37085 flaw in VMware ESXi flaw. Microsoft researchers warned that multiple ransomware gangs are exploiting the recently patched vulnerability CVE-2024-37085 (CVSS score of 6.8) in VMware ESXi flaw. ” warned Microsoft. .

Ransomware 135

Ransomware Engineering Encryption Authentication 135

Security Affairs

NOVEMBER 21, 2024

Mexico’s president announced the government is investigating an alleged ransomware hack that targeted the administration’s legal affairs office. Today they are going to send me a report on the supposed hacking.” This is not the first time Mexico’s presidential office has been targeted in a hack involving sensitive information.

Government 144

Government Hacking Ransomware Insurance 144

Security Affairs

NOVEMBER 21, 2024

Threat actors already hacked thousands of Palo Alto Networks firewalls exploiting recently patched zero-day vulnerabilities. Thousands of Palo Alto Networks firewalls have reportedly been compromised in attacks exploiting recently patched zero-day vulnerabilities ( CVE-2024-0012 and CVE-2024-9474 ) in PAN-OS.

Firewall 112

Firewall Hacking VPN Cybersecurity 112

Security Affairs

SEPTEMBER 16, 2024

SolarWinds addressed a critical remote code execution vulnerability, tracked as CVE-2024-28991, in Access Rights Manager. The company also addressed a hardcoded credential vulnerability, tracked as CVE-2024-28990, in ARM. and prior versions. ” reads the advisory. Piotr Bazydlo also reported this vulnerability.

Authentication 134

Authentication Hacking Information Security 134

Security Affairs

SEPTEMBER 8, 2024

Multiple threat actors actively exploited the recently disclosed OSGeo GeoServer GeoTools flaw CVE-2024-36401 in malware-based campaigns. The researchers observed threat actors exploiting CVE-2024-36401 in attacks aimed at IT service providers in India, technology companies in the U.S., ” concludes the report.

Malware 134

Malware Telecommunications Encryption DDOS 134

Security Affairs

JULY 25, 2024

The CVE-2024-21412 flaw in the Microsoft Defender SmartScreen has been exploited to deliver information stealers such as ACR Stealer, Lumma, and Meduza. Fortinet FortiGuard Labs researchers observed a malware campaign exploiting the vulnerability CVE-2024-21412 (CVSS score: 8.1) with booby-trapped files.

Education 140

Education Malware Internet Internet 140

Security Affairs

JULY 11, 2024

Multiple threat actors exploit a recently disclosed security PHP flaw CVE-2024-4577 to deliver multiple malware families. The flaw CVE-2024-4577 (CVSS score: 9.8) Cybersecurity and Infrastructure Security Agency (CISA) added the the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.

Malware 138

Malware DDOS Internet Internet 138

Security Affairs

SEPTEMBER 11, 2024

Microsoft Patch Tuesday security updates for September 2024 addressed 79 flaws, including four actively exploited zero-day flaws. ” The four actively exploited zero-day vulnerabilities are: CVE-2024-38014 – Windows Installer Elevation of Privilege Vulnerability.

Social Engineering 128

Social Engineering IoT Engineering Authentication 128

Security Affairs

NOVEMBER 10, 2024

US CFPB warns employees to avoid work-related mobile calls and texts following China-linked Salt Typhoon hack over security concerns. internet-service providers in recent months in pursuit of sensitive information, according to people familiar with the matter.” and its allies for hacking activities in July.

Hacking 130

Hacking Internet Internet Mobile 130

Security Affairs

OCTOBER 11, 2024

Sophos researchers warn that ransomware operators are exploiting the critical vulnerability CVE-2024-40711 in Veeam Backup & Replication to create rogue accounts and deploy malware. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, Veeam Backup & Replication )

Backups 130

Backups Ransomware VPN Authentication 130

Security Affairs

OCTOBER 27, 2024

Four former members of the REvil ransomware group were sentenced in Russia for hacking and money laundering, marking a rare case of Russian gang members being convicted in the country. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, REvil ransomware gang )

Ransomware 142

Ransomware Hacking Malware Cybercrime 142

Security Affairs

OCTOBER 2, 2024

Threat actors attempt to exploit recently disclosed vulnerability CVE-2024-45519 in Synacor’s Zimbra Collaboration. Proofpoint cybersecurity researchers reported that threat actors are attempting to exploit a recently disclosed vulnerability, tracked as CVE-2024-45519, in Synacor’s Zimbra Collaboration. Versions 8.8.15

Hacking 122

Hacking Cybersecurity Risk Information Security 122

Security Affairs

OCTOBER 10, 2024

Mozilla released an emergency security update for its Firefox browser to address a critical use-after-free vulnerability, tracked as CVE-2024-9680, that is actively exploited in attacks. The vulnerability CVE-2024-9680 resides in Animation timelines.

Hacking 137

Hacking Information Security 137

Security Affairs

AUGUST 19, 2024

Microsoft has addressed a zero-day vulnerability, tracked as CVE-2024-38193 (CVSS score: 7.8), which has been exploited by the North Korea-linked Lazarus APT group. The vulnerability, tracked as CVE-2024-38193 (CVSS score: 7.8), is a privilege escalation issue that resides in the Windows Ancillary Function Driver (AFD.sys) for WinSock.

Cryptocurrency 137

Cryptocurrency Marketing Malware Engineering 137

Security Affairs

DECEMBER 18, 2024

Researchers warn that threat actors are attempting to exploit a recently disclosed Apache Struts vulnerability CVE-2024-53677. Researchers warn that threat actors are attempting to exploit the vulnerability CVE-2024-53677 (CVSS score of 9.5) “The vulnerability, CVE-2024-53677, appears to be related to CVE-2023-50164.

Hacking 79

Hacking Technology Software Information Security 79

Security Affairs

NOVEMBER 4, 2024

The July 2024 ransomware attack that hit the City of Columbus, Ohio, exposed the personal and financial data of 500,000 individuals. On July 18, 2024, the City of Columbus, Ohio, suffered a cyber attack that impacted the City’s services.

Ransomware 114

Ransomware Identity Theft Data breaches Cyber threats 114

Security Affairs

SEPTEMBER 26, 2024

Researchers discovered critical flaws in Kia’s dealer portal that could allow to hack Kia cars made after 2013 using just their license plate. The token allowed them to access backend dealer APIs, then they successfully extracted sensitive information like the vehicle owner’s name, email, phone number, and other details.

Hacking 140

Hacking Accountability Mobile Internet 140

Security Affairs

NOVEMBER 6, 2024

Taiwanese vendor Synology has addressed a critical security vulnerability, tracked as CVE-2024-10443, that impacts DiskStation and BeePhotos. Security researcher Rick de Jager demonstrated the vulner ability, called RISK:STATION by cybersecurity firm Midnight Blue, at the Pwn2Own Ireland 2024 hacking contest.

Firmware 123

Firmware Manufacturing Hacking Media 123

Security Affairs

JULY 2, 2024

million individuals were affected by the data breach it suffered in February 2024. The insurance company Prudential Financial confirmed that the data breach it suffered in February 2024 affected over 2.5 The incident occurred on February 4, 2024, and was discovered on February 5, 2024. million individuals.

Data breaches 140

Data breaches Insurance Cyber Attacks Ransomware 140

Security Affairs

OCTOBER 11, 2024

As of September 5, 2024, the Internet Archive held more than 42.1 Starting from Wednesday, the website archive.org was displaying a message informing visitors that it was hacked. Internet Archive hacked. Hunt will add the information of the impacted users to HIBP very soon. 54% were already in @haveibeenpwned.

Data breaches 121

Data breaches Internet Internet DDOS 121

Krebs on Security

FEBRUARY 22, 2024

A new data leak that appears to have come from one of China’s top private cybersecurity firms provides a rare glimpse into the commercial side of China’s many state-sponsored hacking groups. In 2021, the Sichuan provincial government named i-SOON as one of “the top 30 information security companies.”

Government 302

Government Hacking Cyber threats Mobile 302

Security Affairs

DECEMBER 6, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds CyberPanelflaw to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA)added the CyberPanelflaw CVE-2024-51378 (CVSS score: 10.0) CISA orders federal agencies to fix this vulnerability byDecember 25, 2024.

DNS 109

DNS Authentication Ransomware Hacking 109

Security Affairs

NOVEMBER 7, 2024

Google as usual did not share details about the attacks exploiting the above vulnerability, however, it added that another issue, tracked as CVE-2024-43047, is actively exploited in the wild. CVE-2024-43093 CVE-2024-43047″ reads the security bulletin published by Google. Versions up to 2.3.6 and unpatched 2.3.7

Firewall 125

Firewall Authentication Accountability Risk 125

Security Affairs

DECEMBER 17, 2024

Cybersecurity and Infrastructure Security Agency (CISA)added the Microsoft Windows Kernel-Mode Driver Untrusted Pointer Dereference ( CVE-2024-35250 ) and Adobe ColdFusion Improper Access Control ( CVE-2024-20767 ) vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The attack complexity is labeled as low.

Cybersecurity 107

Cybersecurity Hacking Ransomware Risk 107

Security Affairs

JULY 26, 2024

tracked as CVE-2024-0760, CVE-2024-1737, CVE-2024-1975, and CVE-2024-4076. A vulnerability CVE-2024-1975 in BIND 9 allows clients to exhaust CPU resources by sending a stream of SIG(0) signed requests if the server hosts a “KEY” Resource Record or the resolver DNSSEC-validates such a record in cache.

DNS 145

DNS Software Internet Internet 145

Security Affairs

NOVEMBER 2, 2024

Hackers are exploiting two zero-day vulnerabilities, tracked as CVE-2024-8956 and CVE-2024-8957, in PTZOptics cameras. Threat actors are attempting to exploit two zero-day vulnerabilities, tracked as CVE-2024-8956 and CVE-2024-8957 , in PTZOptics pan-tilt-zoom (PTZ) live streaming cameras, GretNoise researchers warn.

Firmware 121

Firmware Manufacturing Healthcare IoT 121