Security Affairs newsletter Round 443 by Pierluigi Paganini – INTERNATIONAL EDITION

Pierluigi Paganini October 29, 2023

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Bug hunters earned $1,038,250 for 58 unique 0-days at Pwn2Own Toronto 2023
Lockbit ransomware gang claims to have stolen data from Boeing
France agency ANSSI warns of Russia-linked APT28 attacks on French entities
How to Collect Market Intelligence with Residential Proxies?
F5 urges to address a critical flaw in BIG-IP
Hello Alfred app exposes user data
iLeakage attack exploits Safari to steal data from Apple devices
Cloudflare mitigated 89 hyper-volumetric HTTP distributed DDoS attacks exceeding 100 million rps
Seiko confirmed a data breach after BlackCat attack
Winter Vivern APT exploited zero-day in Roundcube webmail software in recent attacks
Pwn2Own Toronto 2023 Day 1 – organizers awarded $438,750 in prizes
VMware addressed critical vCenter flaw also for End-of-Life products
Citrix warns admins to patch NetScaler CVE-2023-4966 bug immediately
New England Biolabs leak sensitive data
Former NSA employee pleads guilty to attempted selling classified documents to Russia
Experts released PoC exploit code for VMware Aria Operations for Logs flaw. Patch it now!
How did the Okta Support breach impact 1Password?
PII Belonging to Indian Citizens, Including their Aadhaar IDs, Offered for Sale on the Dark Web
Spain police dismantled a cybercriminal group who stole the data of 4 million individuals
CISA adds second Cisco IOS XE flaw to its Known Exploited Vulnerabilities catalog
Cisco warns of a second IOS XE zero-day used to infect devices worldwide
City of Philadelphia suffers a data breach
SolarWinds fixed three critical RCE flaws in its Access Rights Manager product
Don’t use AI-based apps, Philippine defense ordered its personnel
Vietnamese threat actors linked to DarkGate malware campaign
MI5 chief warns of Chinese cyber espionage reached an unprecedented scale
The attack on the International Criminal Court was targeted and sophisticated


‘My business had £1.6m stolen in 20 minutes’

Inside a $30 Million Cash-for-Bitcoin Laundering Ring in the Heart of New York

Hacker accused of breaching Finnish psychotherapy center facing 30,000 counts      

A criminal organization that carried out computer scams and had data on four million people was dismantled  


DarkGate malware campaign 

The Duck is Hiring in Italy: DUCKTAIL Spread via Compromised LinkedIn Profiles  

StripedFly: Perennially flying under the radar  


‘Data security event’ in city’s email system may have exposed health information, Philly officials say   

1password: Okta Security Incident report [Internal Report]

VMware Aria Operations for Logs CVE-2023-34051 Technical Deep Dive and IOCs 

CVE-2023-4966: Critical security update now available for NetScaler ADC and NetScaler Gateway  

iLeakage: Browser-based Timerless Speculative Execution Attacks on Apple Devices

Refresh: Compromising F5 BIG-IP With Request Smuggling | CVE-2023-46747    

They Cracked the Code to a Locked USB Drive Worth $235 Million in Bitcoin. Then It Got Weird 


Intelligence and Information Warfare

Measures taken following the unprecedented cyber-attack on the ICC

Philippine military ordered to stop using artificial intelligence apps due to security risks  

Chinese Scammers Use Fake Loan Apps for Money Laundering 

Former NSA Employee Pleads Guilty to Attempted Espionage

Winter Vivern exploits zero-day vulnerability in Roundcube Webmail servers  

The Israel-Hamas War | Cyber Domain State-Sponsored Activity of Interest  

British agencies sound alarm on the ai threat, putting democracy at risk   


The Rise of the New Spycraft Regimes  

Cisco Finds Second Zero-Day as Number of Hacked Devices Apparently Drops  

The Cybersecurity Resilience Quotient: Measuring Security Effectiveness

DDoS threat report for 2023 Q3  

Internet access in Gaza is collapsing as ISPs fall offline   

King Charles III signs off on UK Online Safety Act, with unenforceable spying clause

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)

you might also like

leave a comment