A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. A cyberattack crippled the IT infrastructure of the City of Saint JohnHundreds of female sports stars and celebrities have their naked photos and videos leaked onlineRomanians arrested for running underg

The IIoT chip maker Advantech was hit by the Conti ransomware, the gang is now demanding over $13 million ransom from the company. The Conti ransomware gang hit infected the systems of industrial automation and Industrial IoT (IIoT) chip maker Advantech and is demanding over $13 million ransom (roughly 750 BTC) to avoid leaking stolen files and to provide

The Conti ransomware gang hit the systems of industrial automation and Industrial IoT (IIoT) chip maker Advantech and is now demanding a $14 million ransom to decrypt affected systems and to stop leaking stolen company data.Advantech is a global leading manufacturer of IT products and solutions, including embedded PCs, network devices, IoT, servers, and heal

Drupal has released emergency security updates to fix a critical flaw with known exploits that could allow for arbitrary PHP code execution. Drupal has released emergency security updates to address a critical vulnerability with known exploits that could be exploited to achieve arbitrary PHP code execution on some CMS versions. The Drupal project uses

A rather complex phishing scheme for stealing Office 365 credentials from small and medium-sized businesses in the U.S. and Australia combines cloud services from Oracle and Amazon into its infrastructure.The campaign has been active for more than half a year and uses a network of legitimate websites that have been compromised to work as a proxy chain.Simple

With the USA holidays, this has been a relatively slow week in new research being released. We did, though, see some organizations get attacked or report historical attacks.Last weekend, South Korean retail giant E-Land suffered a ransomware attack that forced them to close 23 retail stores while they recovered.There were also attacks reported against Rtizau

This week, British music streaming service, Last.fm has fixed a credential leakage issue that revealed admin username and password.The leak had occurred due to a misconfigured PHP Symfony app running in "debug" mode and exposing profiler logs.With these credentials, an attacker could have accessed and modified Last.fm user account details

Scammers are trying to steal email credentials from employees by impersonating their organization's human resources (HR) department in phishing emails camouflaged as internal 'back to work' company memos.These phishing messages have managed to land in thousands of targeted individuals' mailboxes after bypassing G Suite email defenses acco

French multinational production and distribution firm Banijay Group SAS was hit earlier this month by a DoppelPaymer ransomware attack and had sensitive information stolen by the ransomware operators during the incident.Yesterday, Banijay publicly confirmed a cyber incident that led to employee and commercially sensitive data potentially being compromised.Ba

Drupal has released emergency security updates to address a critical vulnerability with known exploits that could allow for arbitrary PHP code execution on some CMS versions."According to the regular security release window schedule, November 25th would not typically be a core security window," Drupal said."However, this release is necessary because the

Each security incident should lead to a successive reduction in future incidences of the same type. Organizations that fail toward zero embrace failure and learn from their mistakes."Hard times create strong people.""What doesn't kill you makes you stronger."Maybe you've whispered these mantras to yourself in the aftermath of a personal setback at home or wo

The global impact of the Fortinet 50.000 VPN leak posted online, with many countries impacted, including Portugal. A compilation of one-line exploit tracked as CVE-2018-13379 and that could be used to steal VPN credentials from nearly 50.000 Fortinet VPN devices has posted online. This vulnerability resides in an improper limitation of a path

The developers of the Drupal content management system (CMS) released out-of-band security updates right before Thanksgiving due to the availability of exploits.The core updates released for Drupal 7, 8.8, 8.9 and 9.0 on November 25 address a couple of vulnerabilities affecting PEAR Archive_Tar, a third-party library designed for handling .tar files in PHP.T

Chicago-based transportation technology firm Rand McNally is working on restoring network functionality following a cyberattack that hit its systems earlier this week.Rand McNally is an American company founded in 1856 that provides leading route mileage optimization and fleet management software to carriers, shipping companies, and third-party logistics pro

Canon has finally confirmed publicly that the cyberattack suffered in early August was caused by ransomware and that the hackers stole data from company servers.BleepingComputer was the first to report the attack after tracking a suspicious outage on the cloud photo and video storage service (image.canon) that caused users to lose files.Employee da