Pierluigi Paganini January 05, 2025

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

International Press – Newsletter

Cybercrime  

Cyberhaven Chrome Extension Hack Linked to Widening Supply Chain Campaign

Rhode Islanders’ data was leaked from a cyberattack on state health benefits website  

US Army soldier who allegedly stole Trump’s AT&T call logs arrested  

Atos, contractor for French military and intelligence agencies, dismisses ransomware attack claims

Malware

Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts  

The Mac Malware of 2024 

Inside FireScam : An Information Stealer with Spyware Capabilities

Malicious npm Campaign Targets Ethereum Developers with Fake Hardhat Packages

Hacking

How to Hack a Drone

Four-Faith Industrial Router CVE-2024-12856 Exploited in the Wild

Former NSA cyberspy’s not-so-secret hobby: Hacking Christmas lights      

On the sixth day of Christmas, an X account gave to me: a fake 7-Zip ACE

Cyberhaven Extension Compromise

Cyberhaven’s preliminary analysis of the recent malicious Chrome extension

DoubleClickjacking: A New Era of UI Redressing          

LDAPNightmare: SafeBreach Labs Publishes First Proof-of-Concept Exploit for CVE-2024-49113  

Intelligence and Information Warfare 

US Plans More Actions Against China Over Telecom Hack  

China Hacked Treasury Dept. in ‘Major’ Breach, U.S. Says

US telco Lumen says its network is now clear of China’s Salt Typhoon hackers

Three Russian-German Nationals Charged with Espionage for Russian Secret Service

China claims ‘world’s first’ military 5G can connect 10,000 robots in any terrain  

Theory of Mind: US military to build AI that predicts adversaries’ next moves

Treasury Sanctions Technology Company for Support to Malicious Cyber Group  

Cybersecurity

AT&T and Verizon say networks secure after Salt Typhoon breach  

Dirty DAG: New Vulnerabilities in Azure Data Factory’s Apache Airflow Integration

Treasury Sanctions Entities in Iran and Russia That Attempted to Interfere in the U.S. 2024 Election      

HIPAA Security Rule Notice of Proposed Rulemaking to Strengthen Cybersecurity for Electronic Protected Health Information   

Telegram blocks Russian state-owned media channels in several EU countries  

Large language models can do jaw-dropping things. But nobody knows exactly why  

Apple to Pay $95 Million to Settle Lawsuit Accusing Siri of Snoopy Eavesdropping    

US sanctions China’s Integrity Technology over alleged hacking sweep  

Meta’s AI Profiles Are Indistinguishable From Terrible Spam That Took Over Facebook  

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)