"How a researcher earned $100,000 for hacking a Facebook server."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 12 January 2025, 1401 UTC.

Content and Source:  Email subscription via https://feedly.com.

 https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2Ffeed

Please check link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

Security Affairs

69K followers23 articles per week#security#tech

26

Most popular

How a researcher earned $100,000 hacking a Facebook server

2 TTPs

•

by Pierluigi Paganini / 3h

•

Facebook pays researcher 100k$ for bug

Facebook paid $100,000 to a researcher for discovering a bug that granted him command access to an internal server in October 2024. TechCrunch first reported that Facebook awarded security researcher Ben Sadeghipour ( @NahamSec ) $100,000 for reporting a vulnerability that granted him access to an internal server. The researcher emphasized the vulnerability of online ad platforms due to extensive

Nessus scanner agents went offline due to a faulty plugin update

Tenable Nessus agents offline globally

•

by Pierluigi Paganini / 5d

Tenable disabled two Nessus scanner agent versions after a faulty plugin update caused agents to go offline. Tenable Nessus is a widely-used vulnerability scanning tool designed to identify and assess security vulnerabilities in systems, networks, and applications. Tenable was forced to disable two Nessus scanner agent versions because a faulty plugin update caused agents to go offline. “We are a

Nuclei flaw allows signature bypass and code execution

4 TTPs

•

by Pierluigi Paganini / 6d

A vulnerability in Nuclei, an open-source vulnerability scanner, could allow attackers to bypass signature checks and execute malicious code. A high-severity security flaw, tracked as CVE-2024-43405 (CVSS score of 7.4), in the open-source vulnerability scanner ProjectDiscovery’s Nuclei , could allow attackers to bypass signature checks and execute malicious code. The Wiz’s engineering team discov

Yesterday

DoJ charged three Russian citizens with operating crypto-mixing services

Russian nationals indicted for crypto laundering

•

by Pierluigi Paganini / 18h

The U.S. Department of Justice charged three Russian citizens with operating crypto-mixing services that helped crooks launder cryptocurrency. The U.S. Department of Justice (DoJ) charged Russian national Roman Vitalyevich Ostapenko, Alexander Evgenievich Oleynik, and Anton Vyachlavovich Tarasov with operating crypto-mixing services Blender.io and Sinbad.io that helped crooks launder cryptocurren

U.S. cannabis dispensary STIIIZY disclosed a data breach

2 TTPs

•

by Pierluigi Paganini / 1d

•

Stiiizy reports customer data breach

US marijuana dispensary STIIIZY warns customers of leaked IDs and passports following a November data breach. US marijuana dispensary STIIIZY disclosed a data breach after a vendor’s point-of-sale system was compromised by cybercriminals. The security breach exposed customer data and IDs between October 10 and November 10, 2024. After discovering the security breach, the company investigated the

Jan 10, 2025

A novel PayPal phishing campaign hijacks accounts

5 TTPs

•

by Pierluigi Paganini / 1d

•

PayPal phishing scam exploits Microsoft 365

Fortinet warns of a phishing campaign using legitimate links to hijack PayPal accounts, tricking users into granting unauthorized access. Fortinet uncovered a phishing campaign targeting PayPal users. The scheme employs legitimate links to deceive victims and gain unauthorized access to their accounts. The phishing emails mimic PayPal notifications, including payment details, warnings, a real Pay

Banshee macOS stealer supports new evasion mechanisms

14 TTPs

•

by Pierluigi Paganini / 1d

•

Banshee Stealer evades macOS antivirus

Experts found a new version of the Banshee macOS information stealer which was enhanced with new evasion mechanisms. Check Point researchers discovered a new version of the Banshee macOS infostealer which is distributed through phishing websites and fake GitHub repositories, often masqueraded as popular software. In August 2024, Russian crooks advertised a macOS malware called BANSHEE Stealer tha

Researchers disclosed details of a now-patched Samsung zero-click flaw

4 TTPs

•

by Pierluigi Paganini / 1d

Researchers at Google Project Zero disclosed a now-patched zero-click vulnerability that affects Samsung devices. Google Project Zero researchers disclosed details about a now-patched zero-click vulnerability, tracked as CVE-2024-49415 (CVSS score: 8.1), in Samsung devices. The flaw is an out-of-bound write issue in libsaped.so prior to SMR Dec-2024 Release 1, it allows remote attackers to execut

Phishers abuse CrowdStrike brand targeting job seekers with cryptominer

8 TTPs

•

by Pierluigi Paganini / 2d

•

CrowdStrike phishing targets developers with

CrowdStrike warns of a phishing campaign that uses its recruitment branding to trick recipients into downloading a fake application, which finally installs the XMRig cryptominer. CrowdStrike discovered a phishing campaign using its recruitment branding to trick recipients into downloading a fake application, which acts as a downloader for the XMRig cryptominer. The cybersecurity firm discovered t

Jan 9, 2025

China-linked APT group MirrorFace targets Japan

4 TTPs

•

by Pierluigi Paganini / 2d

•

MirrorFace targets Japan since 2019

Japanese authorities attributed a cyber-espionage campaign targeting the country to the China-linked APT group MirrorFace. The National Police Agency (NPA) and the Cabinet Cyber Security Center in Japan have linked a long-running cyber-espionage campaign targeting local entities to the China-linked group MirrorFace (aka Earth Kasha). The campaign has been active since at least 2019, it targets Ja

U.S. Medical billing provider Medusind suffered a sata breach

by Pierluigi Paganini / 2d

Medusind, a medical billing provider, disclosed a data breach that occurred in December 2023 and affected over 360,000 individuals. Medusind is a company that provides medical billing, coding, and revenue cycle management (RCM) services to healthcare organizations, including medical practices, dental practices, and other providers. The company disclosed a data breach discovered on December 29, 20

Ukrainian Cyber Alliance destroyed the connectivity of Russian ISP Nodex

Collection (Enterprise TA0009)

•

by Pierluigi Paganini / 2d

•

Ukrainian hackers destroy Nodex network

A group of hacktivists, known as the Ukrainian Cyber Alliance, breached Russian ISP Nodex, stole sensitive documents, and wiped systems. Ukrainian Cyber Alliance hacked Russian ISP Nodex, stole sensitive data, and wiped systems, highlighting their cyberattack capabilities. The Ukrainian Cyber Alliance has been active since 2016, the Pro-Ukraine group has targeted Russian entities since the invasi

U.S. CISA adds Ivanti Connect Secure, Policy Secure, and ZTA Gateways flaw to its Known Exploited Vulnerabilities catalog

3 TTPs

•

by Pierluigi Paganini / 3d

•

CVE-2025-0282

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti Connect Secure, Policy Secure, and ZTA Gateways flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Ivanti Connect Secure Vulnerability, tracked as CVE-2025-0282 (CVSS score: 9.0) to its Known Exploited Vulnerabilities (KEV) catalog . The vulnerabilit

SOC Scalability: How AI Supports Growth Without Overloading Analysts

by Pierluigi Paganini / 3d

Scaling up a security operations center (SOC) is inevitable for many organizations. How AI supports growth without overloading analysts. Scaling up a security operations center (SOC) is inevitable for many organizations. Although it might sting, keeping pace with business growth, increased threat volume and complexity, or compliance and regulatory demands requires enhancing and expanding SOC capa

Jan 8, 2025

SonicWall warns of an exploitable SonicOS vulnerability

3 TTPs

•

by Pierluigi Paganini / 3d

•

CVE-2024-53704

SonicWall warns customers to address an authentication bypass vulnerability in its firewall’s SonicOS that is “susceptible to actual exploitation.” SonicWall is urging customers to upgrade the SonicOS firmware of their firewalls to patch an authentication bypass vulnerability tracked as CVE-2024-53704 (CVSS score of 8.2). The vulnerability resides in SSL VPN and SSH management and according to th

Gayfemboy Botnet targets Four-Faith router vulnerability

3 TTPs

•

by Pierluigi Paganini / 3d

•

CVE-2024-12856

Gayfemboy, a Mirai botnet variant, has been exploiting a flaw in Four-Faith industrial routers to launch DDoS attacks since November 2024. The Gayfemboy botnet was first identified in February 2024, it borrows the code from the basic Mirai variant and now integrates N-day and 0-day exploits. By November 2024, Gayfemboy exploited 0-day vulnerabilities in Four-Faith industrial routers and Neterbit

Jan 7, 2025

Meta replaces fact-checking with community notes post ‘Cultural Tipping Point’

Meta ends fact-checking program

•

by Pierluigi Paganini / 4d

Meta is replacing its fact-checking program with a “community notes” system, citing a shift in moderation strategy after a “cultural tipping point.” Meta CEO Mark Zuckerberg announced that the fact-checking program should be ended and replaced with a community-driven system. Zuckerberg cited a shift toward free speech and explained that the new model will be similar to X’s Community Notes. Meta’s

U.S. CISA adds Oracle WebLogic Server and Mitel MiCollab flaws to its Known Exploited Vulnerabilities catalog

by Pierluigi Paganini / 4d

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Oracle WebLogic Server and Mitel MiCollab flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Oracle WebLogic Server and Mitel MiCollab vulnerabilities, to its Known Exploited Vulnerabilities (KEV) catalog . Below are the descriptions for the vulnerabilitie

Threat actors breached the Argentina’s airport security police (PSA) payroll

3 TTPs

•

by Pierluigi Paganini / 4d

•

Hackers breach Argentina airport payroll system

Threat actors breached Argentina’s airport security police (PSA) payroll, stealing data and deducting 2,000-5,000 pesos from salaries. Threat actors have breached Argentina’s airport security police (PSA) and compromised the personal and financial data of its officers and civilian personnel. Threat actors deducted from 2,000 to 5,000 pesos under false charges like “DD mayor” and “DD seguros.” Arg

Moxa router flaws pose serious risks to industrial environmets

3 TTPs

•

by Pierluigi Paganini / 5d

Moxa warns of two flaws in its routers and security appliances that enable privilege escalation and remote command execution. Moxa addressed privilege escalation and OS command injection vulnerabilities in cellular routers, secure routers, and network security appliances. Below are the descriptions for both vulnerabilities: CVE-2024-9138 (CVSS 4.0 score: 8.6): This vulnerability involves hard-cod

Jan 6, 2025

US adds Tencent to the list of companies supporting Chinese military

by Pierluigi Paganini / 5d

US adds Chinese multinational technology and entertainment conglomerate Tencent to the list of companies supporting the Chinese military. The US Department of Defense has added Chinese multinational technology and entertainment conglomerate Tencent to its “Chinese military company” list under the Section 1260 requirement. The US government does not explain the decision. The list includes the comp

Eagerbee backdoor targets govt entities and ISPs in the Middle East

25 TTPs

•

by Pierluigi Paganini / 5d

Experts spotted new variants of the Eagerbee backdoor being used in attacks on government organizations and ISPs in the Middle East. Kaspersky researchers reported that new variants of the Eagerbee backdoor being used in attacks against Internet Service Providers (ISPs) and government entities in the Middle East. The Kaspersky’s analysis revealed new attack components, including a service injecto

China-linked Salt Typhoon APT compromised more US telecoms than previously known

China-linked Salt Typhoon targets telecoms

•

by Pierluigi Paganini / 6d

China-linked Salt Typhoon group that breached multiple US telecoms compromised more firms than previously known, WSJ says. The China-linked cyberespionage group Salt Typhoon targeted more US telecoms than previously known, as The Wall Street Journal reported . According to WSJ, wich cited people familiar with the matter, the Chinese cyberspies also compromised Charter Communications and Windstrea

Jan 5, 2025

PLAYFULGHOST backdoor supports multiple information stealing features

by Pierluigi Paganini / 6d

PLAYFULGHOST is a new malware family with capabilities including keylogging, screen and audio capture, remote shell access, and file transfer/execution. Google researchers analyzed a new malware family called PLAYFULGHOST that supports multiple features, including keylogging, screen and audio capture, remote shell, and file transfer/execution. The PLAYFULGHOST backdoor shares functionality with G

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 27

by Pierluigi Paganini / 7d

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. 7-Zip Zero-Day Exploit Dropped: A New Playground for Infostealer & Supply Chain Attacks Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts The Mac Malware of 2024 Ransomware Vulnerability Matrix Inside FireScam : An In

Security Affairs newsletter Round 505 by Pierluigi Paganini – INTERNATIONAL EDITION

CVE-2024-49112 & 1 other

•

by Pierluigi Paganini / 7d

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Malicious npm packages target Ethereum developers US Treasury Department sanctioned Chinese cybersecurity firm linked to Flax Typhoon APT FireScam Android

End of feed