Security Affairs newsletter Round 491 by Pierluigi Paganini – INTERNATIONAL EDITION

Pierluigi Paganini September 29, 2024

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Hackers stole over $44 million from Asian crypto platform BingX
OP KAERB: Europol dismantled phishing scheme targeting mobile users
Ukraine bans Telegram for government agencies, military, and critical infrastructure
Tor Project responded to claims that law enforcement can de-anonymize Tor users
UNC1860 provides Iran-linked APTs with access to Middle Eastern networks
US DoJ charged two men with stealing and laundering $230 Million worth of cryptocurrency
The Vanilla Tempest cybercrime gang used INC ransomware for the first time in attacks on the healthcare sector
U.S. CISA adds new Ivanti Cloud Services Appliance Vulnerability to its Known Exploited Vulnerabilities catalog
Ivanti warns of a new actively exploited Cloud Services Appliance (CSA) flaw
International law enforcement operation dismantled criminal communication platform Ghost
U.S. CISA adds Microsoft Windows, Apache HugeGraph-Server, Oracle JDeveloper, Oracle WebLogic Server, and Microsoft SQL Server bugs to its Known Exploited Vulnerabilities catalog
SIEM for Small and Medium-Sized Enterprises: What you need to know
Antivirus firm Dr.Web disconnected all servers following a cyberattack
Experts warn of China-linked APT’s Raptor Train IoT Botnet
Credential Flusher, understanding the threat and how to protect your login data
U.S. Treasury issued fresh sanctions against entities linked to the Intellexa Consortium
Broadcom fixed Critical VMware vCenter Server flaw CVE-2024-38812
Remote attack on pagers used by Hezbollah caused 9 deaths and thousands of injuries
Chinese man charged for spear-phishing against NASA and US Government
Data Breach
Qilin ransomware attack on Synnovis impacted over 900,000 patients
D-Link addressed three critical RCE in wireless router models
Apple dismisses lawsuit against surveillance firm NSO Group due to risk of threat intelligence exposure
Hacker tricked ChatGPT into providing detailed instructions to make a homemade bomb
Port of Seattle confirmed that Rhysida ransomware gang was behind the August attack

International Press – Newsletter

Cybercrime  

Samourai and Tornado Cash both pinning hopes on upcoming ruling  

Cyberattack on Kansas water treatment facility investigated by feds  

Modified LockBit and Conti ransomware shows up in DragonForce gang’s attacks  

Inside the Dragon: DragonForce Ransomware Group 

Two Russian Nationals Charged in Connection with Operating Billion Dollar Money Laundering Services  

Telegram’s New Rules Push Criminal Groups to Flee the Platform  

Security Brief: Actor Uses Compromised Accounts, Customized Social Engineering to Target Transport and Logistics Firms with Malware

Administrator account blamed for rail terror message hack  

OFAC and FinCEN target major Russian money laundering services including Cryptex and PM2BTC

Seizure of 7 million euros of crypto currency and 2 crypto currency exchanges offline  

Crypto scammers hack OpenAI’s press account on X     

Storm-0501: Ransomware attacks expanding to hybrid cloud environments

Kuwait Health Ministry restoring systems after cyberattack takes down hospitals, healthcare app  

Wallet Scam: A Case Study in Crypto Drainer Tactics

Malware

How the Necro Trojan infiltrated Google Play, again  

Kryptina RaaS | From Unsellable Cast-Off to Enterprise Ransomware  

Infostealer malware bypasses Chrome’s new cookie-theft defenses

AI-Generated Malware Found in the Wild

“Marko Polo” Navigates Uncharted Waters With Infostealer Empire

Octo2: European Banks Already Under Attack by New Malware Variant  

Hacking

Hacking Kia: Remotely Controlling Cars With Just a License Plate  

4 exploits, 1 bug: exploiting cve-2024-20017 4 different ways  

LLM’s New Achilles Heel: When Prompts Become Exploits  

A collection of Semgrep rules to facilitate vulnerability research

CVEs Targeting Remote Access Technologies

Hezbollah likely to launch retaliatory cyberattack on Israel, expert says          

Rethinking Red Teaming for AI: The new wave of Cybersecurity in the age of AI  

Israeli Group Claims Lebanon Water Hack as CISA Reiterates Warning on Simple ICS Attacks

Attacking UNIX Systems via CUPS, Part I     
Highly Anticipated Linux Flaw Allows Remote Code Execution, but Less Serious Than Expected 

Tosint: Open-source Telegram OSINT tool  

Intelligence and Information Warfare 

GreyNoise Reveals New Internet Noise Storm: Secret Messages and the China Connection  

-=TWELVE=- is back 

Earth Baxia Uses Spear-Phishing and GeoServer Exploit to Target APAC  

Gleaming Pisces Poisoned Python Packages Campaign Delivers PondRAT Linux and MacOS Backdoors

‘Get away from Hezbollah’: Has Israel hacked Lebanon’s telecoms networks?  

Iran linked hacker group Handala Hack Team claim pager explosions linked to Israeli battery company  

Norway starts probe into reported links to exploding pagers in Lebanon  

Thousands of Capitol Hill staffers’ info spilled across dark web, security firm says  

Cyberespionage the Gamaredon way: Analysis of toolset used to spy on Ukraine in 2022 and 2023  

China-Linked Hackers Breach U.S. Internet Providers in New ‘Salt Typhoon’ Cyberattack  

China’s satellites are dodging US eyes in space 

Unraveling Sparkling Pisces’s Tool Set: KLogEXE and FPSpy 

Sophistication of AI-backed operation targeting senator points to future of deepfake schemes 

Three IRGC Cyber Actors Indicted for ‘Hack-and-Leak’ Operation Designed to Influence the 2024 U.S. Presidential Election   

Cybersecurity

Nearly 40% of FAA air traffic control systems need urgent updates, GAO reports  

Telegram Changes Policy, Says It Will Provide User Data to Authorities  

‘Cybersecurity issue’ takes MoneyGram offline for three days – and counting

Kaspersky deletes itself, installs UltraAV antivirus without warning

HP Wolf Security Threat Insights Report: September 2024 

Google & Arm – Raising The Bar on GPU Security

Increased Cybersecurity Essential For NGOs: Help Available  

Firefox tracks you with “privacy preserving” feature  

Cyber house of cards – Politicians’ and staffers’ personal details exposed online 

NATO is testing out this decentralized messenger for communications between member nations  

Kaspersky defends force-replacing its security software without users’ explicit consent  

Threat Actors Continue to Exploit OT/ICS through Unsophisticated Means 

Uniting for Internet Freedom: Tor Project & Tails Join Forces

Microsoft’s more secure Windows Recall feature can also be uninstalled by users

Irish Data Protection Commission fines Meta Ireland €91 million         

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Subscribe to the newsletter for free here:

https://www.linkedin.com/build-relation/newsletter-follow?entityUrn=7093942975545667584

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)



you might also like

leave a comment