Security News

JD Sports discloses a data breach impacting 10 million customers

Sports fashion retail JD Sports discloses a data breach that explosed data of about 10M customers who placed orders between 2018 and 2020. UK sports fashion chain JD Sports disclosed a data breach that exposed customer data from orders placed between November 2018 and October 2020. The company discovered unauthorized access to a server that contained […]

The post JD Sports discloses a data breach impacting 10 million customers appeared first on Security Affairs.

January 31, 2023
0 comment
Read More >>

Researcher received a $27,000 bounty for 2FA bypass bug in Facebook and Instagram

A researcher disclosed technical details of a two-factor authentication bypass vulnerability affecting Instagram and Facebook. The researcher Gtm Manoz received a $27,000 bug bounty for having reported a two-factor authentication bypass vulnerability affecting Instagram and Facebook. The flaw resides in a component used by the parent company Meta for confirming a phone number and email […]

The post Researcher received a $27,000 bounty for 2FA bypass bug in Facebook and Instagram appeared first on Security Affairs.

January 30, 2023
0 comment
Read More >>

Sandworm APT group hit Ukrainian news agency with five data wipers

The Ukrainian (CERT-UA) discovered five different wipers deployed on the network of the country’s national news agency, Ukrinform. On January 17, 2023, the Telegram channel “CyberArmyofRussia_Reborn” reported the compromise of the systems at the Ukrainian National Information Agency “Ukrinform”. The Ukrainian Computer Emergency Response Team (CERT-UA) immediately investigated the claims and as of January 27, […]

The post Sandworm APT group hit Ukrainian news agency with five data wipers appeared first on Security Affairs.

January 30, 2023
0 comment
Read More >>

UNC2565 threat actors continue to improve the GOOTLOADER malware

The threat actors behind the GOOTLOADER malware continues to improve their code by adding new components and implementing new obfuscation techniques. Mandiant researchers reported that the UNC2565 group behind the GOOTLOADER malware (aka Gootkit) continues to improve their code by adding new components and implementing new obfuscation techniques. Gootkit runs on an access-a-as-a-service model, it is used […]

The post UNC2565 threat actors continue to improve the GOOTLOADER malware appeared first on Security Affairs.

January 30, 2023
0 comment
Read More >>

Alleged member of ShinyHunters group extradited to the US, could face 116 years in jail

An alleged member of the ShinyHunters cybercrime gang has been extradited from Morocco to the United States. Sebastien Raoult, a French national who is suspected of being a member of ShinyHunters cybercrime gang known as “Seyzo Kaizen,” has been extradited from Morocco to the United States. The 22-year-old man was arrested in Morocco at Rabat […]

The post Alleged member of ShinyHunters group extradited to the US, could face 116 years in jail appeared first on Security Affairs.

January 29, 2023
0 comment
Read More >>

Security Affairs newsletter Round 404 by Pierluigi Paganini

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. Copycat Criminals mimicking Lockbit gang in northern Europe Sandworm APT targets Ukraine with new SwiftSlicer wiper […]

The post Security Affairs newsletter Round 404 by Pierluigi Paganini appeared first on Security Affairs.

January 29, 2023
0 comment
Read More >>

Watch out! Experts plans to release VMware vRealize Log RCE exploit next week

Horizon3’s Attack Team made the headlines again announcing the releasse of a PoC exploit code for remote code execution in VMware vRealize Log. Researchers from the Horizon3’s Attack Team announced the release of PoC exploit code for remote code execution in VMware vRealize Log. The PoC exploit code will trigger a series of flaws in […]

The post Watch out! Experts plans to release VMware vRealize Log RCE exploit next week appeared first on Security Affairs.

January 29, 2023
0 comment
Read More >>

Copycat Criminals mimicking Lockbit gang in northern Europe

Recent reports of Lockbit locker-based attacks against North European SMBs indicate that local crooks started using Lockbit locker variants. Executive Summary Incident Insights Recently, there has been a significant increase in ransomware attacks targeting companies in northern Europe. These attacks are being carried out using the LockBit locker, which is known to be in use […]

The post Copycat Criminals mimicking Lockbit gang in northern Europe appeared first on Security Affairs.

January 29, 2023
0 comment
Read More >>

Sandworm APT targets Ukraine with new SwiftSlicer wiper

Russia-linked Sandworm APT group is behind a new Golang-based wiper, tracked as SwiftSlicer, that hit Ukraine, ESET reports. Researchers from ESET discovered a new Golang-based wiper, dubbed SwiftSlicer, that was used in attacks aimed at Ukraine. The experts believe that the Russia-linked APT group Sandwork (aka BlackEnergy and TeleBots) is behind the wiper attacks. The Sandworm group has been […]

The post Sandworm APT targets Ukraine with new SwiftSlicer wiper appeared first on Security Affairs.

January 28, 2023
0 comment
Read More >>

ISC fixed high-severity flaws in DNS software suite BIND

The latest BIND updates patch multiple remotely exploitable vulnerabilities that could lead to denial-of-service (DoS). BIND is a suite of software for interacting with the Domain Name System (DNS) maintained by the Internet Systems Consortium (ISC). The ISC released security patches to address multiple high-severity denial-of-service DoS vulnerabilities in the DNS software suite. Threat actors can exploit […]

The post ISC fixed high-severity flaws in DNS software suite BIND appeared first on Security Affairs.

January 28, 2023
0 comment
Read More >>