Security Affairs
E-prescription provider MediSecure impacted by a ransomware attack
Electronic prescription provider MediSecure in Australia suffered a ransomware attack likely originate from a third-party vendor.
Ars Technica
Archie, the Internet’s first search engine, is rescued and running
A journey through busted tapes, the Internet Old Farts Club, and SPARCstations.
The Hacker News
North Korean Hackers Exploit Facebook Messenger in Targeted Malware Campaign
Kimsuky hackers launch new social engineering attack using fake Facebook accounts. Learn how they target activists via Messenger and deliver malware.
Security Affairs
Google fixes seventh actively exploited Chrome zero-day this year
Google released security updates to address a new actively exploited Chrome zero-day vulnerability, the third in a week.
Security Affairs
Santander: a data breach at a third-party provider impacted customers and employees
The Spanish bank Santander disclosed a data breach at a third-party provider that impacted customers in Chile, Spain, and Uruguay.
Security Affairs
FBI seized the notorious BreachForums hacking forum
An international law enforcement operation coordinated by the FBI led to the seizure of the notorious BreachForums hacking forum.
Security Affairs
A Tornado Cash developer has been sentenced to 64 months in prison
One of the developers of the Tornado Cash cryptocurrency mixer has been sentenced to 64 months in prison.........
HACKRead
Popular Cyber Crime Forum Breach Forums Seized by Police
The cybercrime and hacker forum Breach Forums has been seized by the Federal Bureau of Investigation (FBI) and the Department of Justice.
Infosecurity News
PDF Exploitation Targets Foxit Reader Users
CPR said exploit builders in .NET and Python have been employed to deploy this malware
The Cyber Express
The Cybersecurity Guardians: Meet the Top 30 cybersecurity Influencers to Follow in 2024
The ever-evolving landscape of cybersecurity is shaped by a dedicated group of individuals. These pioneers, through their research, entrepreneurship, and
The Cyber Express
DragonForce Cyberattack Strikes Again: Malone & Co and Watt Carmicheal Added as Victims
The notorious DragonForce ransomware group has expanded its list of victims, adding two new names to their dark web portal
Security Affairs
Adobe fixed multiple critical flaws in Acrobat and Reader
Adobe addressed multiple code execution vulnerabilities in several products, including Adobe Acrobat and Reader.
Security Affairs
Ransomware attack on Singing River Health System impacted 895,000 people
The Singing River Health System revealed that the ransomware attack that hit the organization in August 2023 impacted 895,204 people.
Security Affairs
Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days
Microsoft Patch Tuesday security updates for May 2024 fixed 59 flaws across various products including an actively exploited zero-day.
Security Affairs
VMware fixed zero-day flaws demonstrated at Pwn2Own2024
VMware fixed four flaws in its Workstation and Fusion desktop hypervisors, including three zero-days exploited at the Pwn2Own Vancouver 2024
Security Affairs
MITRE released EMB3D Threat Model for embedded devices
The non-profit technology organization MITRE released the EMB3D threat model for embedded devices used in critical infrastructure.
HACKRead
Android Malware Poses as WhatsApp, Instagram, Snapchat to Steal Data
A new Android malware poses as popular applications like WhatsApp, Instagram, and Snapchat to steal user data, including login credentials.
Security Affairs
Google fixes sixth actively exploited Chrome zero-day this year
Google released emergency security updates to address an actively exploited Chrome zero-day vulnerability.
Security Affairs
Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware
Experts reported that since April, the Phorpiex botnet sent millions of phishing emails to spread LockBit Black ransomware
Security Affairs
Threat actors may have exploited a zero-day in older iPhones, Apple warns
Apple rolled out urgent security updates to address code execution vulnerabilities in iPhones, iPads, and macOS.
Security Affairs
City of Helsinki suffered a data breach
The City of Helsinki suffered a data breach that impacted tens of thousands of students, guardians, and personnel.
Security Affairs
Russian hackers defaced British newspaper websites
A group of hackers that defines itself as 'first-class Russian hackers' claims the defacement of hundreds of British newspaper websites
CyberNews
Europol confirms web platform breach
Europol confirmed one of it web portals was breached.
.webp)
Cyber Security News
New Breed of Romance Scams Employs Fake Cryptocurrency Exchanges
Romance scam schemes involve intricate manipulations, including using fake cryptocurrency exchanges to defraud victims.
Security Affairs
Firstmac Limited disclosed a data breach after cyber attack
Firstmac Limited disclosed a data breach after the new Embargo extortion group leaked over 500GB of data allegedly stolen from the company.
Security Affairs
Pro-Russia hackers targeted Kosovo government websites
Pro-Russia hackers targeted government websites in Kosovo in retaliation for the government's support to Ukraine with military equipment.
Security Affairs
Security Affairs newsletter Round 471 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
Security Affairs
As of May 2024, Black Basta ransomware affiliates hacked over 500 organizations worldwide
Black Basta ransomware affiliates have breached over 500 organizations between April 2022 and May 2024, FBI and CISA reported.
Security Affairs
Ohio Lottery data breach impacted over 538,000 individuals
The cyber attack on the Ohio Lottery on Christmas Eve exposed the personal data of over 538,000 individuals.
Security Affairs
Notorius threat actor IntelBroker claims the hack of the Europol
Notorius threat actor IntelBroker claims that Europol has suffered a data breach that exposed FOUO and other classified data.
Security Affairs
A cyberattack hit the US Healthcare giant Ascension
A cyberattack hit the US Healthcare giant Ascension and is causing disruption of the systems at hospitals in the country
HACKRead
Europol Hacked? IntelBroker Claims Major Law Enforcement Breach
The notorious IntelBroker hacker claims to have successfully breached the European Union Agency for Law Enforcement Cooperation (Europol).
Bleeping Computer
Dell API abused to steal 49 million customer records in data breach
The threat actor behind the recent Dell data breach revealed they scraped information of 49 million customer records using an partner portal API they accessed as a fake company.
Security Affairs
Google fixes fifth actively exploited Chrome zero-day this year
Since the start of the year, Google released an update to fix the fifth actively exploited zero-day vulnerability in the Chrome browser.
Security Affairs
Russia-linked APT28 targets government Polish institutions
CERT Polska warns of a large-scale malware campaign against Polish government institutions conducted by Russia-linked APT28.
The Hacker News
Malicious Android Apps Pose as Google, Instagram, WhatsApp, Spread via Smishing
Fake Android apps mimicking popular platforms like Google & WhatsApp are stealing user data.
CyberNews
Claimed by hackers, Zscaler says there’s no impact or compromise
Cloud security company Zscaler is continuing an investigation into an alleged breach.
Security Affairs
Citrix warns customers to update PuTTY version installed on their XenCenter system manually
Citrix urges customers to manually address a PuTTY SSH client flaw that could allow attackers to steal a XenCenter admin's private SSH key.
Security Affairs
Dell discloses data breach impacting millions of customers
IT giant Dell disclosed a security breach that exposed millions of customers' names and physical mailing addresses.
Security Affairs
Mirai botnet also spreads through the exploitation of Ivanti Connect Secure bugs
Threat actors exploit recently disclosed Ivanti Connect Secure (ICS) vulnerabilities to deploy the Mirai botnet.
SecurityWeek
BetterHelp Customers Begin Receiving Refund Notices From $7.8M Data Privacy Settlement, FTC Says
BetterHelp customers have started receiving refund notices from a $7.8 million data privacy settlement, the FTC says.
Security Affairs
Zscaler is investigating data breach claims
Cybersecurity firm Zscaler is investigating claims of a data breach after hackers offered access to its network.
Security Affairs
Experts warn of BIG-IP Next Central Manager flaws that allow device takeover
Two high-severity vulnerabilities in BIG-IP Next Central Manager can be exploited to gain admin control and create hidden accounts on any managed assets.
HACKRead
IntelBroker Hacker Claims Breach of Top Cybersecurity Firm, Selling Access
The norotious IntelBroker hackers claims to have breached a leading cybersecurity company selling its access for $20,000 in XMR cryptocurrency.
Security Affairs
LockBit gang claimed responsibility for the attack on City of Wichita
The LockBit ransomware group has added the City of Wichita to its Tor leak site and threatened to publish stolen data.
Security Affairs
New TunnelVision technique can bypass the VPN encapsulation
TunnelVision is a new VPN bypass technique that enables threat actors to spy on users’ traffic bypassing the VPN encapsulation.
Security Affairs
LiteSpeed Cache WordPress plugin actively exploited in the wild
Threat actors are exploiting a high-severity vulnerability in the LiteSpeed Cache plugin for WordPress to take over web sites
Security Affairs
Most Tinyproxy Instances are potentially vulnerable to flaw CVE-2023-49606
A critical Remote Code Execution vulnerability in the Tinyproxy service potentially impacted 50,000 Internet-Exposing hosts.
Security Affairs
UK Ministry of Defense disclosed a third-party data breach exposing military personnel data
The UK Ministry of Defense disclosed a data breach at a third-party payroll system that exposed data of armed forces personnel and veterans.
The Record
School exams are no reason to block internet access, groups tell Iraq’s leaders
Iraq is one of the few countries that has repeatedly cut off the internet to prevent alleged exam cheating.
Security Affairs
Law enforcement agencies identified LockBit ransomware admin and sanctioned him
The FBI, UK National Crime Agency, and Europol revealed the identity of the admin of the LockBit operation and sanctioned him.
Bleeping Computer
BetterHelp to pay $7.8 million to 800,000 in health data sharing settlement
BetterHelp has agreed to pay $7.8 million in a settlement agreement with the U.S. Federal Trade Commission (FTC) over allegations of misusing and sharing consumer health data for advertising purposes.
Security Affairs
MITRE attributes the recent attack to China-linked UNC5221
MITRE published more details on the recent security breach, including a timeline of the attack and attribution evidence.
CyberNews
Shadow political ads thrive on Facebook during India’s election
A report shows that myriad Facebook political ads in India during its current election season are run by fake and stolen accounts – despite Meta banning such practice.
Security Affairs
Alexander Vinnik, the operator of BTC-e exchange, pleaded guilty to money laundering
Alexander Vinnik, a Russian operator of virtual currency exchange BTC-e pleaded guilty to participating in a money laundering scheme.
Security Affairs
City of Wichita hit by a ransomware attack
The City of Wichita in Kansas was forced to shut down its computer systems after a ransomware attack ........
Security Affairs
El Salvador suffered a massive leak of biometric data
Resecurity found a massive leak involving the exposure of personally identifiable information (PII) of over 5M citizens of El Salvador.
Security Affairs
Finland authorities warn of Android malware campaign targeting bank users
Finland's Transport and Communications Agency (Traficom) warned about an ongoing Android malware campaign targeting bank accounts.
Security Affairs
Law enforcement seized Lockbit group's website again
Law enforcement seized the Lockbit group's Tor website again and announced they will reveal more identities of its operators
Security Affairs
NATO and the EU formally condemned APT28 cyber espionage
NATO and the European Union formally condemned cyber espionage operations carried out by the Russia-linked APT28 against European countries.
Security Affairs
Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
Security Affairs
Blackbasta gang Synlab Italia attack
The Blackbasta extortion group claimed responsibility for the attack that in April severely impacted the operations of Synlab Italia.
Ars Technica
These dangerous scammers don’t even bother to hide their crimes
Cybercriminals openly run dozens of scams across social media and messaging apps.
CyberNews
Google trial wraps, judge weighs landmark US antitrust claims
Google and the US Justice Department wrap up closing arguments over claims that parent company Alphabet unlawfully dominated web search and related advertising.
Security Affairs
LockBit published data stolen from Simone Veil hospital in Cannes
LockBit ransomware operators have published sensitive data allegedly stolen from the Simone Veil hospital in Cannes.
Security Affairs
Russia-linked APT28 and crooks are still using the Moobot botnet
The Ubiquiti EdgeRouter botnet is still used by Russia-linked group APT28 and cybercriminals organizations.
Security Affairs
Dirty stream attack poses billions of Android installs at risk
Microsoft discovered a security flaw dubbed "Dirty Stream" affecting widely used Android applications, billions of installations are at risk.
Security Affairs
ZLoader Malware adds Zeus's anti-analysis feature
Zloader continues to evolve, its authors added an anti-analysis feature that was originally present in the Zeus banking trojan.
Security Affairs
Ukrainian REvil gang member sentenced to 13 years in prison
A Ukrainian national, a member of the REvil group, has been sentenced to more than 13 years in prison for his role in extortion activities.
Security Affairs
Pro-Russia hackers target critical infrastructure in North America and Europe
Government agencies from the US, Canada and the UK warn of Russian threat actors targeting critical infrastructure in North America and Europe
Security Affairs
HPE Aruba Networking addressed four critical ArubaOS RCE flaws
HPE Aruba Networking addressed four critical remote code execution vulnerabilities impacting its ArubaOS network operating system.
Security Affairs
Threat actors hacked the Dropbox Sign production environment
Threat actors breached the Dropbox Sign production environment and accessed customer email addresses and hashed passwords
Security Affairs
CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog
CISA adds GitLab Community and Enterprise Editions improper access control vulnerability to its Known Exploited Vulnerabilities catalog.
Security Affairs
Panda Restaurant Group disclosed a data breach
Panda Restaurant Group disclosed a data breach that occurred in March, resulting in the theft of associates' personal information.
SecurityWeek
Deepfake of Principal’s Voice Is the Latest Case of AI Being Used for Harm
Police say a principal from a Maryland high school was framed as racist by a fake recording of his voice using AI-based deepfake technology.
Security Affairs
Ex-NSA employee sentenced to 262 months in prison for attempting to transfer classified documents to Russia
A former U.S. NSA employee has been sentenced to nearly 22 years in prison for attempting to sell classified documents to Russia.
Security Affairs
Cuttlefish targets enterprise-grade SOHO routers
Cuttlefish malware targets enterprise-grade and small office/home office (SOHO) routers to harvest public cloud authentication data.
Security Affairs
A flaw in the R programming language could allow code execution
A flaw in the R programming language enables the execution of arbitrary code when parsing specially crafted RDS and RDX files.
SecurityWeek
CISO Conversations: Talking Cybersecurity With LinkedIn's Geoff Belknap and Meta's Guy Rosen
SecurityWeek discusses cybersecurity leadership with Geoff Belknap, CISO at LinkedIn, and Guy Rosen, CISO at Facebook parent company Meta.
Security Affairs
Muddling Meerkat, a mysterious DNS Operation involving China's Great Firewall
The China-linked threat actors Muddling Meerkat are manipulating DNS to probe networks globally since 2019..
Security Affairs
Finnish Hacker sentenced to more than six years in prison
Finnish hacker was sentenced to more than six years in prison for hacking into an online psychotherapy clinic and attempted extortion.
Bleeping Computer
R language flaw allows code execution via RDS/RDX files
A new vulnerability has been discovered in the R programming language that allows arbitrary code execution upon deserializing specially crafted RDS and RDX files.
Security Affairs
CISA guidelines to protect critical infrastructure against AI-based threats
The US government’s cybersecurity agency CISA published a series of guidelines to protect critical infrastructure against AI-based attacks.
SecurityWeek
Vulnerability in R Programming Language Could Fuel Supply Chain Attacks
A vulnerability (CVE-2024-27322) in the R programming language implementation can be exploited to execute arbitrary and be used as part of a supply chain attack.
Security Affairs
NCSC: New UK law bans default passwords on smart devices
The UK National Cyber Security Centre (NCSC) orders smart device manufacturers to ban default passwords starting from April 29, 2024.
Security Affairs
The FCC imposes $200 million in fines on four US carriers
The FCC fined the largest U.S. wireless carriers $200 million for sharing customers' real-time location data without consent.
The Record
EU investigating Meta for suspected failures over Russian election interference
The European Commission "has created means to protect European citizens from targeted disinformation and manipulation by third countries. If we suspect a violation of the rules, we act," said President Ursula von der Leyen.
The Record
Two hackers in Ukraine accused of spreading Russian propaganda
The pair was allegedly receiving orders from Russian intelligence services. If found guilty, they could face up to seven years in prison.
Security Affairs
Google prevented 2.28 million policy-violating apps from being published on Google Play in 2023
Google announced they have prevented 2.28 million policy-violating apps from being published in the official Google Play.
Security Affairs
FBCS data breach impacted 2M individuals
Financial Business and Consumer Solutions (FBCS) suffered a data breach that exposed information 2 million individuals.
CyberNews
Breaking 2FA authentication: demystifying your security
Multi-factor and 2-factor authentication, its safety and how hackers can overcome it
Security Affairs
Cyber-Partisans hacktivists claim to have breached Belarus KGB
A Belarusian group of activist group claims to have infiltrated the network of the country’s main KGB agency.
CyberSecurity Dive
Kaiser exposed up to 13.4M plan member records to third parties
The largest data breach reported to the HHS’ Office for Civil Rights so far this year comes as regulators reconsider healthcare’s use of tracking technologies.
CyberSecurity Dive
FTC broadens health breach notification rule
Regulators have been pursuing more enforcement actions against health applications sharing consumers’ data. Friday’s final rule should give those actions more heft.
Security Affairs
The Los Angeles County Department of Health Services disclosed a data breach
Los Angeles County Department of Health Services reported a data breach that exposed thousands of patients' personal and health information.
Security Affairs
Multiple Brocade SANnav SAN Management SW flaws allow device compromise
Multiple flaws in Brocade SANnav storage area network (SAN) management application can allow to compromise impacted appliances.
The Record
Kansas City system providing roadside weather, traffic info taken down by cyberattack
A cyberattack that knocked out the system providing real-time updates along the highway coincided with severe storms.
Security Affairs
ICICI Bank exposed credit card data of 17000 customers
ICICI Bank, a major private bank in India, mistakenly exposed the sensitive data of thousands of new credit cards to unintended recipients.
Security Affairs
Okta warns of unprecedented scale in credential stuffing attacks on online services
Identity and access management services provider Okta warned of a spike in credential stuffing attacks aimed at online services.
Security Affairs
Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
Loading more articles....