Security Affairs newsletter Round 308
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box.
If you want to receive the complete weekly Security Affairs Newsletter for free, including the international press, subscribe here.
| Experts found two flaws in Facebook for WordPress Plugin |
| Hackers disrupted live broadcasts at Channel Nine. Is it a Russian retaliation? |
| QNAP urges users to take action to protect devices against Brute-Force attacks |
| US Gov Executive Order would oblige to disclose security breach impacting gov users |
| China-linked RedEcho APT took down part of its C2 domains |
| Hackers breached the PHP ‘s Git Server and inserted a backdoor in the source code |
| London-based academies Harris Federation hit by ransomware attack |
| New Purple Fox version includes Rootkit and implements wormable propagation |
| Ziggy ransomware admin announced it will refund victims who paid the ransom |
| 30 Docker images downloaded 20M times in cryptojacking attacks |
| Experts found 2 Linux Kernel flaws that can allow bypassing Spectre mitigations |
| Hundreds of thousands of projects affected by a flaw in netmask npm package |
| Reflected XSS Vulnerability In Ivory Search WP Plugin Impact Over 60K sites |
| VMware addresses SSRF flaw in vRealize Operations that allows stealing admin credentials |
| Chinese experts earned $20,000 for reporting a Chrome Sandbox Escape |
| Email accounts of DHS members were compromised in the SolarWinds hack |
| IETF deprecates TLS 1.0 and TLS 1.1, update to latest versions |
| North Korea-linked hackers target security experts again |
| President Biden extended Executive Order 13694 regarding cyberattack sanctions |
| Akamai dealt with an 800Gbps ransom DDoS against a gambling company |
| DeepDotWeb admin pleads guilty to money laundering conspiracy |
| Ubiquiti security breach may be a catastrophe |
| US CISA warns of DoS flaws in Citrix Hypervisor |
| VMware fixed flaws in vROps that can be chained to compromise organizations |
| VMware fixes authentication bypass in Carbon Black Cloud Workload appliance |
| Airlift Express Fixes Vulnerabilities in Its E-commerce Store |
| Conti Ransomware gang demanded $40 million ransom to Broward County Public Schools |
| DHS CISA requires federal agencies to assess their Microsoft Exchange servers by April 5 |
| FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers |
| Man indicted for tampering with public water system in Kansas |
| Tens of thousands of QNAP SOHO NAS devices affected by unpatched RCEs |
| TIMs Red Team Research (RTR) team found 5 zero-day flaws in the CA eHealth Performance Manager product |
| Activision warns of Call of Duty Cheat tool used to deliver RAT |
| Attackers are abusing GitHub infrastructure to mine cryptocurrency |
| Capital One discovered more customers SSNs exposed in 2019 hack |
| Evolution and rise of the Avaddon Ransomware-as-a-Service |
If you want to receive the complete weekly Security Affairs Newsletter for free, including the international press, subscribe here.
Follow me on Twitter: @securityaffairs and Facebook
|
|
Pierluigi Paganini
(SecurityAffairs – hacking, newsletter)
The post Security Affairs newsletter Round 308 appeared first on Security Affairs.
If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.
