"Attackers could hack smart solar systems and cause serious damages."

Views expressed in this cybersecurity, cyber crime, and security update are those of the reporters and correspondents.  Accessed on 01 March 2025, 1555 UTC.

Content and Source:  Email subscription via https://feedly.com.

 https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2Ffeed

Please check link or scrolldown to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

Security Affairs

71K followers27 articles per week

#security#tech

22

Yesterday

Attackers could hack smart solar systems and cause serious damages

by Pierluigi Paganini / 16h

Hackers reveal security flaws in smart solar systems, exposing risks to national power grids as global reliance on solar energy grows. DW investigated the risks of cyber attacks exploiting vulnerabilities in smart solar systems while the demand for solar energy grows. The German news outlet DW interviewed hackers who’ve exposed security flaws in rooftop installations and solar power plants worldw

Enhanced capabilities sustain the rapid growth of Vo1d botnet

9 TTPs

•

by Pierluigi Paganini / 23h

Operators behind the Vo1d botnet have enhanced its capabilities, enabling rapid growth in recent months. In September 2024, Doctor Web researchers uncovered a malware, tracked as Vo1d , that infected nearly 1.3 million Android-based TV boxes belonging to users in 197 countries. The malicious code acts as a backdoor allowing attackers to download and install third-party software secretly. In Augus

Cisco fixed command injection and DoS flaws in Nexus switches

2 TTPs

•

by Pierluigi Paganini / 1d

Cisco addressed command injection and denial-of-service (DoS) vulnerabilities in some models of its Nexus switches. Cisco released security updates to address command injection and DoS vulnerabilities in Nexus switches, including a high-severity flaw. The most severe issue, tracked as CVE-2025-20111 (CVSS Score of 7.4), resides in the health monitoring diagnostics of Cisco Nexus 3000 Series Switc

Feb 27, 2025

China-linked threat actors stole 10% of Belgian State Security Service (VSSE)’s staff emails

by Pierluigi Paganini / 1d

Belgian authorities are investigating Chinese hackers for breaching its State Security Service (VSSE), stealing 10% of emails from 2021 to May 2023. The Belgian federal prosecutor’s office is probing a possible security breach on its State Security Service (VSSE) by China-linked threat actors. Chinese hackers gained access to the VSSE’s email server between 2021 and May 2023, stealing 10% of staf

FBI: North Korea-linked TraderTraitor is responsible for $1.5 Billion Bybit hack

2 TTPs

•

by Pierluigi Paganini / 1d

•

North Korean hackers steal $1.5 billion

The FBI confirmed that North Korea is responsible for the record-breaking cyber heist at the crypto exchange Bybit. FBI links the recent Bybit hack to North Korea-linked group TraderTraitor as details of the $1.5B cyber heist emerge. Last week, the crypto exchange Bybit suffered a sophisticated cyberattack , threat actors transferred over 400,000 ETH and stETH worth more than $1.5 billion to an u

Criminal group UAC-0173 targets the Notary Office of Ukraine

9 TTPs

•

by Pierluigi Paganini / 1d

CERT-UA warns of UAC-0173 using DCRat malware to target Ukrainian notaries in a new attack wave since mid-January 2025. The Computer Emergency Response Team of Ukraine (CERT-UA) warned of a new campaign by criminal group UAC-0173 targeting Ukrainian notaries with a remote access trojan DCRat (aka DarkCrystal RAT). The campaign started in mid-January 2025, the attack chain starts with phishing mes

Cellebrite blocked Serbia from using its solution because misuse of the equipment for political reasons

Cellebrite halts Serbia operations

•

by Pierluigi Paganini / 2d

Cellebrite blocked Serbia from using its solution after reports that police used it to unlock and infect the phones of a journalist and activist. A report published by Amnesty International in December 2024 documented the use of Cellebrite’s forensics tools by Serbia police to unlock and install spyware on the phones of a local journalist and an activist. The police used a malware dubbed NoviSpy,

DragonForce Ransomware group is targeting Saudi Arabia

by Pierluigi Paganini / 2d

Resecurity researchers reported that DragonForce ransomware targets Saudi organizations rising cyber threats in the region. DragonForce ransomware has recently been reported to target organizations in the Kingdom of Saudi Arabia (KSA). A significant incident identified by Resecurity involved a data leak from a prominent real estate and construction company in Riyadh, which has projects with major

Feb 26, 2025

New Ghostwriter campaign targets Ukrainian Government and opposition activists in Belarus

IoC > 1 domain

•

by Pierluigi Paganini / 2d

•

15 TTPs

•

Belarusian activists targeted by malware

A Ghostwriter campaign using a new variant of PicassoLoader targets opposition activists in Belarus, and Ukrainian military and government organizations. SentinelLABS observed a new Ghostwriter campaign targeting Belarusian opposition activists and Ukrainian military and government entities with a new variant of PicassoLoader . The campaign has been active since late 2024, threat actors used weap

New LightSpy spyware variant comes with enhanced data collection features targeting social media platforms

14 TTPs

•

by Pierluigi Paganini / 3d

Researchers found an updated LightSpy spyware with enhanced data collection features targeting social media platforms like Facebook and Instagram. Cybersecurity researchers at Hunt.io have found an updated version of the LightSpy spyware that supports an expanded set of data collection features to target social media platforms like Facebook and Instagram. ThreatFabric researchers first discovered

Feb 25, 2025

U.S. CISA adds Microsoft Partner Center and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog

CISA adds Microsoft Zimbra flaws

•

by Pierluigi Paganini / 3d

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Partner Center and Synacor Zimbra Collaboration Suite vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SonicWall SonicOS and Palo Alto PAN-OS vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog . The two vulnerabilities

GitVenom campaign targets gamers and crypto investors by posing as fake GitHub projects

IoC > 1 URL

•

by Pierluigi Paganini / 3d

•

6 TTPs

•

GitVenom campaign steals cryptocurrency

GitVenom malware campaign targets gamers and crypto investors by posing as open-source projects on GitHub. Kaspersky researchers warn of a malware campaign, dubbed GitVenom, targeting GitHub users. The threat actors behind this campaign created hundreds of fake GitHub repositories with malicious code, disguising them as automation tools, crypto bots, and hacking utilities. The attackers used AI-g

LockBit taunts FBI Director Kash Patel with alleged “Classified” leak threat

LockBit targets FBI Director Patel

•

by Pierluigi Paganini / 3d

LockBit claims to have “classified information” for FBI Director Kash Patel that could “destroy” the agency if leaked. The ransomware gang LockBit sent a strange message to newly appointed FBI Director Kash Patel, they offer alleged “classified information” that could “destroy” this agency if publicly disclosed. The ransomware group published the message on their dark web leak site, specifically

EU sanctioned the leader of North Korea-linked APT groups

Multilateral Sanctions Monitoring Team established

•

by Pierluigi Paganini / 4d

The European Union sanctioned the leader of North Korea-linked APT groups for aiding Russia in its war against Ukraine. The European Union announced sanctions against entities aiding Russia in the ongoing conflict with Ukraine, including Lee Chang Ho, who is the leader of North Korea-linked APT groups. Lee Chang Ho coordinated North Korean soldiers in Ukraine and led North Korea-linked APT groups

U.S. CISA adds Adobe ColdFusion and Oracle Agile PLM flaws to its Known Exploited Vulnerabilities catalog

by Pierluigi Paganini / 4d

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Adobe ColdFusion and Oracle Agile Product Lifecycle Management (PLM) vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SonicWall SonicOS and Palo Alto PAN-OS vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog . The two vulnerabili

Feb 24, 2025

Russia warns financial sector organizations of IT service provider LANIT compromise

Russia warns of IT provider hack

•

by Pierluigi Paganini / 4d

Russia’s NKTsKI warns financial sector organizations about a breach at major Russian IT service and software provider LANIT. Russia’s National Coordination Center for Computer Incidents (NKTsKI) warns the financial sector of security breach at IT service and software provider LANIT , potentially affecting LANTER and LAN ATMservice. According to the security breach notification published by GosSOP

A large botnet targets M365 accounts with password spraying attacks

8 TTPs

•

by Pierluigi Paganini / 4d

•

Massive botnet attacks Microsoft 365

A botnet of 130,000+ devices is attacking Microsoft 365 accounts via password-spraying, bypassing MFA by exploiting basic authentication. SecurityScorecard researchers discovered a botnet of over 130,000 devices that is conducting password-spray attacks against Microsoft 365 (M365) accounts worldwide. The attackers targeted accounts protected with basic authentication bypassing multi-factor authe

Australia bans Kaspersky over national security concerns

Australia bans Kaspersky antivirus software

•

by Pierluigi Paganini / 5d

Australia bans Kaspersky software over national security concerns, citing risks of foreign interference, espionage, and sabotage of government networks. Australian Government banned products and services provided by Russian cybersecurity firm Kaspersky over national security concerns. The Secretary of the Department of Home Affairs has issued a mandatory directive under the Protective Security Po

A data leak exposes the operations of the Chinese private firm TopSec, which provides Censorship-as-a-Service

TopSec linked to Chinese censorship

•

by Pierluigi Paganini / 5d

A leak suggests that Chinese cybersecurity firm TopSec offers censorship-as-a-service services, it provided bespoke monitoring services to a state-owned enterprise facing a corruption scandal. SentinelLABS researchers analyzed a data leak that suggests that the Chinese cybersecurity firm TopSec offers censorship-as-a-service services. The origin of the data leak is unclear, the leak is large and

Feb 23, 2025

SpyLend Android malware found on Google Play enabled financial cyber crime and extortion

SpyLend malware targets Indian users

•

by Pierluigi Paganini / 5d

CYFIRMA researchers discovered that the SpyLend Android malware was downloaded 100,000 times from the official app store Google Play. CYFIRMA researchers discovered an Android malware, named SpyLend, which was distributed through Google Play as Finance Simplified. The malware targets Indian users with unauthorized loan apps, enabling predatory lending, blackmail, and extortion. The Finance Simpli

Data Leak Exposes TopSec’s Role in China’s Censorship-as-a-Service Operations A...

by Pierluigi Paganini / 5d

Data Leak Exposes TopSec’s Role in China’s Censorship-as-a-Service Operations An analysis of a data leak from a Chinese cybersecurity company TopSec has revealed that it likely offers censorship-as-a-service solutions to prospective customers, including a state-owned enterprise in the country. Founded in 1995, TopSec ostensibly offers services such as Endpoint Detection and Response (EDR) and vul

Leaked Black Basta chat logs reveal the gang’s operations

by Pierluigi Paganini / 5d

Leaked Black Basta chat logs reveal internal conflicts, exposing member details and hacking tools as the gang reportedly falls apart. An unknown actor, named ExploitWhispers, leaked Matrix chat logs of the Black Basta ransomware gang revealing internal conflicts, and exposing member details and hacking tools as the gang reportedly collapses. ExploitWhispers first uploaded the chat messages on MEG

End of feed