Security Affairs newsletter Round 291

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. A cyberattack crippled the IT infrastructure of the City of Saint JohnHundreds of female sports stars and celebrities have their naked photos and videos leaked onlineRomanians arrested for running underground malware servicesThreat actor shared a list of 49,577 IPs vulnerable Fortinet VPNsComputer Security and Data Privacy, the perfect allianceFBI issued an alert on Ragnar Locker ransomware activityMassive threat campaign strikes open-source repos, Sonatype spots new CursedGrabber malwareTikTok fixed security issues that could have led one-click account takeoverVMware discloses critical zero-day CVE-2020-4006 in Workspace OneVMware fixed SD-WAN flaws that could allow hackers to target enterprise networks2FA bypass in cPanel potentially exposes tens of millions of websites to hackA new Stantinko Bot masqueraded as httpd targeting Linux serversBaidu Android apps removed from Play Store because caught collecting user detailsCredential stuffing attack targeted 300K+ Spotify usersCrooks social-engineered GoDaddy staff to take over crypto-biz domainsMicrosoft fixes Kerberos Authentication issues with an out-of-band UpdateTrickBot operators continue to update their malware to increase resilience to takedownBelden discloses data breach as a result of a cyber attackGroup-IB Hi-Tech Crime Trends 2020/2021 reportOperation Falcon: Group-IB helps INTERPOL identify Nigerian BEC ring membersRetail giant Home Depot agrees to a $17.5 million settlement over 2014 data breachUK NCSCs alert urges orgs to fix MobileIron CVE-2020-15505 RCEWatch out, WAPDropper malware could subscribe you to premium servicesA zero-day in Windows 7 and Windows Server 2008 has yet to be fixedCarding Action 2020: Group-IB supports Europol-backed operation saving €40 millionDanish news agency Ritzau hit by ransomware, but did not pay the ransomRansomware hits US Fertility the largest US fertility networkSophos notifies data leak after a misconfigurationSSH-backdoor Botnet With ‘Research Infection TechniqueA week later, Manchester United has yet to recover after a cyberattackCanon publicly confirms August ransomware attack and data breachDetails of 16 million Brazilian COVID-19 patients exposed onlineDrupal emergency updates fix critical arbitrary PHP code executionNorth Korean hackers allegedly behind cyberattacks on AstraZenecaThe global impact of the Fortinet 50.000 VPN leak posted onlineChip maker Advantech hit by Conti ransomware gangHundreds of C-level executives credentials available for $100 to $1500 per accountOffice 365 phishing campaign leverages Oracle and Amazon cloud services try { window._mNHandle.queue.push(function (){ window._mNDetails.loadTag(“816788371”, “300×250”, “816788371”); }); } catch (error) {} try { window._mNHandle.queue.push(function (){ window._mNDetails.loadTag(“816788371”, “300×250”, “816788371”); }); } catch (error) {}

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)

The post Security Affairs newsletter Round 291 appeared first on Security Affairs.

Read the full article at