Ajax football club hack exposed fan data, enabled ticket hijack
Dutch professional football club Ajax Amsterdam (AFC Ajax) disclosed that a hacker exploited vulnerabilities in its IT systems and accessed data belonging to a few hundred people. [...]
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Dutch professional football club Ajax Amsterdam (AFC Ajax) disclosed that a hacker exploited vulnerabilities in its IT systems and accessed data belonging to a few hundred people. [...]
State-backed attackers started poking flaw as soon as it dropped – anyone still unpatched is on borrowed time Amazon has warned that China-nexus hacking crews began hammering the critical React "React2Shell" vulnerability within hours of disclosure, turning a theoretical CVSS-10 hole into a live-fire incident almost immediately.…
Two hacking groups with ties to China have been observed weaponizing the newly disclosed security flaw in React Server Components (RSC) within hours of it becoming public knowledge
Also, North Korean Hackers Remotely Wipe Android DevicesThis week, the U.K. government probed Chinese electric buses for a kill switch, APT37 abused Google's Find Hub in South Korea, Conduent said its January hack will cost it more, Hyundai disclosed a breach and Patch Tuesday. OWASP added two new categories to its Top 10 web application vulnerabilities.
A new large-scale botnet called RondoDox is targeting 56 vulnerabilities in more than 30 distinct devices, including flaws first disclosed during Pwn2Own hacking competitions. [...]
Vulnerability Could Enable Remote Code Injection AttacksWhen the lights start flickering in homes equipped with Schneider Electric end-of-life smart switches, it could be hackers, now that the French company disclosed a remotely exploitable vulnerability that won't receive a patch. No hacking has been reported to date.
Hackers Targeted a PAN-OS Flaw Days After Its DisclosureA suspected Chinese hacking campaign that began in November is exploiting a vulnerability in Palo Alto firewalls to install a custom malware backdoor for espionage. UNC5325 activity aligns with the Chinese hacking strategy of targeting edge devices.
Also: Critical WHOIS Vulnerability Exposes Internet Security Flaw in .mobi DomainsThis week, cyberthreats rising in Mexico; FBI warned of BEC scams; U.K. police arrested hacking suspect; Avis, Slim CD, Medicare and Fortinet disclosed breaches; Highline public schools reopened after cyberattack; a critical flaw was found in WHOIS; and Konni upped attacks on Russia, South Korea.
Beijing Used FortiGate Vulnerability to Install TrojanChinese espionage hackers penetrated Dutch military systems in early 2023, using a zero-day exploit in a Fortinet virtual private network to obtain access, Netherlands intelligence agencies disclosed Tuesday. They attributed the hacking to Chinese state actors with high confidence.
'Volt Typhoon' Could Be Preparing for Renewed Burst of ActivityA Chinese state hacking group is attacking superseded Cisco routers to target government entities in the United States, the United Kingdom and Australia. Beijing cyberespionage hackers dubbed "Volt Typhoon" are using vulnerabilities that were first disclosed in early 2019.
Federal Contractor Must Comply With New Reporting Measures Following Data BreachGlobal Tel*Link, a major telecommunications provider for state and federal prison systems, will be required to notify the FTC and consumers of future security incidents after a sweeping data breach left hundreds of thousands of its users vulnerable to identity theft and other privacy concerns.
Pro-Russian hacking groups have exploited a recently disclosed security vulnerability in the WinRAR archiving utility as part of a phishing campaign designed to harvest credentials from compromised systems
The U.S. Federal Bureau of Investigation (FBI) is warning that Barracuda Networks Email Security Gateway (ESG) appliances patched against a recently disclosed critical flaw continue to be at risk of potential compromise from suspected Chinese hacking groups
Multiple security flaws uncovered in Sonos One wireless speakers could be potentially exploited to achieve information disclosure and remote code execution, the Zero Day Initiative (ZDI) said in a report published last week
A new security vulnerability has been disclosed in RARlab's UnRAR utility that, if successfully exploited, could permit a remote attacker to execute arbitrary code on a system that relies on the binary
A cryptomining hacking group has been observed exploiting the recently disclosed remote code execution flaw in Atlassian Confluence servers to install miners on vulnerable servers. [...]
A security researcher disclosed details of a clickjacking attack demonstrated against PayPal that could be exploited to steal victims' account balances in a single click
Well, that clears things up? Maybe not. The US Justice Department has directed prosecutors not to charge "good-faith security researchers" with violating the Computer Fraud and Abuse Act (CFAA) if their reasons for hacking are ethical — things like bug hunting, responsible vulnerability disclosure, or above-board penetration testing.…
Threat actor is using the flaw to deliver Core Impact backdoor on vulnerable systems, security vendor says.
Three high-impact security vulnerabilities have been disclosed in APC Smart-UPS devices that could be abused by remote adversaries as a physical weapon to access and control them in an unauthorized manner