Saturday, November 2, 2024

Security Affairs

"New LightSpy spyware version targets iPhones with destructive capabilities."


Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 02 November 2024, 1421 UTC.

Content and Source:  Email subscription via https://feedly.com.  https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2Ffeed

Please check link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

Security Affairs

68K followers24 articles per week#security#tech
18

Most popular

New LightSpy spyware version targets iPhones with destructive capabilities
22 TTPs
by Pierluigi Paganini / 18h
New LightSpy spyware targets iPhones supporting destructive features that can block compromised devices from booting up. In May 2024, ThreatFabric researchers discovered a macOS version of LightSpy spyware that has been active in the wild since at least January 2024. ThreatFabric observed threat actors using two publicly available exploits (CVE-2018-4233, CVE-2018-4404) to deliver macOS implants.
New version of Android malware FakeCall redirects bank calls to scammers
FakeCall malware targets bank calls
by Pierluigi Paganini / 2d
The latest FakeCall malware version for Android intercepts outgoing bank calls, redirecting them to attackers to steal sensitive info and bank funds. Zimperium researchers spotted a new version of the FakeCall malware for Android that hijacks outgoing victims’ calls and redirects them to the attacker’s phone number. The malware allows operators to steal bank users’ sensitive information and money
Fog and Akira ransomware attacks exploit SonicWall VPN flaw CVE-2024-40766
8 TTPs
by Pierluigi Paganini / 4d
CVE-2024-40766
Fog and Akira ransomware operators are exploiting SonicWall VPN flaw CVE-2024-40766 to breach enterprise networks. Fog and Akira ransomware operators are exploiting the critical SonicWall VPN vulnerability CVE-2024-40766 (CVSS v3 score: 9.3) to breach corporate networks via SSL VPN access. CVE-2024-40766 is an Improper Access Control Vulnerability impacting SonicWall SonicOS, the company addresse

Yesterday

PTZOptics cameras zero-days actively exploited in the wild
2 TTPs
by Pierluigi Paganini / 6h
Hackers are exploiting two zero-day vulnerabilities, tracked as CVE-2024-8956 and CVE-2024-8957, in PTZOptics cameras. Threat actors are attempting to exploit two zero-day vulnerabilities, tracked as CVE-2024-8956 and CVE-2024-8957 , in PTZOptics pan-tilt-zoom (PTZ) live streaming cameras, GretNoise researchers warn. GreyNoise discovered the two flaws while investigating the use of an exploit det
LottieFiles confirmed a supply chain attack on Lottie-Player
LottieFiles npm package compromised
by Pierluigi Paganini / 20h
, and threat actors targeted cryptocurrency wallets to steal funds. LottieFiles confirmed that threat actors have hacked the Lottie-Player software in a supply chain attack. Lottie-Player is a web component from LottieFiles designed to render Lottie animations , which are lightweight, vector-based animations in JSON format. These animations are widely used in web and mobile applications because t

Oct 31, 2024

Threat actor says Interbank refused to pay the ransom after a two-week negotiation
Interbank data breach exposes client information
by Pierluigi Paganini / 1d
Peruvian Interbank confirmed a data breach after threat actors accessed its systems and leaked stolen information online. Interbank , formally the Banco Internacional del Perú Service Holding S.A.A. is a leading Peruvian provider of financial services has over 2 million customers. Interbank disclosed a data breach after a threat actor claimed the hack of the organization and leaked stolen data on
QNAP fixed second zero-day demonstrated at Pwn2Own Ireland 2024
3 TTPs
by Pierluigi Paganini / 2d
QNAP addressed the second zero-day vulnerability demonstrated by security researchers during the recent Pwn2Own Ireland 2024. Taiwanese manufacturer QNAP patched the second zero-day vulnerability, tracked as CVE-2024-50387 , which was exploited by security researchers during the recent Pwn2Own Ireland 2024. The vulnerability is a SQL injection (SQLi) issue that impacts the QNAP’s SMB Service. The

Oct 30, 2024

Russia-linked Midnight Blizzard APT targeted 100+ organizations with a spear-phishing campaign using RDP files
10 TTPs
by Pierluigi Paganini / 2d
Midnight Blizzard targets Ukrainian sectors
Microsoft warns of a new phishing campaign by Russia-linked APT Midnight Blizzard targeting hundreds of organizations. Microsoft warns of a large-scale spear-phishing campaign by Russia-linked APT Midnight Blizzard (aka APT29 , SVR group , BlueBravo , Cozy Bear , Nobelium , Midnight Blizzard , and The Dukes ), targeting 1,000+ users across 100+ organizations for intelligence gathering. The Midnig

Oct 29, 2024

QNAP fixed NAS backup zero-day demonstrated at Pwn2Own Ireland 2024
3 TTPs
by Pierluigi Paganini / 3d
QNAP fixed critical zero-day CVE-2024-50388 which was demonstrated against a TS-464 NAS device during the Pwn2Own Ireland 2024 competition. QNAP addressed a critical zero-day vulnerability, tracked as CVE-2024-50388, which was exploited by white hat hackers against a TS-464 NAS device during the recent Pwn2Own Ireland 2024 hacking competition. The flaw is an OS command injection vulnerability in
International law enforcement operation dismantled RedLine and Meta infostealers
3 TTPs
by Pierluigi Paganini / 3d
Global takedown of infostealer malware
A global law enforcement operation disrupted RedLine and Meta infostealers, seizing their infrastructure and making arrests. The Dutch police announced it has dismantled infrastructure used by RedLine and Meta infostealers as part of an international law enforcement operation led by Eurojust that was code-named Operation Magnus . RedLine and META targeted millions of victims worldwide, according

Oct 28, 2024

Russia-linked espionage group UNC5812 targets Ukraine’s military with malware
IoC > 1 domain
by Pierluigi Paganini / 4d
Russian group targets Ukrainian recruits
Suspected Russia-linked espionage group UNC5812 targets Ukraine’s military with Windows and Android malware via Telegram. Google TAG and Mandiant observed a Russia-linked group, tracked as UNC5812, targeting Ukraine’s military with Windows and Android malware via the Telegram channel “ Civil Defense .” The Telegram channel was created on September 10, 2024 and at this time has 189 subscribers. Th
France’s second-largest telecoms provider Free suffered a cyber attack
Free suffers data breach affecting millions
by Pierluigi Paganini / 4d
French internet service provider (ISP) Free disclosed a cyber attack, threat actors allegedly had access to customer personal information. Free S.A.S. is a French telecommunications company, subsidiary of Iliad S.A. that provides voice, video, data, and Internet telecommunications to consumers in France. The company is the second-largest ISP in France with over 22.9 million mobile and fixed subsc
A crime ring compromised Italian state databases reselling stolen info
Italy arrests four over database access
by Pierluigi Paganini / 4d
Italian police arrested four and are investigating dozens, including Leonardo Maria Del Vecchio, for alleged unauthorized access to state databases. Italian authorities have arrested four individuals as part of an investigation into alleged illegal access to state databases. The police are also investigating dozens of other individuals, including the son of Luxottica founder Leonardo Maria Del Ve
Third-Party Identities: The Weakest Link in Your Cybersecurity Supply Chain
by Pierluigi Paganini / 5d
A long supply chain adds third-party risks, as each partner’s security affects your own, making identity and access management more challenging. Identity-related attack vectors are a significant concern, with a substantial percentage of cyberattacks —often cited as over 70%—involving compromised credentials or identity theft. However, this problem primarily stems from a lack of visibility. Do you

Oct 27, 2024

Black Basta affiliates used Microsoft Teams in recent attacks
IoC > 4 domains
by Pierluigi Paganini / 5d
Initial Access (Enterprise TA0001)
Black Basta uses Teams for attacks
ReliaQuest researchers observed Black Basta affiliates relying on Microsoft Teams to gain initial access to target networks. ReliaQuest researchers warn that Black Basta ransomware affiliates switched to Microsoft Teams, posing as IT support to deceive employees into granting access. The BlackBasta ransomware operators were spotted posing as corporate help desks and contacting employees to help t
SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 17
by Pierluigi Paganini / 6d
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. New Bumblebee Loader Infection Chain Signals Possible Resurgence Trojanized Ethers Forks on npm Attempting to Steal Ethereum Priv
Security Affairs newsletter Round 495 by Pierluigi Paganini – INTERNATIONAL EDITION
CVE-2024-47575
by Pierluigi Paganini / 6d
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Chinese cyber spies targeted phones used by Trump and Vance Irish Data Protection Commission fined LinkedIn €310M for GDPR infringement Change Healthcare
Four REvil Ransomware members sentenced for hacking and money laundering
Russia seeks prison for REvil hackers
by Pierluigi Paganini / 6d
Russian authorities sentenced four members of the REvil ransomware operation to several years in prison in Russia. Four former members of the REvil ransomware group were sentenced in Russia for hacking and money laundering, marking a rare case of Russian gang members being convicted in the country. The four men are Artem Zaets, Alexei Malozemov, Daniil Puzyrevsky, and Ruslan Khansvyarov. They wer

End of feed

at No comments:
Labels:
Subscribe to: Posts (Atom)

Cyber War News Today.

"From trade wars to cyber wars in modern era." Views expressed in this cybersecurity, cyber espionage, and cyber crime update are ...

  • The Cyberwire Daily Briefing
    "Fortinet confirms breach of customer data." Views expressed in this cybersecurity, cyber crime update are those of the reporters ...
  • Cyber War News Today.
    "International Defence Cooperation:  A key to regional stability." Views expressed in this cybersecurity, cyber espionage, and cyb...
  • SecurityWeek Briefing
    "New RAMBO attack allows air-gapped data theft." Views expressed in this cybersecurity, cyber crime update are those of the report...