Daniel Miessler

MAY 14, 2020

What follows is a set of basic security hygiene steps that will significantly reduce your risk online. Many people get hacked from having guessable or previously compromised passwords. The more fringe the site, the higher the risk of bad things happening while you’re there. So, I decided to update the advice myself.

Risk 345

Risk Passwords Password Management Accountability 345

Security Affairs

OCTOBER 23, 2024

The SEC fined Unisys, Avaya, Check Point, and Mimecast for misleading disclosures about the impact of the SolarWinds Orion hack. The US Securities and Exchange Commission (SEC) charged four companies, Unisys, Avaya, Check Point, and Mimecast for misleading public disclosures related to the supply chain attack on SolarWinds.

Hacking 115

Hacking Risk Cybersecurity Government 115

Security Affairs

MARCH 27, 2025

Arkana Security, a new ransomware group, claims to have breached the telecommunications provider WideOpenWest (WOW!). The new ransomware group Arkana Security claims to have hacked US telecom provider WOW!, stealing customer data. WideOpenWest (WOW!) million accounts. This breach has led to the complete takeover of WOW!’s

Hacking 77

Hacking Telecommunications Data breaches Internet 77

Security Affairs

APRIL 7, 2025

With the help of these documents, even inexperienced operators with limited hacking skills can quickly acquire the necessary expertise to successfully forward counterfeit EDRs. These EDRs, representing the official cooperation channels between law enforcement agencies and social media platforms, are at risk of becoming a double-edged sword.

Cybercrime 119

Cybercrime Social Engineering Accountability Government 119

Security Affairs

DECEMBER 11, 2024

has charged a Chinese national for hacking thousands of Sophos firewall devices worldwide in 2020. has charged the Chinese national Guan Tianfeng (aka gbigmao and gxiaomao) for hacking thousands of Sophos firewall devices worldwide in 2020. Tianfeng worked at Sichuan Silence Information Technology Co., ” The U.S.

Firewall 76

Firewall Hacking Malware Passwords 76

Krebs on Security

JULY 18, 2023

[This is Part III in a series on research conducted for a recent Hulu documentary on the 2015 hack of marital infidelity website AshleyMadison.com.] LeakedSource also tried to pass itself off as a legal, legitimate business that was marketing to security firms and professionals. In 2019, a Canadian company called Defiant Tech Inc.

Hacking 231

Hacking Accountability Data breaches Marketing 231

Security Affairs

JANUARY 4, 2025

“ Flax Typhoon is a China-linked hacking group that has been active since 2021, it targets critical infrastructure globally, exploiting vulnerabilities for persistent access. According to OFAC, between 2022 and 2023, Flax Typhoon hacked U.S. critical infrastructure sectors.“

Cybersecurity 123

Cybersecurity IoT Hacking Technology 123

Security Affairs

OCTOBER 23, 2024

It becomes increasingly difficult to gain complete visibility or transparency that could help security and privacy teams discover sensitive data, identify its security and compliance postures, and mitigate risks. To add to the difficulty, the advent of Generative AI (GenAI) has brought unprecedented security and privacy risks.

Data privacy 126

Data privacy Unstructured Data Risk Data breaches 126

Security Affairs

MARCH 24, 2025

The FBI Denver Field Office advises staying cautious online, being aware of potential risks, and keeping antivirus software updated to scan files before opening them. If users fall victim to this scam, immediately contact their financial institutions, secure their accounts, and change all passwords using a trusted device.

Malware 116

Malware Scams Identity Theft Antivirus 116

Security Affairs

NOVEMBER 6, 2024

Security researcher Rick de Jager demonstrated the vulner ability, called RISK:STATION by cybersecurity firm Midnight Blue, at the Pwn2Own Ireland 2024 hacking contest. Midnight Blue took 3rd at Pwn2Own Ireland 2024 , the team demonstrated five zero-day flaws in routers, printers, security cameras, and NAS devices.

Firmware 124

Firmware Manufacturing Hacking Media 124

The Last Watchdog

APRIL 4, 2022

The same types of security risks impact businesses, whatever their size. They are often unaware of the risks they take on, which can include hacking, fraud, phishing, and more. SMBs and enterprises alike have been struggling with APIs as a mechanism for information security.

Hacking 222

Hacking Penetration Testing Data breaches Authentication 222

Security Affairs

JANUARY 28, 2025

VMware fixed a high-risk blind SQL injection vulnerability in Avi Load Balancer, allowing attackers to exploit databases via crafted queries. with security patches now available. Follow me on Twitter: @securityaffairs and Facebook and Mastodon PierluigiPaganini ( SecurityAffairs hacking,Avi Load Balancer)

Risk 118

Risk Hacking Software Information Security 118

Security Affairs

FEBRUARY 4, 2025

Then GrubHub locked out the attackers and removed the hacked account. The unauthorized party also accessed hashed passwords for certain legacy systems, and we proactively rotated any passwords that we believed might have been at risk. ” reads a notice of data breach published by the company on its website.

Data breaches 114

Data breaches Passwords Accountability Hacking 114

Security Affairs

MARCH 27, 2025

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities , FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog. The Stable channel has been updated to 134.0.6998.177/.178

Hacking 104

Hacking Cybersecurity Risk Information Security 104

Security Affairs

OCTOBER 20, 2024

CISA adds Fortinet products and Ivanti CSA bugs to its Known Exploited Vulnerabilities catalog Nation-state actor exploited three Ivanti CSA zero-days Dutch police dismantled dual dark web market ‘Bohemia/Cannabia’ macOS HM Surf flaw in TCC allows bypass Safari privacy settings Iran-linked actors target critical infrastructure organizations (..)

Data breaches 117

Data breaches Cybercrime Cyber Insurance Marketing 117

Security Affairs

OCTOBER 22, 2024

“ According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities , FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

Encryption 123

Encryption Hacking Accountability Cybersecurity 123

Security Affairs

MARCH 8, 2025

As the device was not being monitored, the victim organisation’s security team were unaware of the increase in malicious Server Message Block (SMB) traffic from the webcam to the impacted server, which otherwise may have alerted them. [1] 1] Akira was subsequently able to encrypt files across the victims network.”

Ransomware 130

Ransomware IoT Encryption Passwords 130

Security Affairs

FEBRUARY 6, 2025

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities , FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog. The vulnerability CVE-2020-15069 (CVSS score of 9.8)

Firewall 123

Firewall Hacking Cybersecurity Risk 123

Security Affairs

JANUARY 22, 2025

Attackers can exploit a vulnerability, tracked as CVE-2025-0411 , in the free, open-source file archiver software 7-Zip to bypass the Mark of the Web (MotW) Windows security feature. Mark of the Web (MotW) is a security feature in Microsoft Windows that identifies files downloaded from untrusted sources, such as the internet.

Software 126

Software Internet Internet Hacking 126

SecureWorld News

DECEMBER 12, 2024

The details of the Krispy Kreme hack are still emerging, but the companys Form 8-K filing brought the incident to light, offering a rare glimpse into the challenges businesses face when their systems are compromised. To mitigate such risks, organizations must adopt proactive measures.

Password Management 108

Password Management Passwords CISO Cybersecurity 108

Security Affairs

DECEMBER 6, 2024

The vulnerability was exploited in a large-scale hacking campaign that targeted more than 22,000 CyberPanel instances. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,CISA Known Exploited Vulnerabilities catalog ) . “getresetstatus in dns/views.py and ftp/views.py

DNS 109

DNS Authentication Ransomware Hacking 109

Security Affairs

NOVEMBER 3, 2024

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Cryptocurrency 109

Cryptocurrency Hacking Phishing Cyber Attacks 109

Security Affairs

APRIL 5, 2025

Only phone numbers and timestamps were at risk. It offers features like spam detection, automatic blocking of high-risk spam calls, and the ability to report unwanted numbers. With access to call history, attackers can map routines, contacts, and movements, risking the safety of whistleblowers, journalists, dissidents, and others.

Wireless 104

Wireless Surveillance Risk Media 104

Security Affairs

NOVEMBER 26, 2024

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities , FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog. The product could then be exploited through a vulnerable URL.”

VPN 111

VPN Authentication Hacking Cybersecurity 111

Security Affairs

NOVEMBER 7, 2024

Configuration secrets, credentials, and other data imported into Expedition is at risk due to this issue.” The researcher Brian Hysell reported the flaw to the security vendor. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, CISA )

Firewall 125

Firewall Authentication Accountability Risk 125

Security Affairs

OCTOBER 6, 2024

According to the Wall Street Journal, which reported the news exclusively, the security breach poses a major national security risk. The WSJ states that the compromise remained undisclosed due to possible impact on national security. and its allies for hacking activities in July. ” reported the WSJ.

Hacking 145

Hacking Government Internet Internet 145

Security Affairs

APRIL 2, 2025

Delivered via phishing and hosted on compromised SharePoint sites, it remains undetected by most antivirus solutions, posing a serious security risk. ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,Anubis backdoor)

Antivirus 128

Antivirus Cybercrime Malware Encryption 128

Security Affairs

NOVEMBER 18, 2024

The Irish Data Protection Commission found that Instagram’s default settings made children’s accounts visible to the public, exposing personal information like phone numbers and email addresses. For businesses operating internationally, staying ahead of regulatory changes is key to mitigating risk.

Data privacy 128

Data privacy Risk Surveillance Government 128

Security Affairs

NOVEMBER 18, 2024

T-Mobile confirmed being a victim of recent hacking campaigns linked to China-based threat actors targeting telecom companies. T-Mobile confirms it was hacked as part of a long-running cyber espionage campaign targeting Telco companies. The security breach poses a major national security risk.

Mobile 113

Mobile Telecommunications Data breaches Hacking 113

Security Affairs

APRIL 3, 2025

The exposure of this sensitive information poses a serious risk to organizations, as malicious actors are ready to exploit it in attacks. Developers frequently expose secrets like API keys, often underestimating the risk. Attackers exploit even “low-risk” leaks for lateral movement.

Risk 82

Risk Engineering Passwords Hacking 82

Security Affairs

DECEMBER 5, 2024

SOC analysts, vital to cybersecurity, face burnout due to exhausting workloads, risking their well-being and the effectiveness of organizational defenses. Security Operations Center (SOC) analyst burnout is a very real problem. Mundane Work Working in a SOC that lacks AI capabilities can be extremely dull.

Artificial Intelligence 136

Artificial Intelligence Data collection Cybersecurity Risk 136

Security Affairs

JANUARY 8, 2025

. “The list of all security advisories and the associated list of vulnerabilities is below. Again, this upgrade addresses a high vulnerability for SSL VPN users that should be considered at imminent risk of exploitation and updated immediately. All customers are encouraged to upgrade their firewalls to the latest MR listed below.”

Firewall 115

Firewall Firmware VPN Authentication 115

Security Affairs

JANUARY 17, 2025

In AWS, Aviatrix Controllers default privilege escalation amplifies the risk of exploitation, enabling cryptojacking and backdoor attacks, per Wiz Research. Aviatrix has seen indications that bad actors are attempting to exploit this vulnerability, and strongly recommends that you take action to protect your controllers.

Cryptocurrency 105

Cryptocurrency Hacking Risk Cybersecurity 105

Security Affairs

OCTOBER 13, 2024

The Mexican Drug Cartels Want You Casio: Notice of Partial Service Outage and Information Leak Caused by Ransomware Attack He founded a “startup” to access sanctioned Russian websites: the cyber police of Khmelnytskyi region exposed the hacker Hacked ‘AI Girlfriend’ Data Shows Prompts Describing Child Sexual Abuse Malware Over 300,000!

Data breaches 116

Data breaches Cryptocurrency Artificial Intelligence Cybercrime 116

Security Affairs

NOVEMBER 2, 2024

Attackers can also trigger flaws to extract network details to infiltrate connected systems, increasing the risk of data breaches and ransomware attacks. ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, PTZOptics cameras)

Firmware 121

Firmware Manufacturing IoT Healthcare 121

Security Affairs

NOVEMBER 14, 2024

The security breach poses a major national security risk. The WSJ states that the compromise remained undisclosed due to possible impact on national security. requests for communications data, according to people familiar with the matter, which amounts to a major national security risk.”

Government 111

Government Telecommunications Surveillance Risk 111

Security Affairs

DECEMBER 17, 2024

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities , FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog. Pierluigi Paganini ( SecurityAffairs hacking, CISA )

Hacking 108

Hacking Cybersecurity Ransomware Risk 108