Security Affairs newsletter Round 453 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Experts spotted a new macOS Backdoor named SpectralBlur linked to North Korea
Merck settles with insurers regarding a $1.4 billion claim over NotPetya damages
Law firm Orrick data breach impacted 638,000 individuals
The source code of Zeppelin Ransomware sold on a hacking forum
Russia-linked APT Sandworm was inside Ukraine telecoms giant Kyivstar for months
Ivanti fixed a critical EPM flaw that can result in remote code execution
MyEstatePoint Property Search Android app leaks user passwords
Hacker hijacked Orange Spain RIPE account causing internet outage to company customers
HealthEC data breach impacted more than 4.5 Million people
Experts found 3 malicious packages hiding crypto miners in PyPi repository
Crooks hacked Mandiant X account to push cryptocurrency scam
Cybercriminals Implemented Artificial Intelligence (AI) for Invoice Fraud
CISA ADDS CHROME AND PERL LIBRARY FLAWS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG
Don’t trust links with known domains: BMW affected by redirect vulnerability
Hackers stole more than $81 million worth of crypto assets from Orbit Chain
Ukraine’s SBU said that Russia’s intelligence hacked surveillance cameras to direct a missile strike on Kyiv
Researchers released a free decryptor for Black Basta ransomware
Experts warn of JinxLoader loader used to spread Formbook and XLoader
Terrapin attack allows to downgrade SSH protocol security
Multiple organizations in Iran were breached by a mysterious hacker
Top 2023 Security Affairs cybersecurity stories
Malware exploits undocumented Google OAuth endpoint to regenerate Google cookies
Cactus RANSOMWARE gang hit the Swedish retail and grocery provider Coop
Google agreed to settle a $5 billion privacy lawsuit

Cybercrime

Cybercriminals Implemented Artificial Intelligence (AI) For Invoice Fraud   

A tale of 2 casino ransomware attacks: One paid out, one did not

Victoria court recordings exposed in reported ransomware attack

Xerox Confirms Data Breach at US Subsidiary Following Ransomware Attack  

Mandiant’s X account hacked to push crypto scam  

Malware

New Black Basta decryptor exploits ransomware flaw to recover files

Compromising Google Accounts: Malwares Exploiting Undocumented OAuth2 Functionality for session hijacking  

From DarkGate to AsyncRAT: Malware Detected and Shared As Unit 42 Timely Threat Intelligence  

RANSOMWARE- Free Decryptor Released for Black Basta Ransomware  

Black Basta Buster  

Three New Malicious PyPI Packages Deploy CoinMiner on Linux Devices

100DaysofYARA – SpectralBlur  

Hacking

Mysterious hacker strikes Iran with major cyberattacks against industry leading companies

Terrapin Attack       

Cloning Fingerprints Like A Boss: 101 Edition  

Hackers hijack govt and business accounts on X for crypto scams

Intelligence and Information Warfare

Ukraine says Russia hacked web cameras to spy on targets in Kyiv  

Air Travel Is Not Ready for Electronic Warfare

Exclusive: Russian hackers were inside Ukraine telecoms giant for months

Turkish espionage campaigns in the Netherlands   

Cybersecurity

SSH Attack Surface (CVE-2023-48795): Find and Patch With CyberSecurity Asset Management Before the Grinch Arrives   

Law firm that handles data breaches was hit by data breach

Merck Settles NotPetya Insurance Claim, Leaving Cyberwar Definition Unresolved    

NASA releases Space Security Best Practices Guide for mission cybersecurity in interconnected space  

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to our Newsletter