Pierluigi Paganini October 15, 2023

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Cybercrime

Phishers Spoof USPS, 12 Other Natl’ Postal Services  

The Art of Concealment: A New Magecart Campaign That’s Abusing 404 Pages  

Spanish airline Air Europa hit by credit card system breach  

New Report: Child Sexual Abuse Content and Online Risks to Children on the Rise

#StopRansomware: AvosLocker Ransomware (Update)

CDW Says It’s Investigating After LockBit Claims To Leak Data Trove  

New Clues Suggest Stolen FTX Funds Went to Russia-Linked Money Launderers 

Malware

Trojans All the Way Down: BADBOX and PEACHPI

IZ1H9 Campaign Enhances Its Arsenal with Scores of Exploits  

The Art of Concealment: A New Magecart Campaign That’s Abusing 404 Pages

Balada Injector Targets Unpatched tagDiv Plugin, Newspaper Theme & WordPress Admins       

DarkGate Opens Organizations for Attack via Skype, Teams  

Hacking

X-Force uncovers global NetScaler Gateway credential harvesting campaign  

HTTP/2 Rapid Reset: deconstructing the record-breaking attack

U.S. Cybersecurity Agency Warns of Actively Exploited Adobe Acrobat Reader Vulnerability

Squid games: 35 security holes still unpatched in proxy after 2 years, now public

Intelligence and Information Warfare

Threat actors represented in the 2023 Microsoft Digital Defense Report

Concern grows in Brazil over Chinese industrial espionage

#OpIsrael, #FreePalestine And #OpSaudiArabia – How Cyber-Threat Actors Coordinate PSYOPS Campaigns With Kinetic Military Actions  

STAYIN’ ALIVE – TARGETED ATTACKS AGAINST TELECOMS AND GOVERNMENT MINISTRIES IN ASIA  

BlueShell Used in APT Attacks Against Korean and Thai Targets     

CVE-2023-38831 Exploited by Pro-Russia Hacking Groups in RU-UA Conflict Zone for Credential Harvesting Operations

Assessed Cyber Structure and Alignments of North Korea in 2023      

Cyberattacks Targeting Israel Are Rising After Hamas Assault   

Cybersecurity

Coordinated Disclosure: 1-Click RCE on GNOME (CVE-2023-43641)   

Exposed security cameras in Israel and Palestine posing significant risks

Google mitigated the largest DDoS attack to date, peaking above 398 million rps   

THE OCTOBER 2023 SECURITY UPDATE REVIEW       

Hamas Attacks, Israel Bombs Gaza and Misinformation Surges Online  

Ransomware Vulnerability Warning Pilot updates: Now a One-stop Resource for Known Exploited Vulnerabilities and Misconfigurations Linked to Ransomware   

AI Images Detectors Are Being Used to Discredit the Real Horrors of War

SEC Investigating Progress Software Over MOVEit Hack   

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)