Ransomware attacks are the most significant risk for modern organizations, why organizations should avoid paying ransoms. Ransomware attacks are the most significant risk for modern organizations, with the Verizon Data Breach Report 2024 reporting that ransomware is a top threat…
Tag: Security Affairs
Researchers warn of a new critical Apache OFBiz flaw
Researchers urge organizations using Apache OFBiz to address a critical bug, following reports of active exploitation of another flaw. Experts urge organizations to address a new critical vulnerability, tracked as CVE-2024-38856, in Apache OFBiz. The vulnerability is an incorrect authorization…
Keytronic incurred approximately $17 million of expenses following ransomware attack
Printed circuit board assembly (PCBA) manufacturer Keytronic reported that a recent ransomware attack led to expenses and lost revenue exceeding $17 million. In June, Keytronic disclosed a data breach after a ransomware group leaked allegedly stolen personal information from its…
A flaw in Rockwell Automation ControlLogix 1756 could expose critical control systems to unauthorized access
A security bypass bug in Rockwell Automation ControlLogix 1756 devices could allow unauthorized access to vulnerable devices. A high-severity security bypass vulnerability, tracked as CVE-2024-6242 (CVSS Base Score v4.0 of 7.3), impacts Rockwell Automation ControlLogix 1756 devices. An attacker can…
China-linked APT41 breached Taiwanese research institute
China-linked group APT41 breached a Taiwanese government-affiliated research institute using ShadowPad and Cobalt Strike. Cisco Talos researchers reported that the China-linked group compromised a Taiwanese government-affiliated research institute. The experts attributed the attack with medium confidence to the APT41 group. The…
Chinese StormBamboo APT compromised ISP to deliver malware
A China-linked APT, tracked as StormBamboo, compromised an internet service provider (ISP) to poison software update mechanisms with malware. Volexity researchers reported that a China-linked APT group, tracked as StormBamboo (aka Evasive Panda, Daggerfly, and StormCloud), successfully compromised an undisclosed internet service…
Hackers attempt to sell the personal data of 3 billion people resulting from an April data breach
Jerico Pictures Inc., operating as National Public Data, exposed the personal information of nearly 3 billion individuals in an April data breach. A proposed class action claims that Jerico Pictures Inc., operating with the National Public Data, exposed the personal…
Security Affairs newsletter Round 483 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. US sued TikTok…
Security Affairs Malware Newsletter – Round 5
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Unplugging PlugX: Sinkholing the PlugX USB worm botnet Introducing Gh0stGambit: A Dropper for Deploying Gh0st RAT Mandrake spyware sneaks onto Google…
US sued TikTok and ByteDance for violating children’s privacy laws
The U.S. Department of Justice has sued TikTok and its parent company, ByteDance, for extensive violations of children’s privacy laws. The Justice Department and the Federal Trade Commission (FTC) filed a civil lawsuit in the U.S. District Court for the…