Security Affairs

Google addressed a critical vulnerability in its Chrome browser, tracked as CVE-2024-10487, which was reported by Apple. Google has patched a critical Chrome vulnerability, tracked as CVE-2024-10487, reported by Apple Security Engineering and Architecture (SEAR) on October 23, 2024. The vulnerability is an out-of-bounds write issue that resides in the Dawn implementation. Dawn is an open-source […]

QNAP fixed critical zero-day CVE-2024-50388 which was demonstrated against a TS-464 NAS device during the Pwn2Own Ireland 2024 competition. QNAP addressed a critical zero-day vulnerability, tracked as CVE-2024-50388, which was exploited by white hat hackers against a TS-464 NAS device during the recent Pwn2Own Ireland 2024 hacking competition. The flaw is an OS command injection […]

A global law enforcement operation disrupted RedLine and Meta infostealers, seizing their infrastructure and making arrests. The Dutch police announced it has dismantled infrastructure used by RedLine and Meta infostealers as part of an international law enforcement operation led by Eurojust that was code-named Operation Magnus. RedLine and META targeted millions of victims worldwide, according to Eurojust […]

Fog and Akira ransomware operators are exploiting SonicWall VPN flaw CVE-2024-40766 to breach enterprise networks. Fog and Akira ransomware operators are exploiting the critical SonicWall VPN vulnerability CVE-2024-40766 (CVSS v3 score: 9.3) to breach corporate networks via SSL VPN access. CVE-2024-40766  is an Improper Access Control Vulnerability impacting SonicWall SonicOS, the company addressed it in August […]

Suspected Russia-linked espionage group UNC5812 targets Ukraine’s military with Windows and Android malware via Telegram. Google TAG and Mandiant observed a Russia-linked group, tracked as UNC5812, targeting Ukraine’s military with Windows and Android malware via the Telegram channel “Civil Defense.” The Telegram channel was created on September 10, 2024 and at this time has 189 […]

French internet service provider (ISP) Free disclosed a cyber attack, threat actors allegedly had access to customer personal information. Free S.A.S. is a French telecommunications company, subsidiary of Iliad S.A. that provides voice, video, data, and Internet telecommunications to consumers in France. The company is the second-largest ISP in France with over 22.9 million mobile and fixed subscribers. Free disclosed a cyber attack over the […]

Italian police arrested four and are investigating dozens, including Leonardo Maria Del Vecchio, for alleged unauthorized access to state databases. Italian authorities have arrested four individuals as part of an investigation into alleged illegal access to state databases. The police are also investigating dozens of other individuals, including the son of Luxottica founder Leonardo Maria […]

A long supply chain adds third-party risks, as each partner’s security affects your own, making identity and access management more challenging. Identity-related attack vectors are a significant concern, with a substantial percentage of cyberattacks—often cited as over 70%—involving compromised credentials or identity theft. However, this problem primarily stems from a lack of visibility. Do you […]

ReliaQuest researchers observed Black Basta affiliates relying on Microsoft Teams to gain initial access to target networks. ReliaQuest researchers warn that Black Basta ransomware affiliates switched to Microsoft Teams, posing as IT support to deceive employees into granting access. The BlackBasta ransomware operators were spotted posing as corporate help desks and contacting employees to help […]

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. New Bumblebee Loader Infection Chain Signals Possible Resurgence    Trojanized Ethers Forks on npm Attempting to Steal Ethereum […]

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Chinese cyber spies targeted phones used by Trump and Vance Irish Data Protection Commission fined LinkedIn €310M for […]

Russian authorities sentenced four members of the REvil ransomware operation to several years in prison in Russia. Four former members of the REvil ransomware group were sentenced in Russia for hacking and money laundering, marking a rare case of Russian gang members being convicted in the country. The four men are Artem Zaets, Alexei Malozemov, […]

China-linked threat actors targeted the phone communications of Donald Trump and vice presidential nominee JD Vance. China-linked hackers reportedly targeted phones used by former President Donald Trump and Senator JD Vance as part of a cyber espionage campaign aimed at gathering intelligence on American leaders, the New York Times reported. US intelligence is investigating the claims […]

Irish Data Protection Commission fined LinkedIn €310M for violating user privacy by using behavioral data analysis for targeted advertising. Irish Data Protection Commission fined LinkedIn €310M after finding its use of behavioral data for targeted ads violated privacy laws, requiring compliance changes. The DPC’s inquiry was launched following an initial complaint to the French Data […]

The Change Healthcare data breach in the February 2024 impacted over 100 million, the largest-ever healthcare data breach in the US. UnitedHealth Group announced that the data breach suffered by Change Healthcare in February 2024 impacted more than 100 million individuals. On February 21, a cyber attack disrupted IT operation of the healthcare organization, more than […]

US hospice pharmacy OnePoint Patient Care suffered a data breach that exposed the personal info of approximately 800,000 individuals. OnePoint Patient Care is a U.S.-based pharmacy specializing in hospice and palliative care services, providing customized medications and support for patients with advanced illnesses. It partners with healthcare providers to manage and deliver complex medication regimens […]

DLP is key in cybersecurity; a risk assessment identifies data risks, helping turn findings into real-world security improvements. Data loss prevention (DLP) is a cornerstone of any effective cybersecurity strategy. Protecting sensitive data is what cybersecurity is all about. So, how can you conduct a DLP risk assessment? And how can you translate those findings […]

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco ASA and FTD, and RoundCube Webmail bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: This week, Cisco addressed multiple vulnerabilities in Adaptive Security Appliance (ASA), Secure Firewall Management Center (FMC), […]

On the second day of Pwn2Own Ireland 2024, researchers demonstrated an exploit for the Samsung Galaxy S24.  On day two of Pwn2Own Ireland 2024, hackers demonstrated attacks against 51 zero-day vulnerabilities, earning a total of $358,625, prizes that we have sum to the $516,250 earned by participants on the first day of the event. With the […]

Cisco patched vulnerabilities in ASA, FMC, and FTD products, including one actively exploited in a large-scale brute-force attack campaign. Cisco addressed multiple vulnerabilities in Adaptive Security Appliance (ASA), Secure Firewall Management Center (FMC), and Firepower Threat Defense (FTD) products, including an actively exploited flaw tracked as CVE-2024-20481. The vulnerability CVE-2024-20481 (CVSS score of 5.8) is […]