Security Affairs.

"News MassJacker clipper targets pirated software seekers."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 15 March 2025, 2247 UTC.

Content and Source:  Email subscription via https://feedly.com.

Please check link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

Security Affairs

71K followers27 articles per week
#security#tech
51

Most popular

New MassJacker clipper targets pirated software seekers

IoC > 1 domain
by Pierluigi Paganini / 4h
13 TTPs
MassJacker malware steals cryptocurrency wallets
Pirated software seekers are targeted by the new MassJacker clipper malware, according to CyberArk researchers. A new malware campaign spreading a new clipper malware dubbed MassJacker targets users searching for pirated software, Cyberark users warn. A clipper malware is a type of malicious software designed to intercept and manipulate clipboard data, typically for cryptocurrency theft. When a v

Cisco IOS XR flaw allows attackers to crash BGP process on routers

CVE-2025-20115
by Pierluigi Paganini / 11h
Cisco addressed a denial of service (DoS) vulnerability that allows attackers to crash the Border Gateway Protocol (BGP) process on IOS XR routers. Cisco has addressed a denial of service (DoS) vulnerability, tracked as CVE-2025-20115 , that could allow an unauthenticated, remote attacker to crash the Border Gateway Protocol (BGP) process on IOS XR routers by sending a single BGP update message.

Microsoft Patch Tuesday security updates for March 2025 fix six actively exploited zero-days

3 TTPs
by Pierluigi Paganini / 3d
PatchTuesday
Microsoft Patch Tuesday security updates for March 2025 address 56 security vulnerabilities in its products, including six actively exploited zero-days. Microsoft Patch Tuesday security updates for March 2025 addressed 56 vulnerabilities in Windows and Windows Components, Office and Office Components, Azure, .NET and Visual Studio, Remote Desktop Services, DNS Server, and Hyper-V Server. This Pat

Yesterday

LockBit ransomware developer Rostislav Panev was extradited from Israel to the U.S.

LockBit ransomware developer extradited
by Pierluigi Paganini / 1d
The US Justice Department announced that the The US Justice Department announced that one of the LockBit ransomware developer, Rostislav Panev (51), has been extradited to the United States. The dual Russian-Israeli national was arrested in Israel in 2024 and faces charges related to his role in the ransomware operation The man is accused of being a LockBit ransomware developer from 2019 through

SuperBlack Ransomware operators exploit Fortinet Firewall flaws in recent attacks

IoC > 1 IP
by Pierluigi Paganini / 1d
13 TTPs
CVE-2025-24472
Operators behind the SuperBlack ransomware exploited two vulnerabilities in Fortinet firewalls for recent attacks. Between January and March, researchers at Forescout Research – Vedere Labs observed a threat actors exploiting two Fortinet vulnerabilities to deploy the SuperBlack ransomware. The experts attribute the attacks to a threat actor named “Mora_001” which using Russian-language artifacts

Mar 13, 2025

U.S. CISA adds Apple products and Juniper Junos OS flaws to its Known Exploited Vulnerabilities catalog

6 TTPs
by Pierluigi Paganini / 1d
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple products and Juniper Junos OS flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog : CVE-2025-21590 Juniper Junos OS Improper Isolation or Compartmentalization Vulnerabilit

GitLab addressed critical auth bypass flaws in CE and EE

2 TTPs
by Pierluigi Paganini / 2d
GitLab addressed two critical authentication bypass vulnerabilities in Community Edition (CE) and Enterprise Edition (EE). GitLab released security updates to address critical vulnerabilities in Community Edition (CE) and Enterprise Edition (EE). The company addressed nine vulnerabilities, including the two critical ruby-saml authentication bypass issues respectively tracked as CVE-2025-25291 and

North Korea-linked APT group ScarCruft spotted using new Android spyware KoSpy

IoC > 4 domains
by Pierluigi Paganini / 2d
3 TTPs
North Korea-linked APT group ScarCruft used a new Android spyware dubbed KoSpy to target Korean and English-speaking users. North Korea-linked threat actor ScarCruft (aka APT37 , Reaper, and Group123) is behind a previously undetected Android surveillance tool named KoSpy that was used to target Korean and English-speaking users. ScarCruft has been active since at least 2012, it made the headline

Experts warn of a coordinated surge in the exploitation attempts of SSRF vulnerabilities

by Pierluigi Paganini / 2d
Researchers warn of a “coordinated surge” in the exploitation attempts of SSRF vulnerabilities in multiple platforms. Threat intelligence firm GreyNoise observed Grafana path traversal exploitation attempts before the Server-Side Request Forgery (SSRF) surge on March 9, suggesting the attackers may be leveraging Grafana as an initial entry point for deeper exploitation. The experts believe the at

Meta warns of actively exploited flaw in FreeType library

Execution (Enterprise TA0002)
by Pierluigi Paganini / 2d
CVE-2025-27363
Meta warned that a vulnerability, tracked as CVE-2025-27363, impacting the FreeType library may have been exploited in the wild. Meta warned that an out-of-bounds write flaw, tracked as CVE-2025-27363 (CVSS score of 8.1), in the FreeType library may have been actively exploited in attacks. “An out of bounds write exists in FreeType versions 2.13.0 and below when attempting to parse font subglyph

Mar 12, 2025

Medusa ransomware hit over 300 critical infrastructure organizations until February 2025

36 TTPs
by Pierluigi Paganini / 2d
Medusa ransomware targets critical infrastructure
The Medusa ransomware operation hit over 300 organizations in critical infrastructure sectors in the United States until February 2025. The FBI, CISA, and MS-ISAC have issued a joint advisory detailing Medusa ransomware tactics, techniques, and indicators of compromise (IOCs) based on FBI investigations as recent as February 2025. This advisory is part of the #StopRansomware initiative, providing

China-linked APT UNC3886 targets EoL Juniper routers

10 TTPs
by Pierluigi Paganini / 2d
Mandiant researchers warn that China-linked actors are deploying custom backdoors on Juniper Networks Junos OS MX routers. In mid-2024, Mandiant identified custom backdoors on Juniper Networks’ Junos OS routers, and attributed the attacks to a China-linked espionage group tracked as UNC3886. These TINYSHELL -based backdoors had various capabilities, including active and passive access and a scrip

U.S. CISA adds six Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog

2 TTPs
by Pierluigi Paganini / 3d
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds six Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog : CVE-2025-24983 Microsoft Windows Win32k Use-After-Free Vulnerability CVE-2025-24984 Microsoft Windows

New Ballista Botnet spreads using TP-Link flaw. Is it an Italian job?

IoC > 1 IP
by Pierluigi Paganini / 3d
15 TTPs
The Ballista botnet is exploiting an unpatched TP-Link vulnerability, targeting over 6,000 Archer routers, Cato CTRL researchers warn. Cato CTRL researchers observed a new botnet, called Ballista botnet, which is exploiting a remote code execution (RCE) vulnerability, tracked as CVE-2023-1389 (CVSS score 8.8), in TP-Link Archer routers. The CVE-2023-1389 flaw is an unauthenticated command injecti

Mar 11, 2025

Apple fixed the third actively exploited zero-day of 2025

2 TTPs
by Pierluigi Paganini / 3d
CVE-2025-24201
Apple addressed a zero-day vulnerability, tracked as CVE-2025-24201, that has been exploited in “extremely sophisticated” cyber attacks. Apple has released emergency security updates to address a zero-day vulnerability, tracked as CVE-2025-24201, in the WebKit cross-platform web browser engine. The vulnerability is an out-of-bounds write issue that was exploited in “extremely sophisticated” attac

Switzerland’s NCSC requires cyberattack reporting for critical infrastructure within 24 hours

Switzerland mandates 24-hour cyberattack reporting
by Pierluigi Paganini / 4d
Switzerland’s NCSC mandates critical infrastructure organizations to report cyberattacks within 24 hours of discovery. Switzerland’s National Cybersecurity Centre (NCSC) now requires critical infrastructure organizations to report cyberattacks within 24 hours due to rising cybersecurity threats. The new policy related to security breach notification is introduced as a response to the increasing n

SideWinder APT targets maritime and nuclear sectors with enhanced toolset

7 TTPs
by Pierluigi Paganini / 4d
The APT group SideWinder targets maritime and logistics companies across South and Southeast Asia, the Middle East, and Africa. Kaspersky researchers warn that the APT group SideWinder (also known as Razor Tiger, Rattlesnake, and T-APT-04) is targeting maritime, logistics, nuclear, telecom, and IT sectors across South Asia, Southeast Asia, the Middle East, and Africa. SideWinder (also known as Ra

Mar 10, 2025

U.S. CISA adds Advantive VeraCore and Ivanti EPM flaws to its Known Exploited Vulnerabilities catalog

3 TTPs
by Pierluigi Paganini / 4d
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Advantive VeraCore and Ivanti EPM flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog : CVE-2025-25181 Advantive VeraCore SQL Injection Vulnerability CVE-2024-57968 Advantive Ve

Cybersecurity Challenges in Cross-Border Data Transfers and Regulatory Compliance Strategies

by Pierluigi Paganini / 4d
Cross-border data transfers enable global business but face challenges from varying cybersecurity laws, increasing risks of cyberattacks and data breaches. The digital revolution has enabled organizations to operate seamlessly across national boundaries, relying on cross-border data transfers to support e-commerce, cloud computing, artificial intelligence, and financial transactions. However, as

Elon Musk blames a massive cyberattack for the X outages

2 TTPs
by Pierluigi Paganini / 4d
Elon Musk said that the global outages impacting its platform X during the day are being caused by a cyberattack. A major cyber attack appears to be the root cause of the global outage on X, according to its CEO Elon Musk. About 40,000 users reported issues accessing Twitter, according to Downdetector.com. Musk has provided no evidence to support his claims, and this is not the first time. Last y

Experts warn of mass exploitation of critical PHP flaw CVE-2024-4577

6 TTPs
by Pierluigi Paganini / 5d
Threat actors exploit PHP flaw CVE-2024-4577 for remote code execution. Over 1,000 attacks detected globally. GreyNoise researchers warn of a large-scale exploitation of a critical vulnerability, tracked as CVE-2024-4577 (CVSS 9.8), in PHP. An attacker could exploit the vulnerability to achieve remote code execution on vulnerable servers using Apache and PHP-CGI. The flaw CVE-2024-4577 (CVSS scor

RansomHouse gang claims the hack of the Loretto Hospital in Chicago

2 TTPs
by Pierluigi Paganini / 5d
Another American hospital falls victim to a ransomware attack; the RansomHouse gang announced the hack of Loretto Hospital in Chicago.” The RansomHouse gang announced the hack of Loretto Hospital in Chicago, the groups claims to have stolen 1.5TB of sensitive data. The Loretto Hospital is a not-for-profit, community-focused health care provider. They provide healthcare services including: primary

North Korea-linked APT Moonstone used Qilin ransomware in limited attacks

8 TTPs
by Pierluigi Paganini / 5d
Moonstone Sleet adopts Qilin ransomware
Microsoft researchers reported that North Korea-linked APT tracked as Moonstone Sleet has employed the Qilin ransomware in limited attacks. Microsoft observed a North Korea-linked APT group, tracked as Moonstone Sleet, deploying Qilin ransomware in limited attacks since February 2025. The APT group uses Qilin ransomware after previously using custom ransomware. “Moonstone Sleet has previously exc

Comments

Post a Comment

Please leave a comment about our recent post.

Popular posts from this blog

Cyber War News Today.

Image
"International Defence Cooperation:  A key to regional stability." Views expressed in this cybersecurity, cyber espionage, and cyber crime update are those of the reporters and correspondents.  Accessed on 15 December 2024, 0134 UTC. Content and Source:   https://cyberwar.einnews.com/news/cyber-war-news?n=2&code=FA9GNesSTpp2rjO1&utm_source=NewsletterNews&utm_medium=email&utm_campaign=Cyber+War+News&utm_content=navig Please check link or scroll down to read your selections.  Thanks for joining us today. Russ Roberts (https://www.hawaiicybersecurityjournal.net). Cyber War News Monitoring Get by    Email    •     RSS Published on  Dec 13, 2024 The Cyber Warfare Market Size Reach USD 127.1 Billion by 2032 Exhibiting CAGR at 13.3% WILMINGTON, DE, UNITED STATES, December 13, 2024 /⁨EINPresswire.com⁩/ -- According to the report, The Cyber Warfare Market Size Reach USD 127.1 Billion by 2032 Exhibiting CAGR at 1...
Read more

Cyber War News Today.

Image
"ADP investing in cyber warfare workforce." Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 28 May 2025, 1940 UTC. Content and Source:  "Cyber War News Today."  https://cyberwar.einnews.com/news/cyber-war-news?n=2&code=FA9GNesSTpp2rjO1&utm_source=NewsletterNews&utm_medium=email&utm_campaign=Cyber+War+News&utm_content=navig Please click email link or scroll down to read your selections.  Thanks for joining us today. Russ Roberts (https://www.hawaiicybersecurityjournal.net). Cyber War News Monitoring Get by    Email    •     RSS Published on  06:47 GMT पहलगामनंतर पाकिस्तानने भारतावर कशाप्रकारे Cyber War लादले? पहलगाम हत्याकांडानंतरच्या दोन आठवड्यांनंतर, भारतीय सायबर स्पेसवर पाकिस्तानकडून मोठ्या प्रमाणात हल्ले सुरु झाले. काही दिवशी तर, दर तासाला तब्बल 90 कोटी DDoS (डिस्ट्रिब्युटेड डिनायल ऑफ सर्व्हिस) हल्ले झाले, अशी माहिती सायबर सुरक्षेत कार्...
Read more

SecurityWeek Briefing

Image
"New RAMBO attack allows air-gapped data theft." Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 10 September 2024, 0035 UTC. Content and Source:  https://www.securityweek.com Please check link or scroll down to read your selections.  Thanks for joining us today. Russ Roberts (https://www.hawaiicybersecurityjournal.net).   Monday, September 9 , 2024 Are you worried about unmanaged devices and apps? LATEST CYBERSECURITY HEADLINES New RAMBO Attack Allows Air-Gapped Data Theft Predator Spyware Resurfaces With Fresh Infrastructure Google Pushes Rust in Legacy Firmware to Tackle Memory Safety Flaws 300,000 Impacted by Data Breach at Car Rental Firm Avis One Million US Kaspersky Customers Transferred to Pango’s UltraAV Two Indicted in US for Running Dark Web Marketplaces Offering Stolen Information Critical SonicWall Vulnerability Possibly Exploited in Ransomware Attacks CISA Breaks Silence on Controvers...
Read more