Security Affairs newsletter Round 464 by Pierluigi Paganini – INTERNATIONAL EDITION

Pierluigi Paganini March 24, 2024

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Russia-linked APT29 targeted German political parties with WINELOADER backdoor
Mozilla fixed Firefox zero-days exploited at Pwn2Own Vancouver 2024
Large-scale Sign1 malware campaign already infected 39,000+ WordPress sites
German police seized the darknet marketplace Nemesis Market
Unsaflok flaws allow to open millions of doors using Dormakaba Saflok electronic locks
Pwn2Own Vancouver 2024: participants earned $1,132,500 for 29 unique 0-days
Critical Fortinet’s FortiClient EMS flaw actively exploited in the wild
Pwn2Own Vancouver 2024 Day 1 – team Synacktiv hacked a Tesla
Ivanti urges customers to fix critical RCE flaw in Standalone Sentry solution
New Loop DoS attack may target 300,000 vulnerable hosts
Critical flaw in Atlassian Bamboo Data Center and Server must be fixed immediately
Threat actors actively exploit JetBrains TeamCity flaws to deliver malware
BunnyLoader 3.0 surfaces in the threat landscape
Pokemon Company resets some users’ passwords
Ukraine cyber police arrested crooks selling 100 million compromised accounts
New AcidPour wiper targets Linux x86 devices. Is it a Russia’s weapon?
Players hacked during the matches of Apex Legends Global Series. Tournament suspended
Earth Krahang APT breached tens of government organizations worldwide
PoC exploit for critical RCE flaw in Fortra FileCatalyst transfer tool released
Fujitsu suffered a malware attack and probably a data breach
Remove WordPress miniOrange plugins, a critical flaw can allow site takeover
The Aviation and Aerospace Sectors Face Skyrocketing Cyber Threats
Email accounts of the International Monetary Fund compromised
Threat actors leaked 70,000,000+ records allegedly stolen from AT&T
“gitgub” malware campaign targets Github users with RisePro info-stealer


The Aviation And Aerospace Sectors Face Skyrocketing Cyber Threats   

Accounts of Internet users were appropriated: cyber police of the Kharkiv region exposed members of a criminal group 

AI adoption by hackers pushed financial scams in 2023      

Illegal darknet marketplace “Nemesis Market” shut down


RisePro stealer targets Github users in “gitgub” campaign  

Inside the Rabbit Hole: BunnyLoader 3.0 Unveiled  

Sign1 Malware: Analysis, Campaign History & Indicators of Compromise  

APT29 Uses WINELOADER to Target German Political Parties  


Red Teaming: A Proactive Approach to AI Safety

IMF Investigates Cyber-Security Incident  

Critical Vulnerability Remains Unpatched in Two Permanently Closed MiniOrange WordPress Plugins – $1,250 Bounty Awarded 

CVE-2024-25153: Remote Code Execution in Fortra FileCatalyst  

Esports league postponed after players hacked midgame 

New Attack Shows Risks of Browsers Giving Websites Access to GPU 
Identity Providers for RedTeamers

Pokemon resets some users passwords after hacking attempts   

TeamCity Vulnerability Exploits Lead to Jasmin Ransomware, Other Malware Types 

Loop DoS: New Denial-of-Service Attack targets Application-Layer Protocols

CVE-2023-48788: Fortinet FortiClient EMS SQL Injection Deep Dive       



Intelligence and Information Warfare 

Brussels’ spy problem is the tip of the iceberg, says Belgian justice minister  

Russia says cyberattacks had no impact on presidential election  

Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks 

The CNI warns about growing security threats in Spain: Russian espionage and cybercrimes, at the forefront

Gen Z Spies: Are Gamers a Bigger Threat Than Foreign Operatives?     


US holds conference on military AI use with dozens of allies to determine ‘responsible’ use  

DFSA’s Cyber Risk Management Guidelines: A Blueprint for Cyber Resilience?  

From Deepfakes to Malware: AI’s Expanding Role in Cyber Attacks

Preparing Society for AI-Driven Disinformation in the 2024 Election Cycle  

House Passes Bill Barring Sale of Personal Information to Foreign Adversaries

 If SpaceX’s Secret Constellation Is What We Think It Is, It’s Game Changing (Updated)  

Meta’s AI Watermarking Plan Is Flimsy, at Best – Watermarks are too easy to remove to offer any protection against disinformation

Insider threats are AI developers next hurdle  

Investors’ pledge to fight spyware undercut by past investments in US malware maker

Here’s the U.S. Government’s Antitrust Case Against Apple

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Newsletter)

you might also like

leave a comment