Security Affairs newsletter Round 496 by Pierluigi Paganini

Security Affairs newsletter Round 496 by Pierluigi Paganini – INTERNATIONAL EDITION

Pierluigi Paganini November 03, 2024

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Chinese threat actors use Quad7 botnet in password-spray attacks

FBI arrested former Disney World employee for hacking computer menus and mislabeling allergy info

Sophos details five years of China-linked threat actors’ activity targeting network devices worldwide

PTZOptics cameras zero-days actively exploited in the wild

New LightSpy spyware version targets iPhones with destructive capabilities

LottieFiles confirmed a supply chain attack on Lottie-Player

Threat actor says Interbank refused to pay the ransom after a two-week negotiation

QNAP fixed second zero-day demonstrated at Pwn2Own Ireland 2024

New version of Android malware FakeCall redirects bank calls to scammers Russia-linked Midnight Blizzard APT targeted 100+ organizations with a spear-phishing campaign using RDP files

Google fixed a critical vulnerability in Chrome browser

QNAP fixed NAS backup zero-day demonstrated at Pwn2Own Ireland 2024

International law enforcement operation dismantled RedLine and Meta infostealers

Fog and Akira ransomware attacks exploit SonicWall VPN flaw CVE-2024-40766

Russia-linked espionage group UNC5812 targets Ukraine’s military with malware

France’s second-largest telecoms provider Free suffered a cyber attack

A crime ring compromised Italian state databases reselling stolen info

Third-Party Identities: The Weakest Link in Your Cybersecurity Supply Chain

Black Basta affiliates used Microsoft Teams in recent attacks

Four REvil Ransomware members sentenced for hacking and money laundering

International Press – Newsletter

Cybercrime

Italy police arrest four over alleged illegal database access, source says

Free, France’s second-largest telecoms company, confirms being hit by cyberattack

The Crime Messenger: How Sky ECC Phones Became a Tool of the Criminal Trade

Attackers Target Crypto Wallets Using Codeless Webflow Phishing Pages

Operation Magnus

Cryptocurrency Enthusiasts Targeted in Multi-Vector Supply Chain Attack

Ex-Disney worker accused of hacking computer menus to add profanities, errors

Malware

EIW — ESET Israel Wiper — used in active attacks targeting Israeli orgs

ESET Online Scanner for Redline and META

Massive PSAUX ransomware attack targets 22,000 CyberPanel instances

LightSpy: Implant for iOS

Pygmy Goat

Hacking

Protect AI’s October 2024 Vulnerability Report

An analysis of the Keycloak authentication system

Anthropic flags AI’s potential to ‘automate sophisticated destructive cyber attacks’

Lottie-Player Supply Chain Attack Targets Cryptocurrency Wallets

Rare Case of Privilege Escalation Patched in LiteSpeed Cache Plugin

GreyNoise Intelligence Discovers Zero-Day Vulnerabilities in Live Streaming Cameras with the Help of AI

Intelligence and Information Warfare

Tenacious Pungsan: A DPRK threat actor linked to Contagious Interview

Hybrid Russian Espionage and Influence Campaign Aims to Compromise Ukrainian Military Recruits and Deliver Anti-Mobilization Narratives

Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files

CloudScout: Evasive Panda scouting cloud services

Hidden Warfare: Iran’s Growing Dependence on Criminal Networks

New Tradecraft of Iranian Cyber Group Aria Sepehr Ayandehsazan aka Emennet Pasargad

Cybersecurity

Unchaining Blockchain Security Part 1: The Emerging Risks of Private Blockchains in Enterprises

OT security becoming a mainstream concern

My Habit Was Collecting

OpenAI’s new ChatGPT Search Chrome extension feels like a search hijacker

Synology hurries out patches for zero-days exploited at Pwn2Own

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)

Pierluigi Paganini June 27, 2025

APT42 impersonates cyber professionals to phish Israeli academics and journalists

Pierluigi Paganini June 26, 2025

Security Affairs newsletter Round 496 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box.

you might also like

APT42 impersonates cyber professionals to phish Israeli academics and journalists

Kai West, aka IntelBroker, indicted for cyberattacks causing $25M in damages

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

APT42 impersonates cyber professionals to phish Israeli academics and journalists

Kai West, aka IntelBroker, indicted for cyberattacks causing $25M in damages

Cisco fixed critical ISE flaws allowing Root-level remote code execution

U.S. CISA adds AMI MegaRAC SPx, D-Link DIR-859 routers, and Fortinet FortiOS flaws to its Known Exploited Vulnerabilities catalog

CitrixBleed 2: The nightmare that echoes the 'CitrixBleed' flaw in Citrix NetScaler devices

QUICK LINKS

Security Affairs newsletter Round 496 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box.

you might also like

APT42 impersonates cyber professionals to phish Israeli academics and journalists

Kai West, aka IntelBroker, indicted for cyberattacks causing $25M in damages

leave a comment

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

APT42 impersonates cyber professionals to phish Israeli academics and journalists

Kai West, aka IntelBroker, indicted for cyberattacks causing $25M in damages

Cisco fixed critical ISE flaws allowing Root-level remote code execution

U.S. CISA adds AMI MegaRAC SPx, D-Link DIR-859 routers, and Fortinet FortiOS flaws to its Known Exploited Vulnerabilities catalog

CitrixBleed 2: The nightmare that echoes the 'CitrixBleed' flaw in Citrix NetScaler devices

Subscribe to my email list and stay
up-to-date!