Security Affairs newsletter Round 440 by Pierluigi Paganini

MUST READ

New Krasue Linux RAT targets telecom companies in Thailand

Atlassian addressed four new RCE flaws in its products

CISA adds Qualcomm flaws to its Known Exploited Vulnerabilities catalog

Experts demonstrate a post-exploitation tampering technique to display Fake Lockdown mode

GST Invoice Billing Inventory exposes sensitive data to threat actors

Threat actors breached US govt systems by exploiting Adobe ColdFusion flaw

ENISA published the ENISA Threat Landscape for DoS Attacks Report

Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts

Google fixed critical zero-click RCE in Android

New P2PInfect bot targets routers and IoT devices

Malvertising attacks rely on DanaBot Trojan to spread CACTUS Ransomware

LockBit on a Roll - ICBC Ransomware Attack Strikes at the Heart of the Global Financial Order

Zyxel fixed tens of flaws in Firewalls, Access Points, and NAS devices

New Agent Raccoon malware targets the Middle East, Africa and the US

Security Affairs newsletter Round 448 by Pierluigi Paganini – INTERNATIONAL EDITION

Researchers devised an attack technique to extract ChatGPT training data

Fortune-telling website WeMystic exposes 13M+ user records

Expert warns of Turtle macOS ransomware

Black Basta Ransomware gang accumulated at least $107 million in Bitcoin ransom payments since early 2022

CISA adds ownCloud and Google Chrome bugs to its Known Exploited Vulnerabilities catalog

Apple addressed 2 new iOS zero-day vulnerabilities

Critical Zoom Room bug allowed to gain access to Zoom Tenants

Rhysida ransomware group hacked King Edward VII’s Hospital in London

Google addressed the sixth Chrome Zero-Day vulnerability in 2023

Okta reveals additional attackers' activities in October 2023 Breach

Thousands of secrets lurk in app images on Docker Hub

Threat actors started exploiting critical ownCloud flaw CVE-2023-49103

International police operation dismantled a prominent Ukraine-based Ransomware group

Daixin Team group claimed the hack of North Texas Municipal Water District

Healthcare provider Ardent Health Services disclosed a ransomware attack

Ukraine's intelligence service hacked Russia's Federal Air Transport Agency, Rosaviatsia

Iranian hacker group Cyber Av3ngers hacked the Municipal Water Authority of Aliquippa in Pennsylvania

The hack of MSP provider CTS potentially impacted hundreds of UK law firms

Security Affairs newsletter Round 447 by Pierluigi Paganini – INTERNATIONAL EDITION

Rhysida ransomware gang claimed China Energy hack

North Korea-linked APT Lazarus is using a MagicLine4NX zero-day flaw in supply chain attack

Hamas-linked APT uses Rust-based SysJoker backdoor against Israel

App used by hundreds of schools leaking children's data

Microsoft launched its new Microsoft Defender Bounty Program

Exposed Kubernetes configuration secrets can fuel supply chain attacks

North Korea-linked Konni APT uses Russian-language weaponized documents

ClearFake campaign spreads macOS AMOS information stealer

Welltok data breach impacted 8.5 million patients in the U.S.

North Korea-linked APT Diamond Sleet supply chain attack relies on CyberLink software

Automotive parts giant AutoZone disclosed data breach after MOVEit hack

New InfectedSlurs Mirai-based botnet exploits two zero-days

SiegedSec hacktivist group hacked Idaho National Laboratory (INL)

CISA adds Looney Tunables Linux bug to its Known Exploited Vulnerabilities catalog

Citrix provides additional measures to address Citrix Bleed

Tor Project removed several relays associated with a suspicious cryptocurrency scheme

Experts warn of a surge in NetSupport RAT attacks against education and government sectors

The Top 5 Reasons to Use an API Management Platform

Canadian government impacted by data breaches of two of its contractors

Rhysida ransomware gang is auctioning data stolen from the British Library

Russia-linked APT29 group exploited WinRAR 0day in attacks against embassies

DarkCasino joins the list of APT groups exploiting WinRAR zero-day

US teenager pleads guilty to his role in credential stuffing attack on a betting site

Security Affairs newsletter Round 446 by Pierluigi Paganini – INTERNATIONAL EDITION

8Base ransomware operators use a new variant of the Phobos ransomware

Russian APT Gamaredon uses USB worm LitterDrifter against Ukraine

The board of directors of OpenAI fired Sam Altman

Medusa ransomware gang claims the hack of Toyota Financial Services

CISA adds Sophos Web Appliance bug to its Known Exploited Vulnerabilities catalog

Zimbra zero-day exploited to steal government emails by four groups

Vietnam Post exposes 1.2TB of data, including email addresses

Samsung suffered a new data breach

FBI and CISA warn of attacks by Rhysida ransomware gang

Critical flaw fixed in SAP Business One product

Law enforcement agencies dismantled the illegal botnet proxy service IPStorm

Gamblers’ data compromised after casino giant Strendus fails to set password

VMware disclosed a critical and unpatched authentication bypass flaw in VMware Cloud Director Appliance

Danish critical infrastructure hit by the largest cyber attack in Denmark's history

Major Australian ports blocked after a cyber attack on DP World

Nuclear and Oil & Gas are Major Targets of Ransomware Groups in 2024

CISA adds five vulnerabilities in Juniper devices to its Known Exploited Vulnerabilities catalog

LockBit ransomware gang leaked data stolen from Boeing

North Korea-linked APT Sapphire Sleet targets IT job seekers with bogus skills assessment portals

The Lorenz ransomware group hit Texas-based Cogdell Memorial Hospital

The State of Maine disclosed a data breach that impacted 1.3M people

Security Affairs newsletter Round 445 by Pierluigi Paganini – INTERNATIONAL EDITION

Police seized BulletProftLink phishing-as-a-service (PhaaS) platform

Serbian pleads guilty to running ‘Monopoly’ dark web drug market

McLaren Health Care revealed that a data breach impacted 2.2 million people

After ChatGPT, Anonymous Sudan took down the Cloudflare website

Industrial and Commercial Bank of China (ICBC) suffered a ransomware attack

SysAid zero-day exploited by Clop ransomware group

Dolly.com pays ransom, attackers release data anyway

DDoS attack leads to significant disruption in ChatGPT services

Russian Sandworm disrupts power in Ukraine with a new OT attack

Veeam fixed multiple flaws in Veeam ONE, including critical issues

Pro-Palestinian hackers group 'Soldiers of Solomon' disrupted the production cycle of the biggest flour production plant in Israel

Iranian Agonizing Serpens APT is targeting Israeli entities with destructive cyber attacks

Critical Confluence flaw exploited in ransomware attacks

QNAP fixed two critical vulnerabilities in QTS OS and apps

Attackers use Google Calendar RAT to abuse Calendar service as C2 infrastructure

Socks5Systemz proxy service delivered via PrivateLoader and Amadey

US govt sanctioned a Russian woman for laundering virtual currency on behalf of threat actors

Security Affairs newsletter Round 444 by Pierluigi Paganini – INTERNATIONAL EDITION

Lazarus targets blockchain engineers with new KandyKorn macOS Malware

Kinsing threat actors probed the Looney Tunables flaws in recent attacks

ZDI discloses four zero-day flaws in Microsoft Exchange

Okta customer support system breach impacted 134 customers

Multiple WhatsApp mods spotted containing the CanesSpy Spyware

Russian FSB arrested Russian hackers who supported Ukrainian cyber operations

MuddyWater has been spotted targeting two Israeli entities

Clop group obtained access to the email addresses of about 632,000 US federal employees

Okta discloses a new data breach after a third-party vendor was hacked

Suspected exploitation of Apache ActiveMQ flaw CVE-2023-46604 to install HelloKitty ransomware

Boeing confirmed its services division suffered a cyberattack

Resecurity: Insecurity of 3rd-parties leads to Aadhaar data leaks in India

Who is behind the Mozi Botnet kill switch?

CISA adds two F5 BIG-IP flaws to its Known Exploited Vulnerabilities catalog

Threat actors actively exploit F5 BIG-IP flaws CVE-2023-46747 and CVE-2023-46748

Pro-Hamas hacktivist group targets Israel with BiBi-Linux wiper

British Library suffers major outage due to cyberattack

Critical Atlassian Confluence flaw can lead to significant data loss

WiHD leak exposes details of all torrent users

Experts released PoC exploit code for Cisco IOS XE flaw CVE-2023-20198

Canada bans WeChat and Kaspersky apps on government-issued mobile devices

Florida man sentenced to prison for SIM Swapping conspiracy that led to theft of $1M in cryptocurrency

Wiki-Slack attack allows redirecting business professionals to malicious websites

HackerOne awarded over $300 million bug hunters

StripedFly, a complex malware that infected one million devices without being noticed

IT Army of Ukraine disrupted internet providers in territories occupied by Russia

Security Affairs newsletter Round 443 by Pierluigi Paganini – INTERNATIONAL EDITION

Bug hunters earned $1,038,250 for 58 unique 0-days at Pwn2Own Toronto 2023

Lockbit ransomware gang claims to have stolen data from Boeing

How to Collect Market Intelligence with Residential Proxies?

F5 urges to address a critical flaw in BIG-IP

Hello Alfred app exposes user data

iLeakage attack exploits Safari to steal data from Apple devices

Cloudflare mitigated 89 hyper-volumetric HTTP distributed DDoS attacks exceeding 100 million rps

Seiko confirmed a data breach after BlackCat attack

Winter Vivern APT exploited zero-day in Roundcube webmail software in recent attacks

Pwn2Own Toronto 2023 Day 1 - organizers awarded $438,750 in prizes

VMware addressed critical vCenter flaw also for End-of-Life products

Citrix warns admins to patch NetScaler CVE-2023-4966 bug immediately

New England Biolabs leak sensitive data

Former NSA employee pleads guilty to attempted selling classified documents to Russia

Experts released PoC exploit code for VMware Aria Operations for Logs flaw. Patch it now!

How did the Okta Support breach impact 1Password?

PII Belonging to Indian Citizens, Including their Aadhaar IDs, Offered for Sale on the Dark Web

Spain police dismantled a cybercriminal group who stole the data of 4 million individuals

CISA adds second Cisco IOS XE flaw to its Known Exploited Vulnerabilities catalog

Cisco warns of a second IOS XE zero-day used to infect devices worldwide

City of Philadelphia suffers a data breach

SolarWinds fixed three critical RCE flaws in its Access Rights Manager product

Don't use AI-based apps, Philippine defense ordered its personnel

Vietnamese threat actors linked to DarkGate malware campaign

MI5 chief warns of Chinese cyber espionage reached an unprecedented scale

The attack on the International Criminal Court was targeted and sophisticated

Security Affairs newsletter Round 442 by Pierluigi Paganini – INTERNATIONAL EDITION

A threat actor is selling access to Facebook and Instagram's Police Portal

Threat actors breached Okta support system and stole customers' data

US DoJ seized domains used by North Korean IT workers to defraud businesses worldwide

Alleged developer of the Ragnar Locker ransomware was arrested

CISA adds Cisco IOS XE flaw to its Known Exploited Vulnerabilities catalog

Tens of thousands Cisco IOS XE devices were hacked by exploiting CVE-2023-20198

Law enforcement operation seized Ragnar Locker group's infrastructure

THE 11TH EDITION OF THE ENISA THREAT LANDSCAPE REPORT IS OUT!

North Korea-linked APT groups actively exploit JetBrains TeamCity flaw

Multiple APT groups exploited WinRAR flaw CVE-2023-38831

Californian IT company DNA Micro leaks private mobile phone data

Threat actors have been exploiting CVE-2023-4966 in Citrix NetScaler ADC/Gateway devices since August

A flaw in Synology DiskStation Manager allows admin account takeover

D-Link confirms data breach, but downplayed the impact

CVE-2023-20198 zero-day widely exploited to install implants on Cisco IOS XE systems

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Ransomware realities in 2023: one employee mistake can cost a company millions

Malware-laced 'RedAlert - Rocket Alerts' app targets Israeli users

Cisco warns of active exploitation of IOS XE zero-day

Signal denies claims of an alleged zero-day flaw in its platform

Microsoft Defender thwarted Akira ransomware attack on an industrial engineering firm

DarkGate malware campaign abuses Skype and Teams

The Alphv ransomware gang stole 5TB of data from the Morrison Community Hospital

Security Affairs newsletter Round 441 by Pierluigi Paganini – INTERNATIONAL EDITION

Lockbit ransomware gang demanded an 80 million ransom to CDW

CISA warns of vulnerabilities and misconfigurations exploited in ransomware attacks

Stayin' Alive campaign targets high-profile Asian government and telecom entities. Is it linked to ToddyCat APT?

FBI and CISA published a new advisory on AvosLocker ransomware

More than 17,000 WordPress websites infected with the Balada Injector in September

Ransomlooker, a new tool to track and analyze ransomware groups' activities

Phishing, the campaigns that are targeting Italy

A new Magecart campaign hides the malicious code in 404 error page

CISA adds Adobe Acrobat Reader flaw to its Known Exploited Vulnerabilities catalog

Mirai-based DDoS botnet IZ1H9 added 13 payloads to target routers

Air Europa data breach exposed customers' credit cards

#OpIsrael, #FreePalestine & #OpSaudiArabia - How Cyber Actors Capitalize On War Actions Via Psy-Ops

Microsoft Patch Tuesday updates for October 2023 fixed three actively exploited zero-day flaws

New 'HTTP/2 Rapid Reset' technique behind record-breaking DDoS attacks

Exposed security cameras in Israel and Palestine pose significant risks

A flaw in libcue library impacts GNOME Linux systems

Hacktivists in Palestine and Israel after SCADA and other industrial control systems

Large-scale Citrix NetScaler Gateway credential harvesting campaign exploits CVE-2023-3519

The source code of the 2020 variant of HelloKitty ransomware was leaked on a cybercrime forum

Gaza-linked hackers and Pro-Russia groups are targeting Israel

Flagstar Bank suffered a data breach once again

Android devices shipped with backdoored firmware as part of the BADBOX network

Security Affairs newsletter Round 440 by Pierluigi Paganini – International edition

North Korea-linked Lazarus APT laundered over $900 million through cross-chain crime

QakBot threat actors are still operational after the August takedown

Ransomware attack on MGM Resorts costs $110 Million

Cybersecurity, why a hotline number could be important?

Multiple experts released exploits for Linux local privilege escalation flaw Looney Tunables

Cisco Emergency Responder is affected by a critical Static Credentials bug. Fix it immediately!

Belgian intelligence service VSSE accused Alibaba of ‘possible espionage’ at European hub in Liege

CISA adds JetBrains TeamCity and Windows flaws to its Known Exploited Vulnerabilities catalog

NATO is investigating a new cyber attack claimed by the SiegedSec group

Global CRM Provider Exposed Millions of Clients’ Files Online

Sony sent data breach notifications to about 6,800 individuals

Apple fixed the 17th zero-day flaw exploited in attacks

Atlassian Confluence zero-day CVE-2023-22515 actively exploited in attacks

A cyberattack disrupted Lyca Mobile services

Chipmaker Qualcomm warns of three actively exploited zero-days

DRM Report Q2 2023 - Ransomware threat landscape

Phishing campaign targeted US executives exploiting a flaw in Indeed job search platform

San Francisco’s transport agency exposes drivers’ parking permits and addresses

BunnyLoader, a new Malware-as-a-Service advertised in cybercrime forums

Exclusive: Lighting the Exfiltration Infrastructure of a LockBit Affiliate (and more)

Two hacker groups are back in the news, LockBit 3.0 Black and BlackCat/AlphV

European Telecommunications Standards Institute (ETSI) suffered a data breach

WS_FTP flaw CVE-2023-40044 actively exploited in the wild

National Logistics Portal (NLP) data leak: seaports in India were left vulnerable to takeover by hackers

North Korea-linked Lazarus targeted a Spanish aerospace company

Ransomware attack on Johnson Controls may have exposed sensitive DHS data

BlackCat gang claims they stole data of 2.5 million patients of McLaren Health Care

Security Affairs newsletter Round 439 by Pierluigi Paganini – International edition

ALPHV/BlackCat ransomware gang hacked the hotel chain Motel One

FBI warns of dual ransomware attacks

Progress Software fixed two critical severity flaws in WS_FTP Server

Child abuse site taken down, organized child exploitation crime suspected – exclusive

A still unpatched zero-day RCE impacts more than 3.5M Exim servers

Chinese threat actors stole around 60,000 emails from US State Department in Microsoft breach

Misconfigured WBSC server leaks thousands of passports

CISA adds JBoss RichFaces Framework flaw to its Known Exploited Vulnerabilities catalog

Cisco urges to patch actively exploited IOS zero-day CVE-2023-20109

Dark Angels Team ransomware group hit Johnson Controls

GOOGLE FIXED THE FIFTH CHROME ZERO-DAY OF 2023

Russian zero-day broker is willing to pay $20M for zero-day exploits for iPhones and Android devices

China-linked APT BlackTech was spotted hiding in Cisco router firmware

Watch out! CVE-2023-5129 in libwebp library affects millions applications

DarkBeam leaks billions of email and password combinations

'Ransomed.vc' in the Spotlight - What is Known About the Ransomware Group Targeting Sony and NTT Docomo

Security Affairs newsletter Round 440 by Pierluigi Paganini – International edition

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box.

you might also like

New Krasue Linux RAT targets telecom companies in Thailand

CISA adds Qualcomm flaws to its Known Exploited Vulnerabilities catalog

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

New Krasue Linux RAT targets telecom companies in Thailand

Atlassian addressed four new RCE flaws in its products

CISA adds Qualcomm flaws to its Known Exploited Vulnerabilities catalog

Experts demonstrate a post-exploitation tampering technique to display Fake Lockdown mode

GST Invoice Billing Inventory exposes sensitive data to threat actors

QUICK LINKS

Security Affairs newsletter Round 440 by Pierluigi Paganini – International edition

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box.

you might also like

New Krasue Linux RAT targets telecom companies in Thailand

CISA adds Qualcomm flaws to its Known Exploited Vulnerabilities catalog

leave a comment

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

New Krasue Linux RAT targets telecom companies in Thailand

Atlassian addressed four new RCE flaws in its products

CISA adds Qualcomm flaws to its Known Exploited Vulnerabilities catalog

Experts demonstrate a post-exploitation tampering technique to display Fake Lockdown mode

GST Invoice Billing Inventory exposes sensitive data to threat actors

Subscribe to my email list and stay
up-to-date!