Pierluigi Paganini
October 27, 2024
Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.
International Press – Newsletter
Cybercrime
Cisco Confirms Security Incident After Hacker Offers to Sell Data
Using gRPC and HTTP/2 for Cryptominer Deployment: An Unconventional Approach
Threat actor abuses Gophish to deliver new PowerRAT and DCRAT
Researchers link Polyfill supply chain attack to huge network of copycat gambling sites
Fake LockBit, Real Damage: Ransomware Samples Abuse AWS S3 to Steal Data
Illicit Uses for Deepfake Technology
Largest Retail Breach in History: 350 Million “Hot Topic” Customers’ Personal & Payment Data Exposed — As a Result of Infostealer Infection
Landmark, an administrator for insurance firms, says 800,000 affected by data breach
Voice-enabled AI agents can automate everything, even your phone scams
Four REvil Ransomware Members Sentenced in Rare Russian Cybercrime Convictions
Malware
New Bumblebee Loader Infection Chain Signals Possible Resurgence
Threat Actors Push ClickFix Fake Browser Updates Using Stolen Credentials
ReliaQuest Uncovers New Black Basta Social Engineering Technique
Unmasking Lumma Stealer: Analyzing Deceptive Tactics with Fake CAPTCHA
TeamTNT’s Docker Gatling Gun Campaign
From cyber attacks to sabotage: How Israel’s covert operations are targeting Iran’s vital assets
Hacking
Fake attachment. Roundcube mail server attacks exploit CVE-2024-37383 vulnerability
Internet Archive breached again through stolen access tokens
End-to-End Encrypted Cloud Storage in the Wild A Broken Ecosystem
CVE-2024-44068: Samsung m2m1shot_scaler0 device driver page use-after-free in Android
Fortinet warns of new critical FortiManager flaw used in zero-day attacks
Investigating FortiManager Zero-Day Exploitation (CVE-2024-47575)
Cisco Patches Vulnerability Exploited in Large-Scale Brute-Force Campaign
Pwn2Own Ireland 2024: Day Three Results
Threat Actors Are Exploiting Vulnerabilities Faster Than Ever
Intelligence and Information Warfare
The Crypto Game of Lazarus APT: Investors vs. Zero-days
Iranian hacker group aims at US election websites and media before vote, Microsoft says
Burning Zero Days: FortiJump FortiManager vulnerability used by nation state in espionage via MSPs
Amazon identified internet domains abused by APT29
Joint Statement by FBI and CISA on PRC Activity Targeting Telecommunications
Chinese hackers targeted Trump and Vance’s phone data
Cybersecurity
SEC Charges Four Companies With Misleading Cyber Disclosures
Digital Echo Chambers and Erosion of Trust – Key Threats to the US Elections
Apple will pay security researchers up to $1 million to hack its private AI cloud
The Global Surveillance Free-for-All in Mobile Ad Data
Apple: Security research on Private Cloud Compute
How the ransomware attack at Change Healthcare went down: A timeline
Irish Data Protection Commission fines LinkedIn Ireland €310 million
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, newsletter)
