A vulnerability impacting the decentralized social network Mastodon can be exploited by threat actors to impersonate and take over any account. A security flaw, tracked as CVE-2024-23832 (CVSS score 9.4), in the decentralized social network Mastodon can be exploited to…
Category: Security Affairs
Iranian hackers breached Albania’s Institute of Statistics (INSTAT)
Albania’s Institute of Statistics (INSTAT) announced that it was targeted by a sophisticated cyberattack that affected some of its systems. A sophisticated cyberattack on Wednesday hit Albania’s Institute of Statistics (INSTAT). The institute confirmed that the attack affected some of…
Operation Synergia led to the arrest of 31 individuals
An international law enforcement operation, named Synergia, led to the arrest of 31 individuals involved in ransomware, banking malware, and phishing attacks. Operation Synergia was led by Interpol and ran from September to November 2023 involving law enforcement agencies from…
Ex CIA employee Joshua Adam Schulte sentenced to 40 years in prison
A former software engineer with the U.S. CIA has been sentenced to 40 years in prison for leaking classified documents. Former CIA employee Joshua Adam Schulte has been sentenced to 40 years in prison for passing classified documents to WikiLeaks and…
Cloudflare breached on Thanksgiving Day, but the attack was promptly contained
Cloudflare revealed that a nation-state actor breached its internal Atlassian server, gaining access to the internal wiki and its bug database (Atlassian Jira). The incident took place on Thanksgiving Day, November 23, 2023, and Cloudflare immediately began an investigation with…
PurpleFox malware infected at least 2,000 computers in Ukraine
The Computer Emergency Response Team in Ukraine (CERT-UA) reported that a PurpleFox malware campaign had already infected at least 2,000 computers in the country. The Computer Emergency Response Team in Ukraine (CERT-UA) is warning about a malware campaign that has…
3.5M exposed in COVID-19 e-passport leak
Passports, mobile numbers, and email addresses of Indian travelers who requested COVID e-pass have been leaked, 3.5M individuals at risk of identity theft. Last year, due to an increase in the number of people with COVID-19, Tamil Nadu, the southernmost…
Man sentenced to six years in prison for stealing millions in cryptocurrency via SIM swapping
A US man has been sentenced to federal prison for his role in a fraudulent scheme that resulted in the theft of millions of dollars through SIM swapping. Daniel James Junk (22) of Portland was sentenced to 72 months in…
CISA orders federal agencies to disconnect Ivanti VPN instances by February 2
CISA is ordering federal agencies to disconnect Ivanti Connect Secure and Ivanti Policy Secure products within 48 hours. For the first time since its establishment, CISA is ordering federal agencies to disconnect all instances of Ivanti Connect Secure and Ivanti…
Multiple malware used in attacks exploiting Ivanti VPN flaws
Mandiant spotted new malware used by a China-linked threat actor UNC5221 targeting Ivanti Connect Secure VPN and Policy Secure devices. Mandiant researchers discovered new malware employed by a China-linked APT group known as UNC5221 and other threat groups targeting Ivanti…