FIN8-linked actor targets Citrix NetScaler systems

A financially motivated actor linked to the FIN8 group exploits the CVE-2023-3519 RCE in attacks on Citrix NetScaler systems in massive attacks.

Sophos X-Ops is tracking an ongoing campaign, which is targeting Citrix NetScaler systems, conducted by threat actors linked …

Updated Kmsdx botnet targets IoT devices

Researchers spotted an updated version of the KmsdBot botnet that is now targeting Internet of Things (IoT) devices.

The Akamai Security Intelligence Response Team (SIRT) discovered a new version of the KmsdBot botnet that employed an updated Kmsdx binary targeting …

Massive MOVEit campaign already impacted at least 1,000 organizations and 60 million individuals

The recent wave of MOVEit attacks conducted by the Cl0p ransomware gang impacted 1,000 organizations, experts say.

Cybersecurity firm Emsisoft shared disconcerting details about the recent, massive hacking campaign conducted by the Cl0p ransomware group that targeted the MOVEit Transfer file transfer …

Leaked LockBit 3.0 ransomware builder used by multiple threat actors

The leak of the source code of the LockBit 3.0 ransomware builder in 2022 allowed threat actors to create new variants of the threat.

Lockbit v3, aka Lockbit Black, was detected in June 2022, but in September 2022 a builder …

Security Affairs newsletter Round 434 by Pierluigi Paganini – International edition

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Cloud

Crypto investor data exposed by a SIM swapping attack against a Kroll employee

Security consulting giant Kroll disclosed a data breach resulting from a SIM-swapping attack against one of its employees.

Security consulting firm Kroll revealed that a SIM-swapping attack against one of its employees caused the theft of user information for multiple cryptocurrency platforms. Kroll …

Lapsus$ member has been convicted of having hacked multiple high-profile companies

An 18-year-old member of the Lapsus$ gang has been convicted of having helped hack multiple high-profile companies.

A teenage member of the Lapsus$ data extortion group, Arion Kurtaj (18), was convicted by a London jury of having hacked multiple high-profile …

DoJ charged Tornado Cash founders with laundering more than $1 billion

The U.S. DoJ charged two men with operating the Tornado Cash service and laundering more than $1 Billion in criminal proceeds.

The U.S. Justice Department charged two Tornado Cash founders ROMAN STORM and ROMAN SEMENOV have been charged with one …

BlackCat ransomware group claims the hack of Seiko network

The BlackCat/ALPHV ransomware group claims to have hacked the Japanese maker of watches Seiko and added the company to its data leak site.

On August 10, 2023, the Japanese maker of watches Seiko disclosed a data breach following a cyber …

Security Affairs newsletter Round 433 by Pierluigi Paganini – International edition

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Over

Massive phishing campaign targets users of the Zimbra Collaboration email server

A massive social engineering campaign is targeting users of the Zimbra Collaboration email server to steal their login credentials.

ESET researchers uncovered a mass-spreading phishing campaign targeting users of the Zimbra Collaboration email server since April 2023. Zimbra Collaboration is …

Africa Cyber Surge II law enforcement operation has led to the arrest of 14 suspects

An international law enforcement operation across 25 African countries has led to the arrest of 14 cybercriminals.

A coordinated law enforcement operation conducted by INTERPOL and AFRIPOL across 25 African countries has led to the arrest of 14 suspected cybercriminals …

A massive campaign delivered a proxy server application to 400,000 Windows systems

Researchers discovered a massive campaign that delivered a proxy server application to at least 400,000 Windows systems.

AT&T Alien Labs researchers uncovered a massive campaign that delivered a proxy server application to at least 400,000 Windows systems.

The experts identified …

Cleaning Products manufacturer Clorox Company took some systems offline after a cyberattack

Cleaning products manufacturer Clorox Company announced that it has taken some systems offline in response to a cyberattack.

The Clorox Company is a multinational consumer goods company that specializes in the production and marketing of various household and professional cleaning, …

CISA adds flaw in Citrix ShareFile to its Known Exploited Vulnerabilities catalog

US CISA added critical vulnerability CVE-2023-24489 in Citrix ShareFile to its Known Exploited Vulnerabilities catalog.

US Cybersecurity and Infrastructure Security Agency (CISA) added critical flaw CVE-2023-24489 (CVSS score 9.8) affecting Citrix ShareFile to its Known Exploited Vulnerabilities Catalog.

Citrix ShareFile is a secure …

A massive phishing campaign using QR codes targets the energy sector

A phishing campaign employing QR codes targeted a leading energy company in the US, cybersecurity firm Cofense reported.

Starting from May 2023, researchers from Cofense discovered a large-scale phishing campaign using QR codes in attacks aimed at stealing the Microsoft …

Credentials for cybercrime forums found on roughly 120K computers infected with info stealers

Researchers discovered credentials associated with cybercrime forums on roughly 120,000 computers infected with information stealers.

Threat intelligence firm Hudson Rock has discovered credentials associated with cybercrime forums on roughly 120,000 computers infected with various information stealer malware. The experts discovered …

QwixxRAT, a new Windows RAT appears in the threat landscape

QwixxRAT is a new Windows remote access trojan (RAT) that is offered for sale through Telegram and Discord platforms.

The Uptycs Threat Research team discovered the QwixxRAT (aka Telegram RAT) in early August 2023 while it was advertised through Telegram …

QwixxRAT, a new Windows RAT appears in the threat landscape

QwixxRAT is a new Windows remote access trojan (RAT) that is offered for sale through Telegram and Discord platforms.

The Uptycs Threat Research team discovered the QwixxRAT (aka Telegram RAT) in early August 2023 while it was advertised through Telegram …

Ongoing Xurum attacks target Magento 2 e-stores

Experts warn of ongoing attacks, dubbed Xurum, targeting e-commerce websites using Adobe’s Magento 2 CMS.

Akamai researchers warn of ongoing attacks, dubbed Xurum, targeting e-commerce websites running the Magento 2 CMS.

The attackers are actively exploiting a server-side template injection …

文 » A