Saturday, March 23, 2024

Unlimited cloud web hosting for life is just $90 this week only | PCWorld

Unlimited cloud web hosting for life is just $90 this week only | PCWorld

Unlimited cloud web hosting for life is just $90 this week only | PCWorld

When you purchase through links in our articles, we may earn a small commission. This doesn't affect our editorial independence.

Unlimited cloud web hosting for life is just $90 this week only

Running a website can get expensive fast with web hosting fees. Rather than pay hundreds or even thousands every year, lock in a lifetime of hosting for a one-time price during this limited-time sale on iBrave Cloud Web Hosting.

With this deal, you’ll get reliable, load-balanced unlimited cloud hosting for all of your sites on a platform designed by experts with more than 20 years of experience. With unlimited monthly bandwidth and SSD storage, free daily backups, free antivirus, and antispam protection, and a 99.9% uptime guarantee, you can rest assured all of your sites will perform how they need to at all times. You can even migrate from another host to iBrave for free and customize your site with over 80 one-click install apps.

Lock in better web hosting for a one-time price. This week only, you can get a lifetime subscription to iBrave Cloud Web Hosting for $89.97.

 

iBrave Cloud Web Hosting: Lifetime Subscription – $89.97

See Deal

StackSocial prices subject to change.

Business

Laptop

Mobile

PC Hardware

Deals

Digital Magazine - Subscribe

Manage Subscription

Gift Subscription

Newsletters

Friday, March 22, 2024

A Web Designer’s Accessibility Advocacy Toolkit — Smashing MagazineClear SearchBack to top

A Web Designer’s Accessibility Advocacy Toolkit — Smashing MagazineClear SearchBack to top

A Web Designer’s Accessibility Advocacy Toolkit — Smashing MagazineClear SearchBack to top

Yichan Wang is a visual designer based in New York City. She enjoys translating complex ideas into captivating stories. With a career spanning web, brand, and … More about Yichan ↬

Weekly tips on front-end & UX.Trusted by 200,000+ folks.

Web accessibility can be challenging, particularly for clients unfamiliar with tech or compliance with The Americans With Disabilities Act (ADA). My role as a digital designer often involves guiding clients toward ADA-compliant web designs. I’ve acquired many strategies over the years for encouraging clients to adopt accessible web practices and invest in accessible user interfaces. It’s something that comes up with nearly every new project, and I decided to develop a personal toolkit to help me make the case.

Now, I am opening up my toolkit for you to have and use. While some of the strategies may be specific to me and my work, there are plenty more that cast a wider net and are more universally applicable. I’ve considered different real-life scenarios where I have had to make a case for accessibility. You may even personally identify with a few of them!

Please enjoy. As you do, remember that there is no silver bullet for “selling” accessibility. We can’t win everyone over with cajoling or terse arguments. My hope is that you are able to use this collection to establish partnerships with your colleagues and clients alike. Accessibility is something that anyone can influence at various stages in a project, and “winning” an argument isn’t exactly the point. It’s a bigger picture we’re after, one that influences how teams work together, changes habits, and develops a new level of empathy and understanding.

I begin with general strategies for discussing accessibility with clients. Following that, I provide specific language and responses you can use to introduce accessibility practices to your team and clients and advocate its importance while addressing client skepticism and concerns. Use it as a starting point and build off of it so that it incorporates points and scenarios that are more specific to your work. I sincerely hope it helps you advance accessible practices.

General Strategies

We’ll start with a few ways you can position yourself when interacting with clients. By adopting a certain posture, we can set ourselves up to be the experts in the room, the ones with solutions rather than arguments.

Showcasing Expertise

I tend to establish my expertise and tailor the information to the client’s understanding of accessibility, which could be not very much. For those new to accessibility, I offer a concise overview of its definition, evaluation, and business impact. For clients with a better grasp of accessible practices, I like to use the WCAG as a point of reference for helping frame productive discussions based on substance and real requirements.

Aligning With Client Goals

I connect accessibility to the client’s goals instead of presenting accessibility as a moral imperative. No one loves being told what to do, and talking to clients on their terms establishes a nice bridge for helping them connect the dots between the inherent benefits of accessible practices and what they are trying to accomplish. The two aren’t mutually exclusive!

In fact, there are many clear benefits for apps that make accessibility a first-class feature. Refer to the “Accessibility Benefits” section to help describe those benefits to your colleagues and clients.

Defining Accessibility In The Project Scope

I outline accessibility goals early, typically when defining the project scope and requirements. Baking accessibility into the project scope ensures that it is at least considered at this crucial stage where decisions are being made for everything from expected outcomes to architectural requirements.

User stories and personas are common artifacts for which designers are often responsible. Use these as opportunities to define accessibility in the same breath as defining who the users are and how they interact with the app. Framing stories and outcomes as user interactions in an “as-when-then-so” format provides an opening to lead with accessibility:

Fill in the blanks. I think you’ll find that user’s expected outcomes are typically aligned with accessible experiences. Federico Francioni published his take on developing inclusive user personas, building off other excellent resources, including Microsoft’s Inclusive Design guidelines.

Meet Touch Design for Mobile Interfaces, Steven Hoober’s brand-new guide on designing for mobile with proven, universal, human-centric guidelines. 400 pages, jam-packed with in-depth user research and best practices.

Being Ready With Resources and Examples

I maintain a database of resources for clients interested in learning more about accessibility. Sharing anecdotes, such as clients who’ve seen benefits from accessibility or examples of companies penalized for non-compliance, can be very impactful.

Microsoft is helpful here once again with a collection of brief videos that cover a variety of uses, from informing your colleagues and clients on basic accessibility concepts to interviews with accessibility professionals and case studies involving real users.

There are a few go-to resources I’ve bookmarked to share with clients who are learning about accessibility for the first time. What I like about these is the approachable language and clarity. “Learn Accessibility” from web.dev is especially useful because it’s framed as a 21-part course. That may sound daunting, but it’s organized in small chunks that make it manageable, and sometimes I will simply point to the Glossary to help clients understand the concepts we discuss.

And where “Learn Accessibility” is focused on specific components of accessibility, I find that the Inclusive Design Principles site has a perfect presentation of the concepts and guiding principles of inclusion and accessibility on the web.

Meanwhile, I tend to sit beside a client to look at The A11Y Project. I pick a few resources to go through. Otherwise, the amount of information can be overwhelming. I like to offer this during a project’s planning phase because the site is focused on actionable strategies that help scope work.

Leveraging User Research

User research that is specific to the client’s target audience is more convincing than general statistics alone. When possible, I try to understand those user’s needs, including what they expect, what sort of technology they use to browse online, and where they are geographically. Painting a more complete picture of users — based on real-life factors and information — offers a more human perspective and plants the first seeds of empathy in the design process.

Web analytics are great for identifying who users are and how they currently interact with the app. At the same time, they are also wrought with caveats as far as accuracy goes, depending on the tool you use and how you collect your data. That said, I use the information to support my user persona decisions and the specific requirements I write. Analytics add nice brush strokes to the picture but do not paint the entire view. So, leverage it!

The big caveat with web analytics? There’s no way to identify traffic that uses assistive tech. That’s a good thing in general as far as privacy goes, but it does mean that researching the usability of your site is best done with real users — as it is with any user research, really. The A11Y Project has excellent resources for testing screen readers, including a link to this Smashing Magazine article about manual accessibility testing by Eric Bailey as well as a vast archive of links pointing to other research.

That said, web analytics can still be very useful to help accommodate other impairments, for example, segmenting traffic by age (for improving accessibility for low vision) and geography (for improving performance gaps for those on low-powered devices). WebAIM also provides insights in a report they produced from a 2018 survey of users who report having low vision.

Leaving Room For Improvements

Chances are that your project will fall at least somewhat short of your accessibility plans. It happens! I see plenty of situations where a late deadline translates into rushed work that sacrifices quality for speed, and accessibility typically falls victim to degraded quality.

I keep track of these during the project’s various stages and attempt to document them. This way, there’s already a roadmap for inclusive and accessible improvements in subsequent releases. It’s scoped, backlogged, and ready to drop into a sprint.

For projects involving large sites with numerous accessibility issues, I emphasize that partial accessibility compliance is not the same as actual compliance. I often propose phased solutions, starting with incremental changes that fit within the current scope and budget.

And remember, just because something passes a WCAG success criterion doesn’t necessarily mean it is accessible. Passing tests is a good sign, but there will always be room for improvement.

Commonly Asked Accessibility Questions

Accessibility is a broad topic, and we can’t assume that everyone knows what constitutes an “accessible” interface. Often, when I get pushback from a colleague or client, it’s because they simply do not have the same context that I do. That’s why I like to keep a handful of answers to commonly asked questions in my back pocket. It’s amazing how answering the “basics” leads to productive discussions filled with substance rather than ones grounded in opinion.

What Do We Mean By “Web Accessibility”?

When we say “web accessibility,” we’re generally talking about making online content available and usable for anyone with a disability, whether it’s a permanent impairment or a temporary one. It’s the practice of removing friction that excludes people from gaining access to content or from completing a task. That usually involves complying with a set of guidelines that are designed to remove those barriers.

Who Creates Accessibility Guidelines?

The Web Content Accessibility Guidelines (WCAG) are created by a working group of the World Wide Web Consortium (W3C) called the Web Accessibility Initiative (WAI). The W3C develops guidelines and principles to help designers, developers, and authors like us create web experiences based on a common set of standards, including those for HTML, CSS, internationalization, privacy, security, and yes, accessibility, among many, many other areas. The WAI working group maintains the accessibility standards we call WCAG.

Who Needs Web Accessibility?

Twenty-seven percent of the U.S. population has a disability, emphasizing the widespread need for accessible web design. WCAG primarily focuses on three groups:

When we make web experiences that solve these issues based on established guidelines, we’re not only doing good for those who are directly impacted by impairment but those who may be impaired in less direct ways as well, such as establishing large target sizes for those tapping a touchscreen phone with their hands full, or using proper color contrast for those navigating a screen in bright sunlight. Everyone needs — and benefits from — accessibility!

How Is Web Accessibility Regulated?

The Americans with Disabilities Act (ADA) is regulated by the Civil Rights Division of the U.S. Department of Justice, which was established by the Civil Rights Act of 1957. Even though there is a lot of bureaucracy in that last sentence, it’s reassuring to know the U.S. government not only believes in web accessibility but enforces it as well.

Non-compliance can result in legal action, with first-time ADA violations leading to fines of up to $75,000, increasing to $150,000 for subsequent violations. The number of lawsuits for alleged ADA breaches has surged in recent years, with more than 4,500 lawsuits filed in 2023 against sites that fail to comply with WCAG AA 2.1 alone — roughly 500 more lawsuits than 2022!

How Is Web Accessibility Evaluated?

Web accessibility is something we can test against. Many tools have been created to audit sites on the spot based on WCAG success criteria that specify accessible requirements. That would be a standards-based evaluation using WCAG as a reference point for auditing compliance.

WebAIM has an excellent page that compares different types of accessibility testing, reporting, and tooling. They are also quick to note that automated testing, while convenient, is not a comprehensive way to audit accessibility. Automated tools that scan websites may be able to pick up instances where mistakes in the HTML might contribute to accessibility issues and where color contrasts are insufficient. But they cannot replace or perfectly imitate a real-life person. Testing in real browsers with real people continues to be the most effective way to truly evaluate accessible web experiences.

This isn’t to say automated tools should not be part of an accessibility testing suite. In fact, they often highlight areas you may have overlooked. Even false positives are good in the sense that they force you to pause and look more closely at something. Some of the most widely used automated tools include the following:

These are just a few of the most frequent tools I use in my own testing, but there are many more, and the WAI maintains an extensive list of available tools that are worth considering. But again, remember that automated testing is not a one-to-one replacement for testing with real users.

Checklists can be handy for ensuring you are covering your bases:

Accessibility Benefits

When discussing accessibility, I find the most effective arguments are ones that are framed around the interests of clients and stakeholders. That way, the discussion stays within scope and helps everyone see that proper accessibility practices actually benefit business goals. Speaking in business terms is something I openly embrace because it typically supports my case.

The following are a few ways I would like to explain the positive impacts that accessibility has on business goals.

Case Studies

Sometimes, the most convincing approach is to offer examples of companies that have committed to accessible practices and come out better for it. And there are plenty of examples! I like to use case studies and reports in a similar industry or market for a more apples-to-apples comparison that stakeholders can identify with.

That said, there are great general cases involving widely respected companies and brands, including This American Life and Tesco, that demonstrate benefits such as increased organic search traffic, enhanced user engagement, and reduced site load times. For a comprehensive guide on framing these benefits, I refer to the W3C’s resource on building the business case for accessibility.

The Curb-Cut Effect

The “curb-cut effect” refers to how features originally designed for accessibility end up benefiting a broader audience. This concept helps move the conversation away from limiting accessibility as an issue that only affects the minority.

Features like voice control, auto-complete, and auto-captions — initially created to enhance accessibility — have become widely used and appreciated by all users. This effect also includes situational impairments, like using a phone in bright sunlight or with one hand, expanding the scope of who benefits from accessible design. Big companies have found that investing in accessibility can spur innovation.

SEO Benefits

I would like to highlight the SEO benefits that come with accessible best practices. Things like nicely structured sitemaps, a proper heading outline, image alt text, and unique link labels not only improve accessibility for humans but for search engines as well, giving search crawlers clear context about what is on the page. Stakeholders and clients care a lot about this stuff, and if they are able to come around on accessibility, then they’re effectively getting a two-for-one deal.

Better Brand Alignment

Incorporating accessibility into web design can significantly elevate how users perceive a brand’s image. The ease of use that comes with accessibility not only reflects a brand’s commitment to inclusivity and social responsibility but also differentiates it in competitive markets. By prioritizing accessibility, brands can convey a personality that is thoughtful and inclusive, appealing to a broader, more diverse customer base.

Cost Efficiency

I mentioned earlier how developing accessibility enhances SEO like a two-for-one package. However, there are additional cost savings that come with implementing accessibility during the initial stages of web development rather than retrofitting it later. A proactive approach to accessibility saves on the potential high costs of auditing and redesigning an existing site and helps avoid expensive legal repercussions associated with non-compliance.

Addressing Client Concerns

Still getting pushback? There are certain arguments I hear time and again, and I have started keeping a collection of responses to them. In some cases, I have left placeholder instructions for tailoring the responses to your project.

“Our users don’t need it.”

“Our competitors aren’t doing it.”

“We’ll do it later because it’s too expensive.”

“We’ve never had complaints.”

“It will affect the aesthetics of the site.”

Handling Common Client Requests

This section looks at frequent scenarios I’ve encountered in web projects where accessibility considerations come into play. Each situation requires carefully balancing the client’s needs/wants with accessibility standards. I’ll leave placeholder comments in the examples so you are able to address things that are specific to your project.

The Client Directly Requests An Inaccessible Feature

When clients request features they’ve seen online — like unfocusable carousels and complex auto-playing animations — it’s crucial to discuss them in terms that address accessibility concerns. In these situations, I acknowledge the appealing aspects of their inspirations but also highlight their accessibility limitations.

The Client Provides Inaccessible Content

This is where we deal with things like non-descriptive page titles, link names, form labels, and color contrasts for a better “reading” experience.

Sometimes, clients want page titles to be drastically different than the link in the navigation bar. Usually, this is because they want a more detailed page title while keeping navigation links succinct.

A common issue with web content provided by clients is the use of non-descriptive calls to action with phrases and link labels, like “Read More” or “Click Here.” Generic terms can be confusing for users, particularly for those using screen readers, as they don’t provide context about what the link leads to or the nature of the content on the other end.

Proper form labels are a critical aspect of accessible web design. Labels should clearly indicate the purpose of each input field, whether it’s required, and the expected format of the information. This clarity is essential for all users, especially for those using screen readers or other assistive technologies. Plus, there are accessible approaches to pairing labels and inputs that developers ought to be familiar with.

Clients will occasionally approach me with color palettes that produce too low of contrast when paired together. This happens when, for instance, on a website with a white background, a client wants to use their brand accent color for buttons, but that color simply blends into the background color, making it difficult to read. The solution is usually creating a slightly adjusted tint or shade that’s used specifically for digital interfaces — UI colors, if you will. Atul Varma’s “Accessible Color Palette Builder” is a great starting point, as is this UX Lift lander with alternatives.

Suggesting An Accessible Feature To Clients

Proactively suggesting features like sitemaps, pause buttons, and focus indicators is crucial. I’ll provide tips on how to effectively introduce these features to clients, emphasizing their importance and benefit.

Sitemaps play a crucial role in both accessibility and SEO, but clients sometimes hesitate to include them due to concerns about their visual appeal. The challenge is to demonstrate the value of site maps without compromising the site’s overall aesthetic.

Carousels are contentious design features. While some designers are against them and have legitimate reasons for it, I believe that with the right approach, they can be made accessible and effective. There are plenty of resources that provide guidance on creating accessible carousels.

When a client requests a home page carousel in a new site design, it’s worth considering alternative solutions that can avoid the common pitfalls of carousels, such as low click-through rates, increased load times, content being pushed below the fold, and potentially annoying auto-advancing features.

If we decide to use a carousel, I make a point of discussing the necessary accessibility features with the client right from the start. Many clients aren’t aware that elements like pause buttons are crucial for making auto-advancing carousels accessible. To illustrate this, I’ll show them examples of accessible carousel designs that incorporate these features effectively.

Further Reading

Any animation that starts automatically, lasts more than five seconds, and is presented in parallel with other content, needs a pause button per WCAG Success Criterion 2.2.2. A common scenario is when clients want a full-screen video on their homepage without a pause button. It’s important to explain the necessity of pause buttons for meeting accessibility standards and ensuring user comfort without compromising the website’s aesthetics.

Conclusion

That’s it! This is my complete toolkit for discussing web accessibility with colleagues and clients at the start of new projects. It’s not always easy to make a case, which is why I try to appeal from different angles, using a multitude of resources and research to support my case. But with practice, care, and true partnership, it’s possible to not only influence the project but also make accessibility a first-class feature in the process.

Please use the resources, strategies, and talking points I have provided. I share them to help you make your case to your own colleagues and clients. Together, incrementally, we can take steps toward a more accessible web that is inclusive to all people.

And when in doubt, remember the core principles we covered:

Tips on front-end & UX, delivered weekly in your inbox. Just the things you can actually use.

With practical takeaways, live sessions, video recordings and a friendly Q&A.

Everything TypeScript, with code walkthroughs and examples. And other printed books.

With a commitment to quality content for the design community.

Founded by Vitaly Friedman and Sven Lennartz. 2006–2024.

Smashing is proudly running on Netlify, TinaCMS and Swell.

Fonts by Latinotype.

Thursday, March 21, 2024

Top 10 Best GoDaddy Alternatives for Your Web Hosting Needs in 2024

Top 10 Best GoDaddy Alternatives for Your Web Hosting Needs in 2024

Top 10 Best GoDaddy Alternatives for Your Web Hosting Needs in 2024

By Emily Brookes

March 3, 2024

When you buy something through one of the links on our site, we may earn an affiliate commission.

 

GoDaddy is one of the biggest players in the web hosting game, with over 84 million registered domains and over 20 million customers to date. But is bigger always better? In many cases, you can get a better service and more value for money by shopping around and using a smaller hosting company with a more customer-centered approach. In this guide, we’re sharing the best GoDaddy alternatives to choose from for your website.

Don't have time to read the whole article? Don't worry, here's what you need to know.

Iridium Hosting and ChemiCloud are our favorite GoDaddy alternatives. Both offer excellent customer service and lightning-fast speeds.

ChemiCloud is a great option for anyone starting out on a budget, while Iridium is perfect for those with slightly bigger budgets looking for fast-growing sites with a premium managed WordPress service.

Contents

The Best GoDaddy Alternatives

If you're in the market for a new website hosting service, check out these GoDaddy alternatives. Most of these GoDaddy competitors offer greater flexibility than GoDaddy, as well as better service from a customer viewpoint.

1. Chemicloud: Our Top Affordable GoDaddy Alternative

Chemicloud is one of the most affordable shared hosting providers in the world and is famed for its fantastic customer support .

This popular GoDaddy alternative offers:

Each of these plans caters to a range of needs and budgets.

With features like CloudFlare CDN, a free domain, free SSL certificates, and a one-click install for many popular apps, it positions itself as a feature-rich hosting solution.

All plans include free migration. This means if you’re moving your website over from another hosting provider, it’ll all be taken care of for you.

Read our full ChemiCloud review to find out more about this affordable and reliable hosting provider.

Prices start from just $2.95/month. 

2. Iridium Hosting: Our Favourite Premium GoDaddy Alternative

Iridium Hosting made the top of our list of the best WordPress hosting companies. It’s not the cheapest option on this list, but you certainly get what you pay for, with lightning-fast speeds and stellar customer support.

It includes everything you would expect from a premium hosting service, including round-the-clock security and monitoring and a free SSL certificate for every site on your plan.

If you’re setting up a WordPress website for the first time, Iridium will handle everything for you. The support team will install WordPress and install and set up your chosen theme along with the relevant plugins to ensure everything works smoothly.

And if you’re moving over from another hosting provider, their expert support team will manually migrate your website.

If you’re looking for great value and simplicity with superfast speeds, Iridium is definitely worth checking out.

Plans start from $20/month.

3. WPX

WPX offers fully managed WordPress and WooCommerce hosting with the fastest loading times around. Over 99% of sites see an improvement in their speed after WPX optimization!

The user interface is designed to be user-friendly, making it easy for users to manage their sites. It includes plenty of useful features like one-click WordPress installations, automatic backups, and a custom control panel.

WPX Hosting also offers free website migrations, too. This makes it easy for website owners to switch from their current hosting provider to WPX without any hassle.

Prices start from $20.83/month.

4. Namecheap

Namecheap has established itself as one of the leading providers in the domain registration and web hosting industry. This is largely thanks to its focus on affordability, reliability, and customer service. 

It allows users to search for, register, and manage domain names across a wide variety of top-level domains (TLDs).

It is known for its competitive pricing and easy domain management system, making it one of the best GoDaddy alternatives for domain name registration. 

As well as being a domain registrar, Namecheap also offers various hosting solutions.

These include:

With plans starting from just under $2/month for the first year, Namecheap is undoubtedly one of the most affordable hosting providers around.

Plans come with everything you would expect, including email hosting, free SSL certificates, privacy and security services, and even a website builder.

Prices start from just $1.98/month.

5. Siteground

SiteGround is widely considered one of the best GoDaddy alternatives around and is one of the WordPress.org official recommended hosts, known for its WordPress-centric hosting solutions.

This popular web hosting service offers features like one-click WordPress installation, automatic updates, and a WordPress Starter plugin.

You will find plans for:

SiteGround also offers exceptional customer support with a strong emphasis on fast response times and helpful assistance. Their stellar support team is available 24/7 through live chat, phone, and tickets.

For users looking to switch hosting providers, SiteGround offers a free WordPress migration plugin and professional migration services for one website on most plans, making the transition smoother than what many other hosts, including GoDaddy, might offer.

You will also receive a free domain name for the first year on most plans.

Although plans are slightly more expensive than GoDaddy, SiteGround is often praised for its transparent pricing and clear terms of service.

Renewal rates and the scope of services are clearly outlined, helping users avoid unexpected costs—which is one of the biggest drawbacks of GoDaddy.

Check out our in-depth Siteground review to find out more about this popular hosting provider.

Plans start at $2.99/month

6. Bluehost

Bluehost is one of the most affordable GoDaddy alternatives around. It’s known for being super easy to use and very reliable, making it a popular choice amongst new bloggers and small businesses alike.

Bluehost offers:

It is an official WordPress-recommended hosting provider, and it will automatically install the latest version of WordPress for you to ensure your site is as secure as possible.

Users have access to the Bluehost marketplace, where you can find a range of beautifully designed WordPress themes and plugins to help you build the best website or blog possible.

Despite its low price point, Bluehost boasts an average response time of 18ms. It includes Cloudflare CDN and server-level caching to ensure your website is as fast as possible.

If you have any issues, you can expect a quick response from the support team, which is available 24 hours a day on both phone and chat.

Plans start from just $1.95/month.

7. WP Engine

WP Engine is one of the most popular GoDaddy alternatives around, providing affordable and reliable WordPress and WooCommerce hosting to businesses, bloggers, and entrepreneurs around the world.

Because it is specifically dedicated to WordPress websites, users can be sure that their site is in the safest possible hands. You will have access to WordPress experts when you need them, and all the technical aspects of running a website will be taken care of for you.

Obviously, WP Engine is quite a bit more expensive than GoDaddy, but if you’re planning to scale your business quickly, it’s worth every penny knowing that WP Engine will be able to handle large amounts of traffic with some of the fastest page loading speeds around.

Plans start from $13/month.

8. Kinsta

Kinsta is a premium managed WordPress hosting provider designed for all types of businesses, from startup to enterprise. It's known for its cutting-edge technology, high performance, and reliability.

It offers: 

Kinsta uses Google Cloud Platform's premium tier network along with Cloudflare to ensure the fastest loading times and optimal performance for websites hosted on their platform.

Thanks to its cloud-based infrastructure, Kinsta provides scalable solutions that allow your hosting resources to grow with your business. This means you can upgrade or downgrade your plan based on your website's traffic and resource requirements.

They take security seriously too, offering features like daily backups, firewalls, malware scanning, and DDoS protection to safeguard websites against common threats.

As a managed WordPress hosting provider, Kinsta also offers automatic WordPress updates, plugin management, and technical support to help users maintain their sites with ease.

It’s one of the more expensive GoDaddy alternatives on this list, but you get what you pay for with premium support, tight security, and high performance.

This makes it a great option for larger businesses who want top-notch service and support available for their high-traffic websites and eCommerce sites.

WordPress hosting starts at $30/month.

9. Cloudways

Cloudways is a managed cloud hosting platform that provides customers with an easy way to create, manage, and scale their blog or website by using leading cloud infrastructure providers.

Unlike traditional hosting services, Cloudways acts as an intermediary that allows you to choose from several cloud service providers, including:

Users can select their preferred cloud infrastructure provider based on their needs, budget, and the cloud provider's performance. This flexibility ensures that users can balance cost and performance effectively.

It also gives you the option to scale their server resources up or down based on current traffic demands, making running your website as cost-efficient as possible.

The Cloudways platform is designed with simplicity in mind, so it’s nice and easy to use, even if you’re a complete beginner. The user-friendly control panel makes it easy to manage your web applications, servers, and services.

As you would expect, Cloudways implements robust security measures. This includes regular security patching, firewalls, two-factor authentication, and SSL certificates to protect your website.

While Cloudways is particularly popular among WordPress users, it also supports a range of other applications, including Magento, Laravel, Drupal, Joomla, and more.

Cloudways uses a pay-as-you-go pricing model, which means you pay only for the resources you use. This model can save a lot of money compared to most traditional hosting plans with fixed pricing.

It's an excellent option for users looking for a balance between the control of cloud hosting and the convenience of managed services.

Plans start from $14/month.

10. Hostinger

Hostinger offers a wide range of hosting services at competitive prices. It has grown to become one of the most popular hosting providers in the market, catering to millions of users worldwide.

Its hosting options include:

It even includes Minecraft Server Hosting for gamers who want to set up their own online Minecraft world!

This popular web hosting provider offers affordable pricing plans. This makes it an attractive option for niche site owners and small businesses looking to establish an online presence without breaking the bank.

It’s refreshingly easy to use too, with an intuitive control panel that simplifies website management for beginners and advanced users alike.

It also offers various security features like SSL certificates, Cloudflare protection, and regular backups to ensure website safety and data integrity.

You will also have access to 24/7 customer support via live chat and email, with a comprehensive knowledge base for self-help.

Hostinger is well-suited for a range of users, from beginners looking to start their first website to businesses needing robust hosting solutions.

Its affordable shared hosting plans are particularly popular among individuals and small businesses. Likewise, VPS and cloud hosting services cater to websites with higher traffic and performance requirements.

Which of These Godaddy Alternatives is The Best Overall?

As you can see, there are plenty of web hosting services to choose from, so which is the best GoDaddy alternative overall?

Overall, our favorite has got to be Iridium Hosting. Iridium offers excellent value for money with incredible speeds and the best customer support around.

It's undoubtedly one of the best WordPress hosting providers available right now, so if you're on the hunt for a new hosting provider, Iridium should definitely be at the top of your list.

If you're looking for something more comparable to GoDaddy in terms of pricing, you will definitely want to give ChemiCloud a try.

The pricing comes in at slightly cheaper than GoDaddy's plans, with better customer support and super fast page speeds. They also offer a 45-day money-back guarantee, so you can try it out risk-free.

Related Posts

Posted in

By Emily Brookes

Emily started her first blog back in 2013, and since then she’s been fascinated with the world of online business.

She writes about blogging, online business ideas, and the tools and software that make the magic happen.

Want to learn step-by-step how I built my Niche Site Empire up to a full-time income?

 

Learn How I Built My Niche Site Empire to a Full-time Income

 

My top recommendations

 

Link Whisper Case Study: How 7 Successful Niche Site Owners Are Using It To Help Grow Their Sites

By Dan Morris

Surfer SEO Review: Is It the Best All-In-One On Page SEO Solution?

By Eric Burns

RankIQ Review: Is This AI SEO Toolset Worth Your Time and Money?

By Amy Derungs

Jasper AI Review (Jarvis AI): Is It Still The Best AI Writing Assistant?

By Dan Morris

Content Pit Review: Is it Possible to Find Fast, Inexpensive, and High Quality Content?

By Brady Cargle

Want to learn step-by-step how I built my Niche Site Empire up to a full-time income?

 

Latest articles

 

Podcasts

Why is Google MANUALLY Deindexing So Many Sites? (And Other News)

By Samara Kamenecka

Success Stories

How Callan Wenner Used SEO to Grow Her Recipe Blog to $5k Per Month

By Samara Kamenecka

Digital Marketing

YouTube vs. Rumble: Which Is The Best Video Platform To Profit From Your Content?

By Katie DeWitt

Blogging & Niche Websites

WPX Review: Is This Managed WordPress Hosting Provider Worth The Money?

By Emily Brookes

Start a Business

7 of the Most Popular Direct Mail Companies That Entrepreneurs Love

By Rachel Dennis

Start a Business

Entrepreneur Mindset: 11+ Powerful Character Traits For Sure Fire Success

By Steve Allen

Ready to find your niche?

I would love to learn about…

 

Join Over 67,000 People Like You!

Learn how to build a business online

 

Δ

© 2024 Niche Pursuits

Niche Pursuits is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for us to earn fees by linking to Amazon.com and affiliated sites.

Tuesday, March 19, 2024

Cheap web hosting: Pay just $89.97 for unlimited lifetime plan

Cheap web hosting: Pay just $89.97 for unlimited lifetime plan

Cheap web hosting: Pay just $89.97 for unlimited lifetime plan

By Cult of Mac Deals • 2:53 pm, February 22, 2024

You don’t need us to tell you that the future of everything, both business and personal, is online. So, whether you want to host your professional portfolio, or launch stores, blogs or countless other exciting projects, having a website is essential. To do that without breaking the bank, you’re going to need cheap web hosting — which traditionally can cost anywhere from a hundred dollars a year to hundreds of dollars per month.

It doesn’t have to, thanks to this special deal. For a limited time, you can get your hands on unlimited web hosting for life with the top-rated iBrave lifetime subscription for just $89.97 (regular price $899.10).

iBrave: A great deal on cheap web hosting

With this incredible deal, you’ll get the power to launch and host websites for life. Designed by experts with more than 20 years of industry experience, the idea behind iBrave is to deliver lightning-fast, high-quality web hosting at unbeatable prices. And with this deal, that includes unlimited websites, subdomains, bandwidth, storage and more — all through iBrave’s renowned, load-balanced cloud hosting.

Aside from its affordability, what’s also really great about iBrave is how easy it is to use. Thought launching websites was strictly the realm of IT wizards? Not anymore. One-click WordPress installation means you’ll be able to launch your site in seconds. The service also allows you to easily migrate existing websites to iBrave’s servers.

Besides, with an extremely high average customer rating of 4.5/5 stars, the user-friendliness of this cheap web hosting provider speaks for itself.

Not only is iBrave’s top-tier unlimited web hosting on sale today for less than $90 (a $900 value), but there are incredible deals to be had if you have smaller site needs, too.

Save on iBrave’s unlimited plan and host multiple websites for life

Right now, you can grab a lifetime subscription to iBrave cloud professional web hosting, which allows you to host unlimited websites, for just. Or you can choose the plan that offers up to 10 websites for just $34.97 (a $539.10 value). Or get the single website plan for just $19.97 (a $179.10 value).

Buy from: Cult of Mac Deals

Prices subject to change. All sales handled by StackSocial, our partner who runs Cult of Mac Deals. For customer support, please email StackSocial directly.

Newsletters

Daily round-ups or a weekly refresher, straight from Cult of Mac to your inbox.

Our daily roundup of Apple news, reviews and how-tos. Plus the best Apple tweets, fun polls and inspiring Steve Jobs bons mots. Our readers say: "Love what you do" -- Christi Cardenas. "Absolutely love the content!" -- Harshita Arora. "Genuinely one of the highlights of my inbox" -- Lee Barnett.

The week's best Apple news, reviews and how-tos from Cult of Mac, every Saturday morning. Our readers say: "Thank you guys for always posting cool stuff" -- Vaughn Nevins. "Very informative" -- Kenly Xavier.

Popular This Week

Sunday, March 17, 2024

iBrave Cloud Web Hosting Subscription at StackSocial: 1 site for $20, 10 for $35, unlimited for $90

iBrave Cloud Web Hosting Subscription at StackSocial: 1 site for $20, 10 for $35, unlimited for $90

iBrave Cloud Web Hosting Subscription at StackSocial: 1 site for $20, 10 for $35, unlimited for $90

Compared to buying direct from iBrave, that's a savings of $79 for one website, $164 for 10 sites, and $209 for an unlimited plan. These deals are for new subscribers only. Shop Now at StackSocial

Choose from nearly 500 courses, including subjects like Linux, photography, aromatherapy, painting, time management, and more. Shop Now at Udemy

You'd pay over $200 for these items sold separately elsewhere – plus, it's a great bundle for anyone who wants to keep to date with Windows, but still wants an office suite they can keep entirely local. Buy Now at StackSocial

Free up space from your device and back up your treasured photos, videos, music, and files. Shop Now at TradePub

That's a savings of $199. Buy Now at StackSocial

That's a savings of $79 off list and the lowest price we could find. Buy Now at StackSocial

You can get an Executive Gold Star Costco Membership with a $40 Costco Shop Card for $120 (essentially a savings of $40). Buy Now at StackSocial

That's the best price we could find by $8. You'll have 30 days to redeem the code; after 30 days, all purchases are final. Buy Now at StackSocial

Snap it up at 90% off today. Buy Now at StackSocial

Never Miss Another Deal

Get the latest deals delivered straight to your inbox

Never miss a deal!

Friday, March 15, 2024

iBrave Cloud Web Hosting is now up to 90% off from $25, this week onlyninetofive-toyschevron-downYouTubeFacebookTwitterInstagramPodcastninetofive-googleninetofive-macninetofive-electrekninetofive-dronedjninetofive-spaceexploredYouTubeFacebookTwitterInstagramPodcastchevron-rightGoogle News

iBrave Cloud Web Hosting is now up to 90% off from $25, this week onlyninetofive-toyschevron-downYouTubeFacebookTwitterInstagramPodcastninetofive-googleninetofive-macninetofive-electrekninetofive-dronedjninetofive-spaceexploredYouTubeFacebookTwitterInstagramPodcastchevron-rightGoogle News

iBrave Cloud Web Hosting is now up to 90% off from $25, this week onlyninetofive-toyschevron-downYouTubeFacebookTwitterInstagramPodcastninetofive-googleninetofive-macninetofive-electrekninetofive-dronedjninetofive-spaceexploredYouTubeFacebookTwitterInstagramPodcastchevron-rightGoogle News

If you run a website, you need an outstanding hosting service. It’s a competitive digital landscape out there and you can’t have a service that is dropping out or lagging from time to time. This week only, you can save on a lifetime subscription to iBrave Cloud Web Hosting and lock in high-quality web hosting for life.

iBrave was engineered by industry experts with more than two decades of experience and delivers load-balanced unlimited cloud hosting that ensures your site will never be impacted by other users’ activities. It’s a seamless, fast, secure cloud hosting experience that keeps both you and your users happy.

With an Unlimited Plan, iBrave offers unlimited monthly bandwidth, SSD storage, MySQL databases, and custom email addresses so even as you grow, your web hosting grows with you. You can even support unlimited websites.

With the user-friendly control panel, you can install more than 80 apps with just a click, including WordPress, Magento, Joomla, and many more, giving you complete control over all of your sites. Plus, you can migrate existing websites over to iBrave for free and enjoy free antivirus and anti-spam protection.

Lock in a great deal on iBrave Cloud Web Hosting this week only. Right now, you can get a lifetime subscription to an unlimited plan for 90% off $899 at just $99.97, 90% off a Professional Plan at just $49.99, or 86% off a Startup Plan at just $24.99.

StackSocial prices subject to change.

Add 9to5Toys to your Google News feed.  Google News

FTC: 9to5Toys is reader supported, we may earn income on affiliate links

Subscribe to the 9to5Toys YouTube Channel for all of the latest videos, reviews, and more!

About the Author

A cyber attack hit Thyssenkrupp Automotive Body Solutions BU

A cyber attack hit Thyssenkrupp Automotive Body Solutions BU

A cyber attack hit Thyssenkrupp Automotive Body Solutions BU

XSS flaw in LiteSpeed Cache plugin exposes millions of WordPress sites at risk

US GOV OFFERS A REWARD OF UP TO $15M FOR INFO ON LOCKBIT GANG MEMBERS AND AFFILIATES

New Redis miner Migo uses novel system weakening techniques

Critical flaw found in deprecated VMware EAP. Uninstall it immediately

Microsoft Exchange flaw CVE-2024-21410 could impact up to 97,000 servers

ConnectWise fixed critical flaws in ScreenConnect remote access tool

More details about Operation Cronos that disrupted Lockbit operation

Cactus ransomware gang claims the theft of 1.5TB of data from Energy management and industrial automation firm Schneider Electric

Operation Cronos: law enforcement disrupted the LockBit operation

A Ukrainian Raccoon Infostealer operator is awaiting trial in the US

Russia-linked APT TAG-70 targets European government and military mail servers exploiting Roundcube XSS

How BRICS Got "Rug Pulled" – Cryptocurrency Counterfeiting is on the Rise

SolarWinds addressed critical RCEs in Access Rights Manager (ARM)

ESET fixed high-severity local privilege escalation bug in Windows products

Security Affairs newsletter Round 459 by Pierluigi Paganini – INTERNATIONAL EDITION

Ukrainian national faces up to 20 years in prison for his role in Zeus, IcedID malware schemes

CISA: Cisco ASA/FTD bug CVE-2020-3259 exploited in ransomware attacks

CISA adds Microsoft Exchange and Cisco ASA and FTD bugs to its Known Exploited Vulnerabilities catalog

US gov offers a reward of up to $10M for info on ALPHV/Blackcat gang leaders

U.S. CISA: hackers breached a state government organization

Russia-linked Turla APT uses new TinyTurla-NG backdoor to spy on Polish NGOs

US Gov dismantled the Moobot botnet controlled by Russia-linked APT28

A cyberattack halted operations at Varta production plants

North Korea-linked actors breached the emails of a Presidential Office member

CISA adds Microsoft Windows bugs to its Known Exploited Vulnerabilities catalog

Nation-state actors are using AI services and LLMs for cyberattacks

Abusing the Ubuntu 'command-not-found' utility to install malicious packages

Zoom fixed critical flaw CVE-2024-24691 in Windows software

Adobe Patch Tuesday fixed critical vulnerabilities in Magento, Acrobat and Reader

Microsoft Patch Tuesday for February 2024 fixed 2 actively exploited 0-days

A ransomware attack took 100 Romanian hospitals down

Bank of America customer data compromised after a third-party services provider data breach

Ransomfeed - Third Quarter Report 2023 is out!

Global Malicious Activity Targeting Elections is Skyrocketing

Researchers released a free decryption tool for the Rhysida Ransomware

Residential Proxies vs. Datacenter Proxies: Choosing the Right Option

CISA adds Roundcube Webmail Persistent XSS bug to its Known Exploited Vulnerabilities catalog

Canada Gov plans to ban the Flipper Zero to curb car thefts

9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data

US Feds arrested two men involved in the Warzone RAT operation

Raspberry Robin spotted using two new 1-day LPE exploits

Security Affairs newsletter Round 458 by Pierluigi Paganini – INTERNATIONAL EDITION

CISA adds Fortinet FortiOS bug to its Known Exploited Vulnerabilities catalog

macOS Backdoor RustDoor likely linked to Alphv/BlackCat ransomware operations

Exploiting a vulnerable Minifilter Driver to create a process killer

Black Basta ransomware gang hacked Hyundai Motor Europe

Fortinet warns of a new actively exploited RCE flaw in FortiOS SSL VPN

Ivanti warns of a new auth bypass flaw in its Connect Secure, Policy Secure, and ZTA gateway devices

26 Cyber Security Stats Every User Should Be Aware Of in 2024

US offers $10 million reward for info on Hive ransomware group leaders

Unraveling the truth behind the DDoS attack from electric toothbrushes

China-linked APT Volt Typhoon remained undetected for years in US infrastructure

Cisco fixes critical Expressway Series CSRF vulnerabilities

CISA adds Google Chromium V8 Type Confusion bug to its Known Exploited Vulnerabilities catalog

Fortinet addressed two critical FortiSIEM vulnerabilities

Experts warn of a critical bug in JetBrains TeamCity On-Premises

Critical shim bug impacts every Linux boot loader signed in the past decade

China-linked APT deployed malware in a network of the Dutch Ministry of Defence

Commercial spyware vendors are behind most zero-day exploits discovered by Google TAG

Google fixed an Android critical remote code execution flaw

A man faces up to 25 years in prison for his role in operating unlicensed crypto exchange BTC-e

U.S. Gov imposes visa restrictions on individuals misusing Commercial Spyware

HPE is investigating claims of a new security breach

Experts warn of a surge of attacks targeting Ivanti SSRF flaw 

How to hack the Airbus NAVBLUE Flysmart+ Manager

Crooks stole $25.5 million from a multinational firm using a 'deepfake' video call

Software firm AnyDesk disclosed a security breach

The 'Mother of all Breaches': Navigating the Aftermath and Fortifying Your Data with DSPM

US government imposed sanctions on six Iranian intel officials

A cyberattack impacted operations at Lurie Children's Hospital

AnyDesk Incident: Customer Credentials Leaked and Published for Sale on the Dark Web

Security Affairs newsletter Round 457 by Pierluigi Paganini – INTERNATIONAL EDITION

Clorox estimates the costs of the August cyberattack will exceed $49 Million

Mastodon fixed a flaw that can allow the takeover of any account

Iranian hackers breached Albania’s Institute of Statistics (INSTAT)

Operation Synergia led to the arrest of 31 individuals

Ex CIA employee Joshua Adam Schulte sentenced to 40 years in prison

Cloudflare breached on Thanksgiving Day, but the attack was promptly contained

PurpleFox malware infected at least 2,000 computers in Ukraine

Man sentenced to six years in prison for stealing millions in cryptocurrency via SIM swapping

CISA orders federal agencies to disconnect Ivanti VPN instances by February 2

Multiple malware used in attacks exploiting Ivanti VPN flaws

Police seized 50,000 Bitcoin from operator of the now-defunct piracy site movie2k

Crooks stole around $112 million worth of XRP from Ripple’s co-founder

CISA adds Apple improper authentication bug to its Known Exploited Vulnerabilities catalog

Ivanti warns of a new actively exploited zero-day

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

Data leak at fintech giant Direct Trading Technologies

Root access vulnerability in GNU Library C (glibc) impacts many Linux distros

Italian data protection authority said that ChatGPT violated EU privacy laws

750 million Indian mobile subscribers' data offered for sale on dark web

Juniper Networks released out-of-band updates to fix high-severity flaws

Hundreds of network operators’ credentials found circulating in Dark Web

Cactus ransomware gang claims the Schneider Electric hack

Mercedes-Benz accidentally exposed sensitive data, including source code

Experts detailed Microsoft Outlook flaw that can leak NTLM v2 hashed passwords

NSA buys internet browsing records from data brokers without a warrant

Ukraine’s SBU arrested a member of Pro-Russia hackers group 'Cyber Army of Russia'

Multiple PoC exploits released for Jenkins flaw CVE-2024-23897

Medusa ransomware attack hit Kansas City Area Transportation Authority

Security Affairs newsletter Round 456 by Pierluigi Paganini – INTERNATIONAL EDITION

Pro-Ukraine hackers wiped 2 petabytes of data from Russian research center

Participants earned more than $1.3M at the Pwn2Own Automotive competition

A TrickBot malware developer sentenced to 64 months in prison

Russian Midnight Blizzard APT is targeting orgs worldwide, Microsoft warns

Watch out, experts warn of a critical flaw in Jenkins

Pwn2Own Automotive 2024 Day 2 - Tesla hacked again

Yearly Intel Trend Review: The 2023 RedSense report

Cisco warns of a critical bug in Unified Communications products, patch it now!

Russia-linked APT group Midnight Blizzard hacked Hewlett Packard Enterprise (HPE)

CISA adds Atlassian Confluence Data Center bug to its Known Exploited Vulnerabilities catalog

5379 GitLab servers vulnerable to zero-click account takeover attacks

Experts released PoC exploit for Fortra GoAnywhere MFT flaw CVE-2024-0204

Splunk fixed high-severity flaw impacting Windows versions

Watch out, a new critical flaw affects Fortra GoAnywhere MFT

Australian government announced sanctions for Medibank hacker

LoanDepot data breach impacted roughly 16.6 individuals

Black Basta gang claims the hack of the UK water utility Southern Water

CISA adds VMware vCenter Server bug to its Known Exploited Vulnerabilities catalog

Mother of all breaches - a historic data leak reveals 26 billion records: check what's exposed

Apple fixed actively exploited zero-day CVE-2024-23222

“My Slice”, an Italian adaptive phishing campaign

Threat actors exploit Apache ActiveMQ flaw to deliver the Godzilla Web Shell

Cybercriminals leaked massive volumes of stolen PII data from Thailand in Dark Web

Backdoored pirated applications targets Apple macOS users

LockBit ransomware gang claims the attack on the sandwich chain Subway

Security Affairs newsletter Round 455 by Pierluigi Paganini – INTERNATIONAL EDITION

Admin of the BreachForums hacking forum sentenced to 20 years supervised release

VF Corp December data breach impacts 35 million customers

China-linked APT UNC3886 exploits VMware zero-day since 2021

Ransomware attacks break records in 2023: the number of victims rose by 128%

U.S. CISA warns of actively exploited Ivanti EPMM flaw CVE-2023-35082

The Quantum Computing Cryptopocalypse – I’ll Know It When I See It

Kansas State University suffered a serious cybersecurity incident

CISA adds Chrome and Citrix NetScaler to its Known Exploited Vulnerabilities catalog

Google TAG warns that Russian COLDRIVER APT is using a custom backdoor

PixieFail: Nine flaws in UEFI open-source reference implementation could have severe impacts

iShutdown lightweight method allows to discover spyware infections on iPhones

Pro-Russia group hit Swiss govt sites after Zelensky visit in Davos

Github rotated credentials after the discovery of a vulnerability

FBI, CISA warn of AndroxGh0st botnet for victim identification and exploitation

Citrix warns admins to immediately patch NetScaler for actively exploited zero-days

Google fixed the first actively exploited Chrome zero-day of 2024

Atlassian fixed critical RCE in older Confluence versions

VMware fixed a critical flaw in Aria Automation. Patch it now!

Experts warn of mass exploitation of Ivanti Connect Secure VPN flaws

Experts warn of a vulnerability affecting Bosch BCC100 Thermostat

Over 178,000 SonicWall next-generation firewalls (NGFW) online exposed to hack

Phemedrone info stealer campaign exploits Windows smartScreen bypass

Balada Injector continues to infect thousands of WordPress sites

Attackers target Apache Hadoop and Flink to deliver cryptominers

Apple fixed a bug in Magic Keyboard that allows to monitor Bluetooth traffic

Security Affairs newsletter Round 454 by Pierluigi Paganini – INTERNATIONAL EDITION

GitLab fixed a critical zero-click account hijacking flaw

Juniper Networks fixed a critical RCE bug in its firewalls and switches

Vast Voter Data Leaks Cast Shadow Over Indonesia ’s 2024 Presidential Election

Researchers created a PoC for Apache OFBiz flaw CVE-2023-51467

Team Liquid’s wiki leak exposes 118K users

CISA adds Ivanti and Microsoft SharePoint bugs to its Known Exploited Vulnerabilities catalog

Two zero-day bugs in Ivanti Connect Secure actively exploited

X Account of leading cybersecurity firm Mandiant was hacked because not adequately protected

Cisco fixed critical Unity Connection vulnerability CVE-2024-20272

ShinyHunters member sentenced to three years in prison

HMG Healthcare disclosed a data breach

Threat actors hacked the X account of the Securities and Exchange Commission (SEC) and announced fake Bitcoin ETF approval

Decryptor for Tortilla variant of Babuk ransomware released

Microsoft Patch Tuesday for January 2024 fixed 2 critical flaws

CISA adds Apache Superset bug to its Known Exploited Vulnerabilities catalog

Syrian group Anonymous Arabic distributes stealthy malware Silver RAT

Swiss Air Force sensitive files stolen in the hack of Ultra Intelligence & Communications

DoJ charged 19 individuals in a transnational cybercrime investigation xDedic Marketplace

Long-existing Bandook RAT targets Windows machines

A cyber attack hit the Beirut International Airport

Iranian crypto exchange Bit24.cash leaks user passports and IDs

Security Affairs newsletter Round 453 by Pierluigi Paganini – INTERNATIONAL EDITION

Turkish Sea Turtle APT targets Dutch IT and Telecom firms

Experts spotted a new macOS Backdoor named SpectralBlur linked to North Korea

Merck settles with insurers regarding a $1.4 billion claim over NotPetya damages

The source code of Zeppelin Ransomware sold on a hacking forum

Russia-linked APT Sandworm was inside Ukraine telecoms giant Kyivstar for months

Ivanti fixed a critical EPM flaw that can result in remote code execution

MyEstatePoint Property Search Android app leaks user passwords

Hacker hijacked Orange Spain RIPE account causing internet outage to company customers

HealthEC data breach impacted more than 4.5 Million people

Experts found 3 malicious packages hiding crypto miners in PyPi repository

Crooks hacked Mandiant X account to push cryptocurrency scam

Cybercriminals Implemented Artificial Intelligence (AI) for Invoice Fraud

CISA ADDS CHROME AND PERL LIBRARY FLAWS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

Don’t trust links with known domains: BMW affected by redirect vulnerability

Hackers stole more than $81 million worth of crypto assets from Orbit Chain

Ukraine’s SBU said that Russia's intelligence hacked surveillance cameras to direct a missile strike on Kyiv

Experts warn of JinxLoader loader used to spread Formbook and XLoader

Terrapin attack allows to downgrade SSH protocol security

Multiple organizations in Iran were breached by a mysterious hacker

Top 2023 Security Affairs cybersecurity stories

Malware exploits undocumented Google OAuth endpoint to regenerate Google cookies

Cactus RANSOMWARE gang hit the Swedish retail and grocery provider Coop

Google agreed to settle a $5 billion privacy lawsuit

Security Affairs newsletter Round 452 by Pierluigi Paganini – INTERNATIONAL EDITION

INC RANSOM ransomware gang claims to have breached Xerox Corp

Spotify music converter TuneFab puts users at risk

Cyber attacks hit the Assembly of the Republic of Albania and telecom company One Albania

Russia-linked APT28 used new malware in a recent phishing campaign

Clash of Clans gamers at risk while using third-party app

New Version of Meduza Stealer Released in Dark Web

Operation Triangulation attacks relied on an undocumented hardware feature

Cybercriminals launched “Leaksmas” event in the Dark Web exposing massive volumes of leaked PII and compromised data

Lockbit ransomware attack interrupted medical emergencies gang at a German hospital network

Experts warn of critical Zero-Day in Apache OfBiz

Xamalicious Android malware distributed through the Play Store

Barracuda fixed a new ESG zero-day exploited by Chinese group UNC4841

Elections 2024, artificial intelligence could upset world balances

Experts analyzed attacks against poorly managed Linux SSH servers

A cyberattack hit Australian healthcare provider St Vincent’s Health Australia

Rhysida ransomware group hacked Abdali Hospital in Jordan

Carbanak malware returned in ransomware attacks

Resecurity Released a 2024 Cyber Threat Landscape Forecast

APT group UAC-0099 targets Ukraine exploiting a WinRAR flaw

Iran-linked APT33 targets Defense Industrial Base sector with FalseFont backdoor

Security Affairs newsletter Round 451 by Pierluigi Paganini – INTERNATIONAL EDITION

Europol and ENISA spotted 443 e-stores compromised with digital skimming

Video game giant Ubisoft investigates reports of a data breach

LockBit ransomware gang claims to have breached accountancy firm Xeinadin

Mobile virtual network operator Mint Mobile discloses a data breach

Akira ransomware gang claims the theft of sensitive data from Nissan Australia

Member of Lapsus$ gang sentenced to an indefinite hospital order

Real estate agency exposes details of 690k customers

ESET fixed a high-severity bug in the Secure Traffic Scanning Feature of several products

Phishing attacks use an old Microsoft Office flaw to spread Agent Tesla malware

Data leak exposes users of car-sharing service Blink Mobility

Google addressed a new actively exploited Chrome zero-day

German police seized the dark web marketplace Kingdom Market

Law enforcement Operation HAECHI IV led to the seizure of $300 Million

Sophisticated JaskaGO info stealer targets macOS and Windows

BMW dealer at risk of takeover by cybercriminals

Comcast’s Xfinity customer data exposed after CitrixBleed attack

FBI claims to have dismantled AlphV/Blackcat ransomware operation, but the group denies it

Smishing Triad: Cybercriminals Impersonate UAE Federal Authority for Identity and Citizenship on the Peak of Holidays Season

The ransomware attack on Westpole is disrupting digital services for Italian public administration

Info stealers and how to protect against them

Pro-Israel Predatory Sparrow hacker group disrupted services at around 70% of Iran’s fuel stations

Qakbot is back and targets the Hospitality industry

A supply chain attack on crypto hardware wallet Ledger led to the theft of $600K

MongoDB investigates a cyberattack, customer data exposed

InfectedSlurs botnet targets QNAP VioStor NVR vulnerability

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

New NKAbuse malware abuses NKN decentralized P2P network protocol

Snatch ransomware gang claims the hack of the food giant Kraft Heinz

Multiple flaws in pfSense firewall can lead to arbitrary code execution

BianLian, White Rabbit, and Mario Ransomware Gangs Spotted in a Joint Campaign

Data of over a million users of the crypto exchange GokuMarket exposed

Idaho National Laboratory data breach impacted 45,047 individuals

Ubiquiti users claim to have access to other people’s devices

Russia-linked APT29 spotted targeting JetBrains TeamCity servers

Microsoft seized the US infrastructure of the Storm-1152 cybercrime group

French authorities arrested a Russian national for his role in the Hive ransomware operation

China-linked APT Volt Typhoon linked to KV-Botnet

UK Home Office is ignoring the risk of 'catastrophic ransomware attacks,' report warns

OAuth apps used in cryptocurrency mining, phishing campaigns, and BEC attacks

Sophos backports fix for CVE-2022-3236 for EOL firewall firmware versions due to ongoing attacks

December 2023 Microsoft Patch Tuesday fixed 4 critical flaws

Ukrainian military intelligence service hacked the Russian Federal Taxation Service

Kyivstar, Ukraine's largest mobile carrier brought down by a cyber attack

Dubai’s largest taxi app exposes 220K+ users

Operation Blacksmith: Lazarus exploits Log4j flaws to deploy DLang malware

Apple released iOS 17.2 to address a dozen of security flaws

Toyota Financial Services discloses a data breach

Apache fixed Critical RCE flaw CVE-2023-50164 in Struts 2

CISA adds Qlik Sense flaws to its Known Exploited Vulnerabilities catalog

CISA and ENISA signed a Working Arrangement to enhance cooperation

Researcher discovered a new lock screen bypass bug for Android 14 and 13

WordPress 6.4.2 fixed a Remote Code Execution (RCE) flaw

Security Affairs newsletter Round 449 by Pierluigi Paganini – INTERNATIONAL EDITION

Hacktivists hacked an Irish water utility and interrupted the water supply

5Ghoul flaws impact hundreds of 5G devices with Qualcomm, MediaTek chips

Norton Healthcare disclosed a data breach after a ransomware attack

Bypassing major EDRs using Pool Party process injection techniques

Founder of Bitzlato exchange has pleaded for unlicensed money transmitting

Android barcode scanner app exposes user passwords

UK and US expose Russia Callisto Group's activity and sanction members

A cyber attack hit Nissan Oceania

New Krasue Linux RAT targets telecom companies in Thailand

Atlassian addressed four new RCE flaws in its products

CISA adds Qualcomm flaws to its Known Exploited Vulnerabilities catalog

Experts demonstrate a post-exploitation tampering technique to display Fake Lockdown mode

GST Invoice Billing Inventory exposes sensitive data to threat actors

Threat actors breached US govt systems by exploiting Adobe ColdFusion flaw

ENISA published the ENISA Threat Landscape for DoS Attacks Report

Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts

Google fixed critical zero-click RCE in Android

New P2PInfect bot targets routers and IoT devices

Malvertising attacks rely on DanaBot Trojan to spread CACTUS Ransomware

LockBit on a Roll - ICBC Ransomware Attack Strikes at the Heart of the Global Financial Order

Zyxel fixed tens of flaws in Firewalls, Access Points, and NAS devices

New Agent Raccoon malware targets the Middle East, Africa and the US

Security Affairs newsletter Round 448 by Pierluigi Paganini – INTERNATIONAL EDITION

Researchers devised an attack technique to extract ChatGPT training data

Fortune-telling website WeMystic exposes 13M+ user records

Expert warns of Turtle macOS ransomware

Black Basta Ransomware gang accumulated at least $107 million in Bitcoin ransom payments since early 2022

CISA adds ownCloud and Google Chrome bugs to its Known Exploited Vulnerabilities catalog

Apple addressed 2 new iOS zero-day vulnerabilities

Critical Zoom Room bug allowed to gain access to Zoom Tenants

Rhysida ransomware group hacked King Edward VII’s Hospital in London

Google addressed the sixth Chrome Zero-Day vulnerability in 2023

Okta reveals additional attackers' activities in October 2023 Breach

Thousands of secrets lurk in app images on Docker Hub

Threat actors started exploiting critical ownCloud flaw CVE-2023-49103

International police operation dismantled a prominent Ukraine-based Ransomware group

Daixin Team group claimed the hack of North Texas Municipal Water District

Healthcare provider Ardent Health Services disclosed a ransomware attack

Ukraine's intelligence service hacked Russia's Federal Air Transport Agency, Rosaviatsia

Iranian hacker group Cyber Av3ngers hacked the Municipal Water Authority of Aliquippa in Pennsylvania

The hack of MSP provider CTS potentially impacted hundreds of UK law firms

Security Affairs newsletter Round 447 by Pierluigi Paganini – INTERNATIONAL EDITION

Rhysida ransomware gang claimed China Energy hack

North Korea-linked APT Lazarus is using a MagicLine4NX zero-day flaw in supply chain attack

Hamas-linked APT uses Rust-based SysJoker backdoor against Israel

App used by hundreds of schools leaking children's data

Microsoft launched its new Microsoft Defender Bounty Program

Exposed Kubernetes configuration secrets can fuel supply chain attacks

North Korea-linked Konni APT uses Russian-language weaponized documents

ClearFake campaign spreads macOS AMOS information stealer

Welltok data breach impacted 8.5 million patients in the U.S.

North Korea-linked APT Diamond Sleet supply chain attack relies on CyberLink software

Automotive parts giant AutoZone disclosed data breach after MOVEit hack

New InfectedSlurs Mirai-based botnet exploits two zero-days

SiegedSec hacktivist group hacked Idaho National Laboratory (INL)

CISA adds Looney Tunables Linux bug to its Known Exploited Vulnerabilities catalog

Citrix provides additional measures to address Citrix Bleed

Tor Project removed several relays associated with a suspicious cryptocurrency scheme

Experts warn of a surge in NetSupport RAT attacks against education and government sectors

The Top 5 Reasons to Use an API Management Platform

Canadian government impacted by data breaches of two of its contractors

Rhysida ransomware gang is auctioning data stolen from the British Library

Russia-linked APT29 group exploited WinRAR 0day in attacks against embassies

DarkCasino joins the list of APT groups exploiting WinRAR zero-day

US teenager pleads guilty to his role in credential stuffing attack on a betting site

Security Affairs newsletter Round 446 by Pierluigi Paganini – INTERNATIONAL EDITION

8Base ransomware operators use a new variant of the Phobos ransomware

Russian APT Gamaredon uses USB worm LitterDrifter against Ukraine

The board of directors of OpenAI fired Sam Altman

Medusa ransomware gang claims the hack of Toyota Financial Services

CISA adds Sophos Web Appliance bug to its Known Exploited Vulnerabilities catalog

Zimbra zero-day exploited to steal government emails by four groups

Vietnam Post exposes 1.2TB of data, including email addresses

Samsung suffered a new data breach

FBI and CISA warn of attacks by Rhysida ransomware gang

Critical flaw fixed in SAP Business One product

Law enforcement agencies dismantled the illegal botnet proxy service IPStorm

Gamblers’ data compromised after casino giant Strendus fails to set password

VMware disclosed a critical and unpatched authentication bypass flaw in VMware Cloud Director Appliance

Danish critical infrastructure hit by the largest cyber attack in Denmark's history

Major Australian ports blocked after a cyber attack on DP World

Nuclear and Oil & Gas are Major Targets of Ransomware Groups in 2024

CISA adds five vulnerabilities in Juniper devices to its Known Exploited Vulnerabilities catalog

LockBit ransomware gang leaked data stolen from Boeing

North Korea-linked APT Sapphire Sleet targets IT job seekers with bogus skills assessment portals

The Lorenz ransomware group hit Texas-based Cogdell Memorial Hospital

The State of Maine disclosed a data breach that impacted 1.3M people

Security Affairs newsletter Round 445 by Pierluigi Paganini – INTERNATIONAL EDITION

Police seized BulletProftLink phishing-as-a-service (PhaaS) platform

Serbian pleads guilty to running ‘Monopoly’ dark web drug market

McLaren Health Care revealed that a data breach impacted 2.2 million people

After ChatGPT, Anonymous Sudan took down the Cloudflare website

Industrial and Commercial Bank of China (ICBC) suffered a ransomware attack

SysAid zero-day exploited by Clop ransomware group

Dolly.com pays ransom, attackers release data anyway

DDoS attack leads to significant disruption in ChatGPT services

Russian Sandworm disrupts power in Ukraine with a new OT attack

Veeam fixed multiple flaws in Veeam ONE, including critical issues

Pro-Palestinian hackers group 'Soldiers of Solomon' disrupted the production cycle of the biggest flour production plant in Israel

Iranian Agonizing Serpens APT is targeting Israeli entities with destructive cyber attacks

Critical Confluence flaw exploited in ransomware attacks

QNAP fixed two critical vulnerabilities in QTS OS and apps

Attackers use Google Calendar RAT to abuse Calendar service as C2 infrastructure

Socks5Systemz proxy service delivered via PrivateLoader and Amadey

US govt sanctioned a Russian woman for laundering virtual currency on behalf of threat actors

Security Affairs newsletter Round 444 by Pierluigi Paganini – INTERNATIONAL EDITION

Lazarus targets blockchain engineers with new KandyKorn macOS Malware

Kinsing threat actors probed the Looney Tunables flaws in recent attacks

ZDI discloses four zero-day flaws in Microsoft Exchange

Okta customer support system breach impacted 134 customers

Multiple WhatsApp mods spotted containing the CanesSpy Spyware

Russian FSB arrested Russian hackers who supported Ukrainian cyber operations

MuddyWater has been spotted targeting two Israeli entities

Clop group obtained access to the email addresses of about 632,000 US federal employees

Okta discloses a new data breach after a third-party vendor was hacked

Suspected exploitation of Apache ActiveMQ flaw CVE-2023-46604 to install HelloKitty ransomware

Boeing confirmed its services division suffered a cyberattack

Resecurity: Insecurity of 3rd-parties leads to Aadhaar data leaks in India

Who is behind the Mozi Botnet kill switch?

CISA adds two F5 BIG-IP flaws to its Known Exploited Vulnerabilities catalog

Threat actors actively exploit F5 BIG-IP flaws CVE-2023-46747 and CVE-2023-46748

Pro-Hamas hacktivist group targets Israel with BiBi-Linux wiper

British Library suffers major outage due to cyberattack

Critical Atlassian Confluence flaw can lead to significant data loss

WiHD leak exposes details of all torrent users

Experts released PoC exploit code for Cisco IOS XE flaw CVE-2023-20198

Canada bans WeChat and Kaspersky apps on government-issued mobile devices

Florida man sentenced to prison for SIM Swapping conspiracy that led to theft of $1M in cryptocurrency

Wiki-Slack attack allows redirecting business professionals to malicious websites

HackerOne awarded over $300 million bug hunters

StripedFly, a complex malware that infected one million devices without being noticed

IT Army of Ukraine disrupted internet providers in territories occupied by Russia

Security Affairs newsletter Round 443 by Pierluigi Paganini – INTERNATIONAL EDITION

Bug hunters earned $1,038,250 for 58 unique 0-days at Pwn2Own Toronto 2023

Lockbit ransomware gang claims to have stolen data from Boeing

How to Collect Market Intelligence with Residential Proxies?

F5 urges to address a critical flaw in BIG-IP

Hello Alfred app exposes user data

iLeakage attack exploits Safari to steal data from Apple devices

Cloudflare mitigated 89 hyper-volumetric HTTP distributed DDoS attacks exceeding 100 million rps

Seiko confirmed a data breach after BlackCat attack

Winter Vivern APT exploited zero-day in Roundcube webmail software in recent attacks

Pwn2Own Toronto 2023 Day 1 - organizers awarded $438,750 in prizes

VMware addressed critical vCenter flaw also for End-of-Life products

Citrix warns admins to patch NetScaler CVE-2023-4966 bug immediately

New England Biolabs leak sensitive data

Former NSA employee pleads guilty to attempted selling classified documents to Russia

Experts released PoC exploit code for VMware Aria Operations for Logs flaw. Patch it now!

How did the Okta Support breach impact 1Password?

PII Belonging to Indian Citizens, Including their Aadhaar IDs, Offered for Sale on the Dark Web

Spain police dismantled a cybercriminal group who stole the data of 4 million individuals

CISA adds second Cisco IOS XE flaw to its Known Exploited Vulnerabilities catalog

Cisco warns of a second IOS XE zero-day used to infect devices worldwide

City of Philadelphia suffers a data breach

SolarWinds fixed three critical RCE flaws in its Access Rights Manager product

Don't use AI-based apps, Philippine defense ordered its personnel

Vietnamese threat actors linked to DarkGate malware campaign

MI5 chief warns of Chinese cyber espionage reached an unprecedented scale

The attack on the International Criminal Court was targeted and sophisticated

Security Affairs newsletter Round 442 by Pierluigi Paganini – INTERNATIONAL EDITION

A threat actor is selling access to Facebook and Instagram's Police Portal

Threat actors breached Okta support system and stole customers' data

US DoJ seized domains used by North Korean IT workers to defraud businesses worldwide

Alleged developer of the Ragnar Locker ransomware was arrested

CISA adds Cisco IOS XE flaw to its Known Exploited Vulnerabilities catalog

Tens of thousands Cisco IOS XE devices were hacked by exploiting CVE-2023-20198

Law enforcement operation seized Ragnar Locker group's infrastructure

THE 11TH EDITION OF THE ENISA THREAT LANDSCAPE REPORT IS OUT!

North Korea-linked APT groups actively exploit JetBrains TeamCity flaw

Multiple APT groups exploited WinRAR flaw CVE-2023-38831

Californian IT company DNA Micro leaks private mobile phone data

Threat actors have been exploiting CVE-2023-4966 in Citrix NetScaler ADC/Gateway devices since August

A flaw in Synology DiskStation Manager allows admin account takeover

D-Link confirms data breach, but downplayed the impact

CVE-2023-20198 zero-day widely exploited to install implants on Cisco IOS XE systems

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Ransomware realities in 2023: one employee mistake can cost a company millions

Malware-laced 'RedAlert - Rocket Alerts' app targets Israeli users 

Cisco warns of active exploitation of IOS XE zero-day

Signal denies claims of an alleged zero-day flaw in its platform

Microsoft Defender thwarted Akira ransomware attack on an industrial engineering firm

DarkGate malware campaign abuses Skype and Teams

The Alphv ransomware gang stole 5TB of data from the Morrison Community Hospital

Security Affairs newsletter Round 441 by Pierluigi Paganini – INTERNATIONAL EDITION

Lockbit ransomware gang demanded an 80 million ransom to CDW

CISA warns of vulnerabilities and misconfigurations exploited in ransomware attacks

Stayin' Alive campaign targets high-profile Asian government and telecom entities. Is it linked to ToddyCat APT?

FBI and CISA published a new advisory on AvosLocker ransomware

More than 17,000 WordPress websites infected with the Balada Injector in September

Ransomlooker, a new tool to track and analyze ransomware groups' activities

Phishing, the campaigns that are targeting Italy

A new Magecart campaign hides the malicious code in 404 error page

CISA adds Adobe Acrobat Reader flaw to its Known Exploited Vulnerabilities catalog

Mirai-based DDoS botnet IZ1H9 added 13 payloads to target routers

Air Europa data breach exposed customers' credit cards

#OpIsrael, #FreePalestine & #OpSaudiArabia - How Cyber Actors Capitalize On War Actions Via Psy-Ops

Microsoft Patch Tuesday updates for October 2023 fixed three actively exploited zero-day flaws

New 'HTTP/2 Rapid Reset' technique behind record-breaking DDoS attacks

Exposed security cameras in Israel and Palestine pose significant risks

A flaw in libcue library impacts GNOME Linux systems

Hacktivists in Palestine and Israel after SCADA and other industrial control systems

Large-scale Citrix NetScaler Gateway credential harvesting campaign exploits CVE-2023-3519

The source code of the 2020 variant of HelloKitty ransomware was leaked on a cybercrime forum

Gaza-linked hackers and Pro-Russia groups are targeting Israel

Flagstar Bank suffered a data breach once again

Android devices shipped with backdoored firmware as part of the BADBOX network

Security Affairs newsletter Round 440 by Pierluigi Paganini – International edition

North Korea-linked Lazarus APT laundered over $900 million through cross-chain crime

QakBot threat actors are still operational after the August takedown

Ransomware attack on MGM Resorts costs $110 Million

Cybersecurity, why a hotline number could be important?

Multiple experts released exploits for Linux local privilege escalation flaw Looney Tunables

Cisco Emergency Responder is affected by a critical Static Credentials bug. Fix it immediately!

Belgian intelligence service VSSE accused Alibaba of ‘possible espionage’ at European hub in Liege

CISA adds JetBrains TeamCity and Windows flaws to its Known Exploited Vulnerabilities catalog

NATO is investigating a new cyber attack claimed by the SiegedSec group

Global CRM Provider Exposed Millions of Clients’ Files Online

Sony sent data breach notifications to about 6,800 individuals

Apple fixed the 17th zero-day flaw exploited in attacks

Atlassian Confluence zero-day CVE-2023-22515 actively exploited in attacks

A cyberattack disrupted Lyca Mobile services

Chipmaker Qualcomm warns of three actively exploited zero-days

DRM Report Q2 2023 - Ransomware threat landscape

Phishing campaign targeted US executives exploiting a flaw in Indeed job search platform

San Francisco’s transport agency exposes drivers’ parking permits and addresses

BunnyLoader, a new Malware-as-a-Service advertised in cybercrime forums

Exclusive: Lighting the Exfiltration Infrastructure of a LockBit Affiliate (and more)

Two hacker groups are back in the news, LockBit 3.0 Black and BlackCat/AlphV

European Telecommunications Standards Institute (ETSI) suffered a data breach

WS_FTP flaw CVE-2023-40044 actively exploited in the wild

National Logistics Portal (NLP) data leak: seaports in India were left vulnerable to takeover by hackers

North Korea-linked Lazarus targeted a Spanish aerospace company

Ransomware attack on Johnson Controls may have exposed sensitive DHS data

BlackCat gang claims they stole data of 2.5 million patients of McLaren Health Care

Security Affairs newsletter Round 439 by Pierluigi Paganini – International edition

ALPHV/BlackCat ransomware gang hacked the hotel chain Motel One

FBI warns of dual ransomware attacks

Progress Software fixed two critical severity flaws in WS_FTP Server

Child abuse site taken down, organized child exploitation crime suspected – exclusive

A still unpatched zero-day RCE impacts more than 3.5M Exim servers

Chinese threat actors stole around 60,000 emails from US State Department in Microsoft breach

Misconfigured WBSC server leaks thousands of passports

CISA adds JBoss RichFaces Framework flaw to its Known Exploited Vulnerabilities catalog

Cisco urges to patch actively exploited IOS zero-day CVE-2023-20109

Dark Angels Team ransomware group hit Johnson Controls

GOOGLE FIXED THE FIFTH CHROME ZERO-DAY OF 2023

Russian zero-day broker is willing to pay $20M for zero-day exploits for iPhones and Android devices

China-linked APT BlackTech was spotted hiding in Cisco router firmware

Watch out! CVE-2023-5129 in libwebp library affects millions applications

DarkBeam leaks billions of email and password combinations

'Ransomed.vc' in the Spotlight - What is Known About the Ransomware Group Targeting Sony and NTT Docomo

Top 5 Problems Solved by Data Lineage

Threat actors claim the hack of Sony, and the company investigates

Canadian Flair Airlines left user data leaking for months

The Rhysida ransomware group hit the Kuwait Ministry of Finance

BORN Ontario data breach impacted 3.4 million newborns and pregnancy care patients

Xenomorph malware is back after months of hiatus and expands the list of targets

Smishing Triad Stretches Its Tentacles into the United Arab Emirates

Crooks stole $200 million worth of assets from Mixin Network

A phishing campaign targets Ukrainian military entities with drone manual lures

Alert! Patch your TeamCity instance to avoid server hack

Is Gelsemium APT behind a targeted attack in Southeast Asian Government?

Nigerian National pleads guilty to participating in a millionaire BEC scheme

New variant of BBTok Trojan targets users of +40 banks in LATAM

Deadglyph, a very sophisticated and unknown backdoor targets the Middle East

Alphv group claims the hack of Clarion, a global manufacturer of audio and video equipment for cars

Security Affairs newsletter Round 438 by Pierluigi Paganini – International edition

National Student Clearinghouse data breach impacted approximately 900 US schools

Government of Bermuda blames Russian threat actors for the cyber attack

Recently patched Apple and Chrome zero-days exploited to infect devices in Egypt with Predator spyware

CISA adds Trend Micro Apex One and Worry-Free Business Security flaw to its Known Exploited Vulnerabilities catalog

Information of Air Canada employees exposed in recent cyberattack

Sandman APT targets telcos with LuaDream backdoor

Apple rolled out emergency updates to address 3 new actively exploited zero-day flaws

Ukrainian hackers are behind the Free Download Manager supply chain attack

Space and defense tech maker Exail Technologies exposes database access

Pro-Russia hacker group NoName launched a DDoS attack on Canadian airports causing severe disruptions

Experts found critical flaws in Nagios XI network monitoring software

The dark web drug marketplace PIILOPUOTI was dismantled by Finnish Customs

International Criminal Court hit with a cyber attack

GitLab addressed critical vulnerability CVE-2023-5009

Trend Micro addresses actively exploited zero-day in Apex One and other security Products

ShroudedSnooper threat actors target telecom companies in the Middle East

Recent cyber attack is causing Clorox products shortage

Earth Lusca expands its arsenal with SprySOCKS Linux malware

Microsoft AI research division accidentally exposed 38TB of sensitive data

German intelligence warns cyberattacks could target liquefied natural gas (LNG) terminals

Deepfake and smishing. How hackers compromised the accounts of 27 Retool customers in the crypto industry

FBI hacker USDoD leaks highly sensitive TransUnion data

North Korea's Lazarus APT stole almost $240 million in crypto assets since June

Clop gang stolen data from major North Carolina hospitals

CardX released a data leak notification impacting their customers in Thailand

Security Affairs newsletter Round 437 by Pierluigi Paganini – International edition

TikTok fined €345M by Irish DPC for violating children’s privacy

Dariy Pankov, the NLBrute malware author, pleads guilty

Dangerous permissions detected in top Android health apps

Caesars Entertainment paid a ransom to avoid stolen data leaks

Free Download Manager backdoored to serve Linux malware for more than 3 years

Lockbit ransomware gang hit the Carthage Area Hospital and the Clayton-Hepburn Medical Center in New York

The iPhone of a Russian journalist was infected with the Pegasus spyware

Kubernetes flaws could lead to remote code execution on Windows endpoints

Threat actor leaks sensitive data belonging to Airbus

A new ransomware family called 3AM appears in the threat landscape

Redfly group infiltrated an Asian national grid as long as six months

Mozilla fixed a critical zero-day in Firefox and Thunderbird

Microsoft September 2023 Patch Tuesday fixed 2 actively exploited zero-day flaws

Save the Children confirms it was hit by cyber attack

Adobe fixed actively exploited zero-day in Acrobat and Reader

A new Repojacking attack exposed over 4,000 GitHub repositories to hack

MGM Resorts hit by a cyber attack

Anonymous Sudan launched a DDoS attack against Telegram

Iranian Charming Kitten APT targets various entities in Brazil, Israel, and the U.A.E. using a new backdoor

GOOGLE FIXED THE FOURTH CHROME ZERO-DAY OF 2023

CISA adds recently discovered Apple zero-days to Known Exploited Vulnerabilities Catalog

UK and US sanctioned 11 members of the Russia-based TrickBot gang

New HijackLoader malware is rapidly growing in popularity in the cybercrime community

Some of TOP universities wouldn’t pass cybersecurity exam: left websites vulnerable

Evil Telegram campaign: Trojanized Telegram apps found on Google Play

Rhysida Ransomware gang claims to have hacked three more US hospitals

Akamai prevented the largest DDoS attack on a US financial company

Security Affairs newsletter Round 436 by Pierluigi Paganini – International edition

US CISA added critical Apache RocketMQ flaw to its Known Exploited Vulnerabilities catalog

Ragnar Locker gang leaks data stolen from the Israel's Mayanei Hayeshua hospital

North Korea-linked threat actors target cybersecurity experts with a zero-day

Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks

Zero-days fixed by Apple were used to deliver NSO Group’s Pegasus spyware

Apple discloses 2 new actively exploited zero-day flaws in iPhones, Macs

A malvertising campaign is delivering a new version of the macOS Atomic Stealer

Two flaws in Apache SuperSet allow to remotely hack servers

Chinese cyberspies obtained Microsoft signing key from Windows crash dump due to a mistake

Google addressed an actively exploited zero-day in Android

A zero-day in Atlas VPN Linux Client leaks users' IP address

MITRE and CISA release Caldera for OT attack emulation

ASUS routers are affected by three critical remote code execution flaws

Hackers stole $41M worth of crypto assets from crypto gambling firm Stake

Freecycle data breach impacted 7 Million users

Meta disrupted two influence campaigns from China and Russia

A massive DDoS attack took down the site of the German financial agency BaFin

"Smishing Triad" Targeted USPS and US Citizens for Data Theft

University of Sydney suffered a security breach caused by a third-party service provider

Cybercrime will cost Germany $224 billion in 2023

PoC exploit code released for CVE-2023-34039 bug in VMware Aria Operations for Networks

Security Affairs newsletter Round 435 by Pierluigi Paganini – International edition

LockBit ransomware gang hit the Commission des services electriques de Montréal (CSEM)

UNRAVELING EternalBlue: inside the WannaCry’s enabler

Researchers released a free decryptor for the Key Group ransomware

Fashion retailer Forever 21 data breach impacted +500,000 individuals

Russia-linked hackers target Ukrainian military with Infamous Chisel Android malware

Akira Ransomware gang targets Cisco ASA without Multi-Factor Authentication

Paramount Global disclosed a data breach

National Safety Council data leak: Credentials of NASA, Tesla, DoJ, Verizon, and 2K others leaked by workplace safety organization

Abusing Windows Container Isolation Framework to avoid detection by security products

Critical RCE flaw impacts VMware Aria Operations Networks

UNC4841 threat actors hacked US government email servers exploiting Barracuda ESG flaw

Hackers infiltrated Japan’s National Center of Incident Readiness and Strategy for Cybersecurity (NISC) for months

FIN8-linked actor targets Citrix NetScaler systems

Japan's JPCERT warns of new 'MalDoc in PDF' attack technique

Attackers can discover IP address by sending a link over the Skype mobile app

Cisco fixes 3 high-severity DoS flaws in NX-OS and FXOS software

Cloud and hosting provider Leaseweb took down critical systems after a cyber attack

Crypto investor data exposed by a SIM swapping attack against a Kroll employee

China-linked Flax Typhoon APT targets Taiwan

Researchers released PoC exploit for Ivanti Sentry flaw CVE-2023-38035

Resecurity identified a zero-day vulnerability in Schneider Electric Accutech Manager

A cyber attack hit Thyssenkrupp Automotive Body Solutions business unit

Steel giant ThyssenKrupp disclosed a security breach that impacted its Automotive division last week. The company shut down IT systems in response to the attack. The news of the attack was reported by the Saarbrücker Zeitung. The attack hit a factory in Saarland employing around 1,000 employees. 

ThyssenKrupp AG is a German industrial engineering and steel production multinational conglomerate. 

ThyssenKrupp AG has an annual revenue of over $41 billion (2022) and employs over 103,000 personnel.

Company spokeswoman Evelin Veit confirmed that the attack only impacted Thyssenkrupp Automotive Body Solutions business unit. She confirmed that the company discovered an unauthorized access to the IT infrastructure.

“The IT security of Automotive Body Solutions recognized the incident early on and has now contained the danger with the IT security of the Thyssenkrupp Group ,” Veit told the website Golem.de.

The spokeswoman added that the situation is currently “under control” and the German industrial group is working on a “gradual return to normal operations.”

The company did not disclose details of the attack, however the decision to shut down the IT systems suggests it was the victim of a ransomware attack.

This isn’t the first time that the company was the victim of a cyber attack. In 2012, the company was targeted by another cyber attack that was classified as “heavy” and of “exceptional quality.”

In 2016, alleged Asian threat actors targeted ThyssenKrupp to steal company secrets. The investigators speculated the attack was carried out by a group of professional hackers from Southeast Asia that were interested in the technological know-how and research activities of the company.

On December 28, 2020, ThyssenKrupp Materials group of companies based in U.S. and Canada were breached by the NetWalker ransomware group. The hackers managed to access sensitive HR information and documents about the company’s current and former employees.

The confidential information accessed by the attackers included the SSN and bank account information of employees.

In August 2020, ThyssenKrupp System Engineering was hit by the Mount Locker ransomware group. In

In January 2021, a ThyssenKrupp subsidiary was a victim of a ransomware cyberattack that caused the encryption of its servers and employee workstations.

In December 2022, ThyssenKrupp AG announced that the Materials Services division and corporate headquarters were hit by a cyberattack.

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking, cyberattack)

Hacking / February 27, 2024

Cyber Crime / February 21, 2024

Malware / February 21, 2024

Security / February 21, 2024

Hacking / February 21, 2024

To contact me write an email to: Pierluigi Paganini : [email protected]

Copyright@securityaffairs 2023