Pierluigi Paganini August 04, 2024

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

International Press – Newsletter

Cybercrime  

Malicious Inauthentic Falcon Crash Reporter Installer Distributed to German Entity via Spearphishing Website      

Ransomware operators exploit ESXi hypervisor vulnerability for mass encryption     

STARGAZERS GHOST NETWORK

Dark Angels ransomware receives record-breaking $75 million ransom

UNC4393 Goes Gently into the SILENTNIGHT

Three Individuals Sentenced for Massive $88M Business Telephone System Software License Piracy Scheme   

Ransomware Attack Hits OneBlood Blood Bank, Disrupts Medical Operations 

Malware

Unplugging PlugX: Sinkholing the PlugX USB worm botnet  

Mandrake spyware sneaks onto Google Play again, flying under the radar for two years

Phishing targeting Polish SMBs continues via ModiLoader  

BingoMod: The new android RAT that steals money and wipes data  

BITS and Bytes: Analyzing BITSLOTH, a newly identified backdoor

Hacking

SeleniumGreed: Threat actors exploit exposed Selenium Grid services for Cryptomining  

Acronis Product Vulnerability Exploited in the Wild 

OneDrive Pastejacking: The crafty phishing and downloader campaign 

“EchoSpoofing” — A Massive Phishing Campaign Exploiting Proofpoint’s Email Protection to Dispatch Millions of Perfectly Spoofed Emails 

Windows AppLocker Driver LPE Vulnerability – CVE-2024-21338     

StackExchange Abused to Spread Malicious Python Package That Drains Victims Crypto Wallets

WHO KNEW? DOMAIN HIJACKING IS SO EASY 

Social Media Malvertising Campaign Promotes Fake AI Editor Website for Credential Theft  

A $500 Open Source Tool Lets Anyone Hack Computer Chips With Lasers 

Israeli hacktivist group brags it took down Iran’s internet  

Intelligence and Information Warfare 

SideWinder Utilizes New Infrastructure to Target Ports and Maritime Facilities in the Mediterranean Sea

North Korean Government Hacker Charged for Involvement in Ransomware Attacks Targeting U.S. Hospitals and Health Care Providers  

U.S. Trades Cybercriminals to Russia in Prisoner Swap 

Fighting Ursa Luring Targets With Car for Sale  

Cybersecurity

When Cyberattacks Are Inevitable, Focus on Cyber Resilience  

IBM: Cost of a breach reaches nearly $5 million, with healthcare being hit the hardest  

Attor­ney Gen­er­al Ken Pax­ton Secures $1.4 Bil­lion Set­tle­ment with Meta Over Its Unau­tho­rized Cap­ture of Per­son­al Bio­met­ric Data In Largest Set­tle­ment Ever Obtained From An Action Brought By A Sin­gle State

Google Chrome adds app-bound encryption to block infostealer malware

UK calls out China state-affiliated actors for malicious cyber targeting of UK democratic institutions and parliamentarians        

Hackers Steal Personal Information From Pharma Giant Cencora

CrowdStrike sued by shareholders over global outage     

Using Threat Intelligence to Predict Potential Ransomware Attacks

Justice Department Sues TikTok and Parent Company ByteDance for Widespread Violations of Children’s Privacy Laws  

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)