Security Affairs.

"Talk Talk confirms data breach involving third-party platform."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.   Accessed on 27 January 2025, 2143 UTC.

Content and Source:  https://securityaffairs.com

Please check link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

 Security Affairs

70K followers25 articles per week#security#tech

14

Today

TalkTalk confirms data breach involving a third-party platform

Collection (Enterprise TA0009)

•

by Pierluigi Paganini / 58min

•

TalkTalk investigates potential data breach

UK telecommunications firm TalkTalk disclosed a data breach after a threat actor announced the hack on a cybercrime forum. UK telecommunications company TalkTalk confirmed a data breach after a threat actor claimed responsibility for the cyber attack on a cybercrime forum and offered for sale alleged customer data. A threat actor named “b0nd” claimed the theft of data of over 18.8 million TalkTal

Multiple Git flaws led to credentials compromise

2 TTPs

•

by Pierluigi Paganini / 6h

Vulnerabilities in the Git credential retrieval protocol could have allowed threat actors to access user credentials. Security researcher RyotaK from GMO Flatt Security Inc discovered multiple vulnerabilities in the Git credential retrieval protocol that could have allowed threat actors to access user credentials. The vulnerabilities stem from the improper handling of messages in Git’s credential

GamaCopy targets Russia mimicking Russia-linked Gamaredon APT

Defense Evasion (Enterprise TA0005)

•

by Pierluigi Paganini / 8h

•

GamaCopy targets Russia using military bait

New threat actor GamaCopy mimics Russia-linked Gamaredon APT in attacks on Russian-speaking targets. The Knownsec 404 Advanced Threat Intelligence team recently analyzed attacks on Russian-speaking targets using military-themed bait, 7z SFX for payloads, and UltraVNC, mimicking Gamaredon’s TTPs. The researchers linked the activity to the APT Core Werewolf (aka Awaken Likho, PseudoGamaredon), it m

ESXi ransomware attacks use SSH tunnels to avoid detection

6 TTPs

•

by Pierluigi Paganini / 10h

•

Ransomware targets VMware ESXi stealthily

Threat actors behind ESXi ransomware attacks target virtualized environments using SSH tunneling to avoid detection. Researchers at cybersecurity firm Sygnia warn that threat actors behind ESXi ransomware attacks target virtualized environments using SSH tunneling to avoid detection. Ransomware groups are exploiting unmonitored ESXi appliances to persist and access corporate networks. They use “l

Yesterday

Attackers allegedly stole $69 million from cryptocurrency platform Phemex

by Pierluigi Paganini / 11h

Crooks stole at least $69 million from Singapore-based cryptocurrency platform Phemex in an alleged cyberattack. Singapore-based crypto platform Phemex paused operations after a cyberattack that resulted in the theft of $69M. Phemex CEO Federico Variola stated they are restoring withdrawals and temporarily manually reviewing all requests. On Thursday, researchers at the blockchain security firm P

Change Healthcare data breach exposed the private data of over half the U.S.

2 TTPs

•

by Pierluigi Paganini / 1d

•

UnitedHealth data breach affects 190 million

The Change Healthcare data breach is worse than initially estimated: approximately 190 million people have been affected. The Change Healthcare data breach is worse than initially estimated, the incident has impacted 190 million people. In October 2024, UnitedHealth Group announced that the data breach suffered by Change Healthcare in February 2024 impacted more than 100 million individuals. On F

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 30

by Pierluigi Paganini / 1d

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Gmail For Exfiltration: Malicious npm Packages Target Solana Private Keys and Drain Victims’ Wallets Threat Bulletin: Weaponized Software Targets Chinese-Speaking Organizations Mass Campaign of Murdoc Botnet Mirai: A New Variant of Corona Mirai Sophos MDR tracks t

Security Affairs newsletter Round 508 by Pierluigi Paganini – INTERNATIONAL EDITION

by Pierluigi Paganini / 1d

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Subaru Starlink flaw allowed experts to remotely hack cars Participants in the Pwn2Own Automotive 2025 earned $886,250 U.S. CISA adds SonicWall SMA1000 fl

Jan 25, 2025

Cisco warns of a ClamAV bug with PoC exploit

3 TTPs

•

by Pierluigi Paganini / 1d

Cisco addressed a ClamAV denial-of-service (DoS) vulnerability, and experts warn of the availability of a proof-of-concept (PoC) exploit code. Cisco has released security updates to address a ClamAV denial-of-service (DoS) vulnerability tracked as CVE-2025-20128. The Cisco PSIRT experts warn of the availability of a proof-of-concept (PoC) exploit code for this flaw. The vulnerability resides in t

Subaru Starlink flaw allowed experts to remotely hack cars

2 TTPs

•

by Pierluigi Paganini / 2d

•

Subaru security flaws expose tracking system

Subaru Starlink flaw exposed vehicles and customer accounts in the US, Canada, and Japan to remote attacks. Popular security researcher Sam Curry and he colleague Shubham Shah discovered a vulnerability in Subaru’s Starlink connected vehicle service that exposed vehicles and customer accounts in the US, Canada, and Japan susceptible to remote attacks. The experts explained that they exploited the

Participants in the Pwn2Own Automotive 2025 earned $886,250

by Pierluigi Paganini / 2d

The Pwn2Own Automotive 2025 hacking contest has ended, and participants earned $886,250 after demonstrating 49 zero-day flaws. The Pwn2Own Automotive 2025 hacking contest has ended, and participants earned $886,250 after demonstrating 49 zero-day flaws. Sina Kheirkhah ( @SinSinology ) of Summoning Team ( @SummoningTeam ) obtained 30.5 Master of Pwn points and won the Master of Pwn earning $222.25

Jan 24, 2025

U.S. CISA adds SonicWall SMA1000 flaw to its Known Exploited Vulnerabilities catalog

2 TTPs

•

by Pierluigi Paganini / 3d

•

CVE-2025-23006

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SonicWall SMA1000 vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a SonicWall SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC) vulnerability, tracked as CVE-2025-23006 to its Known Exploited Vulnerabilities (KEV) cata

J-magic malware campaign targets Juniper routers

4 TTPs

•

by Pierluigi Paganini / 3d

•

Juniper routers targeted by malware

Threat actors are targeting Juniper routers with a custom backdoor in a campaign called code-named “J-magic,” attackers are exploiting a Magic Packet flaw. Lumen Technologies researchers reported that the J-magic campaign targets Juniper routers with a custom backdoor using a passive agent based on the cd00r variant (an open-source backdoor by fx ). It activates upon detecting a “magic packet” wi

Jan 23, 2025

SonicWall warns of a critical CVE-2025-23006 zero-day likely exploited in the wild

CVE-2025-23006

•

by Pierluigi Paganini / 3d

SonicWall warns customers of a critical zero-day vulnerability in SMA 1000 Series appliances, likely exploited in the wild. SonicWall is warning customers of a critical security vulnerability, tracked as CVE-2025-23006 (CVSS score of 9,8) impacting its Secure Mobile Access (SMA) 1000 Series appliances. The vulnerability is a Pre-authentication deserialization of untrusted data issue in the SMA100

End of feed