Sunday, December 22, 2024

Security Affairs.

"BadBox rapidly grows, 190,000 Android devices infected."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 22 December 2024, 2324 UTC.

Content and Source:  Email subscription via https://feedly.com.   https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2Ffeed

Please check link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

Security Affairs

69K followers23 articles per week#security#tech
16

Most popular

BadBox rapidly grows, 190,000 Android devices infected

IoC > 1 domain
67by Pierluigi Paganini / 1d
Germany blocks 30000 BadBox devices
Experts uncovered a botnet of 190,000 Android devices infected by BadBox bot, primarily Yandex smart TVs and Hisense smartphones. Bitsight researchers uncovered new BADBOX infrastructure, company’s telemetry shows that over 192,000 devices were infected with the BADBOX bot. The botnet includes 160,000 previously unseen devices, notably Yandex 4K QLED Smart TVs and T963 Hisense Smartphones. Most o

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 25

by Pierluigi Paganini / 8h
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Vishing via Microsoft Teams Facilitates DarkGate Malware Intrusion Spyware distributed through Amazon Appstore BADBOX Botnet Is Back Supply Chain Attack on Rspack npm Packages Injects Cryptojacking Malware 4.5 Million (Suspected) Fake Stars in GitHub: A Growing Sp

Security Affairs newsletter Round 503 by Pierluigi Paganini – INTERNATIONAL EDITION

by Pierluigi Paganini / 8h
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. BadBox rapidly grows, 190,000 Android devices infected Romanian national was sentenced to 20 years in prison for his role in NetWalker ransomware attacks

Yesterday

US charged Dual Russian and Israeli National as LockBit Ransomware developer

Israeli hacker faces US extradition
by Pierluigi Paganini / 13h
US authorities charged a dual Russian and Israeli national for being a developer of the LockBit ransomware group. Rostislav Panev, 51, a dual Russian-Israeli national, was charged as a LockBit ransomware developer. Arrested in Israel, he awaits extradition to the U.S. Panev was arrested in Israel in August and is awaiting extradition to the U.S. on criminal charges. The man is accused of being a

Romanian national was sentenced to 20 years in prison for his role in NetWalker ransomware attacks

Romanian man sentenced for ransomware
by Pierluigi Paganini / 1d
, pleading guilty to fraud charges in June. Romanian national Daniel Christian Hulea, 30, was sentenced to 20 years in prison for his role in NetWalker ransomware attacks. Hulea pleaded guilty to computer fraud conspiracy and wire fraud conspiracy on June 20 for his role in the NetWalker ransomware attacks against organizations worldwide, including healthcare during COVID-19 . The man admitted to

Dec 20, 2024

Sophos fixed critical vulnerabilities in its Firewall product

6 TTPs
by Pierluigi Paganini / 2d
Sophos fixed three Sophos Firewall flaws that could lead to SQL injection, privileged SSH access to devices, and remote code execution. Sophos has addressed three vulnerabilities, respectively tracked as CVE-2024-12727, CVE-2024-12728, and CVE-2024-12729, in its Sophos Firewall solution. The vulnerabilities impact Sophos Firewall v21.0 GA (21.0.0) and older versions, below are the description for

U.S. CISA adds BeyondTrust software flaw to its Known Exploited Vulnerabilities catalog

2 TTPs
by Pierluigi Paganini / 2d
CVE-2024-12356
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) Command Injection flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) Command Injection flaw, tracked as CVE-2024-12356 (CV

Dec 19, 2024

Raccoon Infostealer operator sentenced to 60 months in prison

Ukrainian sentenced for cybercrime conspiracy
by Pierluigi Paganini / 2d
Raccoon Infostealer operator Mark Sokolovsky was sentenced to 60 months in US prison and ordered to pay over $910,000 in restitution. The US Department of Justice sentenced the Ukrainian national Mark Sokolovsky (28) for his role in the distribution of the Raccoon Infostealer malware . “Ukrainian national Mark Sokolovsky was sentenced today to 60 months in federal prison for one count of conspira

Mirai botnet targets SSR devices, Juniper Networks warns

9 TTPs
by Pierluigi Paganini / 3d
Juniper warns of Mirai botnet
Juniper Networks warns that a Mirai botnet is targeting SSR devices with default passwords after unusual activity was reported on December 11, 2024. Juniper Networks is warning that a Mirai botnet is targeting Session Smart Router (SSR) products with default passwords. Multiple customers reported anomalous activity on their Session Smart Network (SSN) platforms on December 11, 2024. Threat actors

Fortinet warns about Critical flaw in Wireless LAN Manager FortiWLM

Execution (Enterprise TA0002)
by Pierluigi Paganini / 3d
CVE-2023-34990
Fortinet warns of a patched FortiWLM vulnerability that could allow admin access and sensitive information disclosure. Fortinet warned of a now-patched Wireless LAN Manager (FortiWLM) vulnerability, tracked as CVE-2023-34990 (CVSS score of 9.6), that could lead to admin access and sensitive information disclosure. “A relative path traversal [CWE-23] in FortiWLM may allow a remote, unauthenticated

CERT-UA: Russia-linked UAC-0125 abuses Cloudflare Workers to target Ukrainian army

3 TTPs
by Pierluigi Paganini / 3d
UAC-0125 spreads malware via Cloudflare
The Computer Emergency Response Team of Ukraine (CERT-UA) warns that the threat actor UAC-0125 abuses Cloudflare Workers services to target the Ukrainian army with Malware. The Computer Emergency Response Team of Ukraine (CERT-UA) warns that the threat actor UAC-0125 exploits Cloudflare Workers to target the Ukrainian military, spreading malware disguised as the mobile app Army+ app from Ukraine’

Dec 18, 2024

US considers banning TP-Link routers over cybersecurity concerns

5 TTPs
by Pierluigi Paganini / 3d
US considers banning TP-Link routers
The U.S. government may ban TP-Link routers in 2025 if investigations confirm their use could pose a national security risk. The U.S. government is investigating whether TP-Link routers, linked to cyberattacks, pose a national security risk, the Wall Street Journal reported . According to the WSJ, the U.S. government is considering banning TP-Link routers starting in 2025. TP-Link holds 65% of th

Russia-linked APT29 group used red team tools in rogue RDP attacks

9 TTPs
by Pierluigi Paganini / 4d
Earth Koshchei conducts rogue RDP attacks
Russia-linked APT29 group uses malicious RDP configuration files, adapting red teaming methods for cyberattacks to compromise systems. In October 2024, the Russia-linked cyber espionage group APT29 (aka Earth Koshchei, SVR group , Cozy Bear , Nobelium , BlueBravo , Midnight Blizzard , and The Dukes ) used rogue RDP attacks via phishing emails targeting governments, think tanks, and Ukrainian enti

Threat actors are attempting to exploit Apache Struts vulnerability CVE-2024-53677

2 TTPs
by Pierluigi Paganini / 4d
CVE-2024-53677
Researchers warn that threat actors are attempting to exploit a recently disclosed Apache Struts vulnerability CVE-2024-53677. Researchers warn that threat actors are attempting to exploit the vulnerability CVE-2024-53677 (CVSS score of 9.5) in Apache Struts. A remote attacker could exploit this vulnerability to upload malicious files, potentially leading to arbitrary code execution. “An attacker

Irish Data Protection Commission (DPC) fined Meta €251 million for a 2018 data breach

by Pierluigi Paganini / 4d
Meta has been fined €251M ($263M) for a 2018 data breach affecting millions in the EU, marking another penalty for violating privacy laws. The Irish Data Protection Commission (DPC) fined Meta €251 million ($263M) for a 2018 data breach impacting 29 million Facebook accounts. “The Irish Data Protection Commission (DPC) has today announced its final decisions following two inquiries into Meta Plat

Dec 17, 2024

The Mask APT is back after 10 years of silence

10 TTPs
by Pierluigi Paganini / 4d
The Mask APT targets Latin America
Kaspersky researchers linked a new wave of cyber attacks to the cyber espionage group tracked as The Mask. Kaspersky researchers linked several targeted attacks to a cyber espionage group known as The Mask . The APT group targeted an organization in Latin America in 2019 and 2022. Threat actors accessed an MDaemon email server and used its WorldClient webmail component to maintain persistence wit

End of feed

at
Labels:

No comments:

Post a Comment

Please leave a comment about our recent post.

Subscribe to: Post Comments (Atom)

ZDNet | Security.

"It's official:  All your Office apps are getting AI and a price increase." Views expressed in this cybersecurity, cyber crime...

  • The Cyberwire Daily Briefing
    "Fortinet confirms breach of customer data." Views expressed in this cybersecurity, cyber crime update are those of the reporters ...
  • Cyber War News Today.
    "International Defence Cooperation:  A key to regional stability." Views expressed in this cybersecurity, cyber espionage, and cyb...
  • SecurityWeek Briefing
    "New RAMBO attack allows air-gapped data theft." Views expressed in this cybersecurity, cyber crime update are those of the report...