Security Affairs Read, think, share ⌠Security is everyone’s responsibility
- ICICI Bank exposed credit card data of 17000 customersby Pierluigi Paganini on April 28, 2024 at 8:32 pm
ICICI Bank, a major private bank in India, mistakenly exposed the sensitive data of thousands of new credit cards to unintended recipients. ICICI Bank, one of the leading private banks in India, accidentally exposed data of thousands of new credit cards to customers who were not the intended recipients. ICICI Bank Limited is an Indian multinational bank and financial services company
- Okta warns of unprecedented scale in credential stuffing attacks on online servicesby Pierluigi Paganini on April 28, 2024 at 2:34 pm
Identity and access management services provider Okta warned of a spike in credential stuffing attacks aimed at online services. In recent weeks, Okta observed a surge in credential stuffing attacks against online services, aided by the widespread availability of residential proxy services, lists of previously compromised credentials (âcombo listsâ), and automation tools. âOver the last
- Security Affairs newsletter Round 469 by Pierluigi Paganini â INTERNATIONAL EDITIONby Pierluigi Paganini on April 28, 2024 at 12:52 pm
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Hackers may have accessed thousands of accounts on the California state welfare platform Brokewell Android malware supports
- Targeted operation against Ukraine exploited 7-year-old MS Office bugby Pierluigi Paganini on April 28, 2024 at 7:45 am
A hacking campaign targeted Ukraine exploiting a seven-year-old vulnerability in Microsoft Office to deliver Cobalt Strike. Security experts at Deep Instinct Threat Lab have uncovered a targeted campaign against Ukraine, exploiting a Microsoft Office vulnerability dating back almost seven years to deploy Cobalt Strike on compromised systems. The researchers found a malicious PPSX (PowerPoint Slideshow
- Hackers may have accessed thousands of accounts on the California state welfare platformby Pierluigi Paganini on April 27, 2024 at 2:49 pm
Threat actors accessed more than 19,000 online accounts on a California state platform for welfare programs. Threat actors breached over 19,000 online accounts on a California state platform dedicated to welfare programs. Officials reported that the security breach occurred on February 9, when someone logged into some BenefitsCal usersâ accounts. Threat actors exploited reused passwords
- Brokewell Android malware supports an extensive set of Device Takeover capabilitiesby Pierluigi Paganini on April 27, 2024 at 7:48 am
ThreatFabric researchers identified a new Android malware called Brokewell, which implements a wide range of device takeover capabilities. ThreatFabric researchers uncovered a new mobile malware named Brokewell, which is equipped with sophisticated device takeover features. The experts pointed out that this malware is actively evolving and poses a severe risk to the banking sector. The
- Experts warn of an ongoing malware campaign targeting WP-Automatic pluginby Pierluigi Paganini on April 26, 2024 at 1:40 pm
A critical vulnerability in the WordPress Automatic plugin is being exploited to inject backdoors and web shells into websites WordPress security scanner WPScan warns that threat actors are exploiting a critical SQL injection vulnerability in the plugin WordPress Automatic to inject malware into websites. The premium plugin âAutomaticâ developed by ValvePress enables users to automatically
- Cryptocurrencies and cybercrime: A critical interminglingby Pierluigi Paganini on April 26, 2024 at 11:45 am
As cryptocurrencies have grown in popularity, there has also been growing concern about cybercrime involvement in this sector Cryptocurrencies have revolutionized the financial world, offering new investment opportunities and decentralized transactions. However, as cryptocurrencies have grown in popularity, there has also been growing concern about cybercrime involvement in this sector. The natural ambiguity of cryptocurrencies
- Kaiser Permanente data breach may have impacted 13.4 million patientsby Pierluigi Paganini on April 26, 2024 at 11:24 am
Healthcare service provider Kaiser Permanente disclosed a security breach that may impact 13.4 million individuals in the United States. Kaiser Permanente is an American integrated managed care consortium, it is made up of three distinct but interdependent groups of entities: the Kaiser Foundation Health Plan, Inc. (KFHP) and its regional operating subsidiaries; Kaiser Foundation Hospitals; and the
- Over 1,400 CrushFTP internet-facing servers vulnerable to CVE-2024-4040 bugby Pierluigi Paganini on April 26, 2024 at 9:08 am
Over 1,400 CrushFTP internet-facing servers are vulnerable to attacks exploiting recently disclosed CVE-2024-4040 vulnerability. Over 1,400 CrushFTP internet-facing servers are vulnerable to attacks targeting the critical severity vulnerability CVE-2024-4040. CVE-2024-4040 is a CrushFTP VFS sandbox escape vulnerability. CrushFTP is a file transfer server software that enables secure and efficient file transfer capabilities. It supports various features such as