Security Affairs newsletter Round 342

A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box.

If you want to also receive for free the newsletter with the international press subscribe here.

Italy’s Antitrust Agency fines Apple and Google for aggressive practices of data acquisition

HAEICHI-II: Interpol arrested +1,000 suspects linked to various cybercrimes

IKEA hit by a cyber attack that uses stolen internal reply-chain emails

Marine services provider Swire Pacific Offshore (SPO) hit by Clop ransomware

Threat actors target crypto and NFT communities with Babadeda crypter

Exclusive: Resecurity discovered 0-day vulnerability in TP-Link Wi-Fi 6 devices

APT C-23 group targets Middle East with an enhanced Android spyware variant

New Linux CronRAT hides in cron jobs to evade detection in Magecart attacks

Several GoDaddy brands impacted in recent data breach

Iranian threat actors exploit MS MSHTML bug to steal Google and Instagram credentials
FBI warns of crooks targeting online shoppers during the holiday season

VMware addresses File Read and SSRF flaws in vCenter Server

A vulnerable honeypot exposed online can be compromised in 24 hours

Apple sues NSO Group for abusing state-sponsored Pegasus spyware

Expert discloses details of flaws in Oracle VirtualBox

Malware are already attempting to exploit new Windows Installer zero-day

Android.Cynos.7.origin trojan infected +9 million Android devices

Experts warn of RCE flaw in Imunify360 security platform

Expert released PoC exploit code for Microsoft Exchange CVE-2021-42321 RCE bug

Expert disclosed an exploit for a new Windows zero-day local privilege elevation issue
US govt warns critical infrastructure of ransomware attacks during holidays

New GoDaddy data breach impacted 1.2 million customers

Utah Imaging Associates data breach impacts 583,643 patients

Iran’s Mahan Air claims it has failed a cyber attack, hackers say the opposite

New Memento ransomware uses password-protected WinRAR archives to block access to the files

US SEC warns investors of ongoing fraudulent communications claiming from the SEC

Experts found 11 malicious Python packages in the PyPI repository

Researchers were able to access the payment portal of the Conti gang

Attackers compromise Microsoft Exchange servers to hijack internal email chains

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Next 0patch releases unofficial patches for CVE-2021-24084 Windows 10 zero-day »

Previous « Italy's Antitrust Agency fines Apple and Google for aggressive practices of data acquisition

Published by

Pierluigi Paganini

Tags: Cybersecuritycybersecurity newsHackinghacking newsinformation security newsPierluigi PaganiniSecurity AffairsSecurity News

3 years ago

Recent Posts

Security

U.S. CISA adds Draytek VigorConnect and Kingsoft WPS Office bugs to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Draytek VigorConnect and Kingsoft WPS Office bugs…

8 hours ago

Security

A flaw in WordPress LiteSpeed Cache Plugin allows account takeover

A critical flaw in the LiteSpeed Cache plugin for WordPress could allow unauthenticated users to…

13 hours ago

Data Breach

Car rental company Avis discloses a data breach

Car rental giant Avis disclosed a data breach that impacted one of its business applications…

1 day ago

Hacking

SonicWall warns that SonicOS bug exploited in attacks

Recently fixed access control SonicOS vulnerability, tracked as CVE-2024-40766, is potentially exploited in attacks in the…

1 day ago

Security

Apache fixed a new remote code execution flaw in Apache OFBiz

Apache addressed a remote code execution vulnerability affecting the Apache OFBiz open-source enterprise resource planning…

2 days ago

Cyber warfare

Russia-linked GRU Unit 29155 targeted critical infrastructure globally

The United States and its allies state that Russia-linked threat actors operating under the GRU…

2 days ago

This website uses cookies.