Security Affairs.

"U.S. CISA adds Linux kernel and VMware ESXI and Workstation flaws to its known Exploited Vulnerabilities Catalog."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Acessed on 08 March 2025, 1517 UTC. 

Content and Source:  Email subscription via https://feedly.com.

Please check link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

 Security Affairs

71K followers27 articles per week

#security#tech

21

Most popular

U.S. CISA adds Linux kernel and VMware ESXi and Workstation flaws to its Known Exploited Vulnerabilities catalog

25by Pierluigi Paganini / 3d

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Linux kernel and VMware ESXi and Workstation flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog : CVE-2024-50302 Linux Kernel Use of Uninitialized Resource Vulnerability CVE-20

The U.S. DoJ charges 12 Chinese nationals for state-linked cyber operations

by Pierluigi Paganini / 2d

The U.S. Department of Justice (DoJ) charges 12 Chinese nationals for their alleged involvement in state-linked cyber operations. The U.S. DoJ charged 12 Chinese nationals, including PRC security officers, employees of the hacking firm i-Soon , and members of the APT27 group (aka Emissary Panda , TG-3390 , Bronze Union , and Lucky Mouse ), for data theft and suppressing dissent worldwide. “The Ju

VMware fixed three actively exploited zero-days in ESX products

Execution (Enterprise TA0002)

•

by Pierluigi Paganini / 3d

Broadcom has addressed three VMware zero-day vulnerabilities in ESX products that are actively exploited in the wild. Broadcom released security updates to address three VMware zero-day vulnerabilities in ESX products that are actively exploited in the wild. The flaws, respectively tracked as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, impact multiple VMware ESX products, including VMware

Yesterday

Mirai-based botnets exploit CVE-2025-1316 zero-day in Edimax IP cameras

2 TTPs

•

by Pierluigi Paganini / 19h

•

CVE-2025-1316

Mirai-based botnets are exploiting a zero-day flaw, tracked as CVE-2025-1316, in Edimax IP cameras, to achieve remote command execution. US CISA warns that multiple botnets are exploiting a recently disclosed vulnerability, tracked as CVE-2025-1316 (CVSS score of 9.8), in Edimax IC-7100 IP cameras. The issue is an Improper Neutralization of Special Elements used in an OS Command (‘OS Command Inje

The Role of Differential Privacy in Protecting Sensitive Information in the Era of Artificial Intelligence

by Pierluigi Paganini / 1d

Differential privacy (DP) protects data by adding noise to queries, preventing re-identification while maintaining utility, addressing Artificial Intelligence -era privacy challenges. In the era of Artificial Intelligence, confidentiality and security are becoming significant challenges. Traditional anonymization techniques, such as pseudonymization and k-anonymity, have proven inadequate against

International law enforcement operation seized the domain of the Russian crypto exchange Garantex

by Pierluigi Paganini / 1d

The U.S. Secret Service and global law enforcement seized the domain of sanctioned Russian crypto exchange Garantex. An international law enforcement operation led by U.S. Secret Service seized the website (“garantex[.]org”) of the sanctioned Russian crypto exchange Garantex . In April 2022, the US Treasury Department sanctioned the virtual currency exchange. Garantex has been active since 2019,

Mar 6, 2025

Medusa Ransomware targeted over 40 organizations in 2025

5 TTPs

•

by Pierluigi Paganini / 1d

•

Medusa ransomware activity surges 2025

Medusa ransomware has claimed nearly 400 victims since January 2023, with attacks increasing by 42% between 2023 and 2024. The Symantec Threat Hunter Team reported that the Medusa ransomware operators have claimed nearly 400 victims since January 2023. Experts observed a 42% increase in attacks carried out by the group between 2023 and 2024. Experts tracked the Medusa ransomware activity as Spear

Qilin Ransomware gang claims the hack of the Ministry of Foreign Affairs of Ukraine

6 TTPs

•

by Pierluigi Paganini / 1d

•

Qilin hacks Ukraine Foreign Ministry

Qilin Ransomware group claims to have breached the Ministry of Foreign Affairs of Ukraine, marking a significant cybersecurity attack. The Russian-speaking Qilin Ransomware group claims responsibility for an attack on the Ministry of Foreign Affairs of Ukraine. The group stated that it stole sensitive data such as private correspondence, personal information, and official decrees. The ransomware

Elastic patches critical Kibana flaw allowing code execution

2 TTPs

•

by Pierluigi Paganini / 1d

•

CVE-2025-25012

Elastic fixed a critical flaw in the Kibana data visualization dashboard software for Elasticsearch that could lead to arbitrary code execution. Elastic released security updates to address a critical vulnerability, tracked as CVE-2025-25012 (CVSS score of 9.9), impacting the Kibana data visualization dashboard software for Elasticsearch. Kibana provides visualization capabilities on top of the c

Mar 5, 2025

Chinese Lotus Blossom APT targets multiple sectors with Sagerunex backdoor

14 TTPs

•

by Pierluigi Paganini / 2d

•

Lotus Blossom group targets industries

China-linked Lotus Blossom APT targets governments and industries in Asian countries with new Sagerunex backdoor variants. Talos researchers linked China-backed Lotus Blossom APT (also known as Elise and Esile) to multiple campaigns targeting organizations in sectors such as government, manufacturing, telecommunications and media with the Sagerunex backdoor. The victims of the attacks are in the

China-linked APT Silk Typhoon targets IT Supply Chain

18 TTPs

•

by Pierluigi Paganini / 2d

Microsoft warns that China-backed APT Silk Typhoon linked to US Treasury hack, is now targeting global IT supply chains, using IT firms to spy and move laterally. Microsoft reported that China-linked APT group Silk Typhoon has shifted tactics to target IT solutions like remote management tools and cloud apps for initial access. Silk Typhoon is a China-linked cyber espionage group involved in the

Hunters International gang claims the theft of 1.4 TB of data allegedly stolen from Tata Technologies

by Pierluigi Paganini / 2d

Ransomware group Hunters International claims to have hacked Tata Technologies, threatening to leak 1.4 TB of stolen data. The Hunters International ransomware group claimed to have breached the Indian multinational technology company Tata Technologies, a Tata Motors subsidiary. The group claims the theft of 1.4 terabytes of data and is threatening to leak it. The ransomware attack took place in

New Eleven11bot botnet infected +86K IoT devices

6 TTPs

•

by Pierluigi Paganini / 3d

•

New DDoS botnet Eleven11bot discovered

The Eleven11bot botnet has infected over 86,000 IoT devices, mainly security cameras and network video recorders (NVRs). Researchers from Nokia Deepfield Emergency Response Team (ERT) discovered a new botnet named Eleven11bot that has already infected over 86,000 IoT devices. Most infected devices are security cameras and network video recorders (NVRs), which are used to launch DDoS attacks. “On

Polish Space Agency POLSA disconnected its network following a cyberattack

Cyberattack on Polish Space Agency

•

by Pierluigi Paganini / 3d

The Polish space agency POLSA announced it has disconnected its network from the internet following a cyberattack. The Polish space agency POLSA was forced to disconnect its network from the internet in response to a cyberattack. The agency revealed that it has disconnected its infrastructure to contain the attack and secure data, a circumstance that suggests it was the victim of a ransomware att

Mar 4, 2025

Digital nomads and risk associated with the threat of infiltred employees

by Pierluigi Paganini / 3d

Companies face the risk of insider threats, worsened by remote work. North Korean hackers infiltrate firms via fake IT hires, stealing data. Stronger vetting is key. In an increasingly connected and digitalized world, companies are facing new security challenges. The insider threat, or the risk that an employee could harm the company, is a growing concern. This risk is amplified by the phenomenon

Google fixed two actively exploited Android flaws

CVE-2024-50302

•

by Pierluigi Paganini / 4d

Android March 2025 security update addresses over 40 vulnerabilities, including two flaws actively exploited in attacks in the wild. Android March 2025 security update addressed over 40 vulnerabilities, including two flaws, respectively tracked as CVE-2024-43093 and CVE-2024-50302, which are actively exploited in attacks in the wild. “There are indications that the following may be under limited,

Mass exploitation campaign hit 4,000+ ISP networks to deploy info stealers and crypto miners

24 TTPs

•

by Pierluigi Paganini / 4d

•

Brute-force attacks target ISPs

A massive attack targets ISPs in China and the U.S. West Coast to deploy info stealers and crypto miners on compromised systems. The Splunk Threat Research Team discovered a mass exploitation campaign from Eastern Europe targeting ISPs in China and the U.S. West Coast to deploy info stealers and crypto miners. Threat actors use weak credential brute force to gain access to target systems, then de

Mar 3, 2025

CISA maintains stance on Russian cyber threats despite policy shift

CISA maintains defense against Russia

•

by Pierluigi Paganini / 4d

US CISA confirms no change in defense against Russian cyber threats despite the Trump administration’s pause on offensive operations. US CISA stated there is no change in defending against Russian cyber threats, despite the Trump administration’s temporary pause on offensive cyber operations. US Defense Secretary Pete Hegseth has recently ordered US Cyber Command to pause offensive cyber operatio

U.S. CISA adds Multiple Cisco Small Business RV Series Routers, Hitachi Vantara Pentaho BA Server, Microsoft Windows Win32k, and Progress WhatsUp Gold flaws to its Known Exploited Vulnerabilities catalog

by Pierluigi Paganini / 4d

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco Small Business RV Series Routers, Hitachi Vantara Pentaho BA Server, Microsoft Windows Win32k, and Progress WhatsUp Gold flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalo

U.S. Authorities recovered $31 Million Related to 2021 Uranium Finance cyber heist

2 TTPs

•

by Pierluigi Paganini / 5d

U.S. authorities have recovered $31 million in cryptocurrency stolen during the 2021 cyberattacks on Uranium Finance. U.S. authorities recovered $31 million in cryptocurrency stolen in 2021 cyberattacks on Uranium Finance, which is a decentralized finance (DeFi) protocol built on Binance’s BNB Chain. The protocol operated as an automated market maker (AMM), similar to Uniswap, allowing users to s

Serbian student activist’s phone hacked using Cellebrite zero-day exploit

4 TTPs

•

by Pierluigi Paganini / 5d

Amnesty International reports that a Cellebrite zero-day exploit was used to unlock a Serbian activist’s Android phone. Amnesty International reported that a Cellebrite zero-day exploit was used to unlock the Android smartphone of a Serbian activist. In a statement published on 25 February 2025, Cellebrite announced that it had blocked Serbia from using its solution after reports that police used

End of feed