Security Affairs newsletter Round 471 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Ohio Lottery data breach impacted over 538,000 individuals
Notorius threat actor IntelBroker claims the hack of the Europol
A cyberattack hit the US healthcare giant Ascension
Google fixes fifth actively exploited Chrome zero-day this year
Russia-linked APT28 targets government Polish institutions
Citrix warns customers to update PuTTY version installed on their XenCenter system manually
Dell discloses data breach impacting millions of customers
Mirai botnet also spreads through the exploitation of Ivanti Connect Secure bugs
Zscaler is investigating data breach claims
Experts warn of two BIG-IP Next Central Manager flaws that allow device takeover
LockBit gang claimed responsibility for the attack on City of Wichita
New TunnelVision technique can bypass the VPN encapsulation
LiteSpeed Cache WordPress plugin actively exploited in the wild
Most Tinyproxy Instances are potentially vulnerable to flaw CVE-2023-49606
UK Ministry of Defense disclosed a third-party data breach exposing military personnel data 
Law enforcement agencies identified LockBit ransomware admin and sanctioned him
MITRE attributes the recent attack to China-linked UNC5221
Alexander Vinnik, the operator of BTC-e exchange, pleaded guilty to money laundering
City of Wichita hit by a ransomware attack
El Salvador suffered a massive leak of biometric data
Finland authorities warn of Android malware campaign targeting bank users
Ransomware drama: Law enforcement seized Lockbit group’s website again
NATO and the EU formally condemned Russia-linked APT28 cyber espionage

International Press – Newsletter

Cybercrime    

Traficom: Android malware that steals bank information

BTC-e Operator Pleads Guilty to Money Laundering Conspiracy 

LockBit leader unmasked and sanctioned

New series of measures issued against the administrator of LockBit

Generative AI: Raising the stakes for fraud in online gambling        

Massive webshop fraud ring steals credit cards from 850,000 people

Zscaler Investigates Hacking Claims After Data Offered for Sale

Dell discloses data breach of customers’ physical addresses

Threat actor says he scraped 49M Dell customer addresses before the company found out

University System of Georgia: 800K exposed in 2023 MOVEit attack

Malware

Surge of JavaScript Malware in sites with vulnerable versions of LiteSpeed Cache Plugin   

Mal.Metrica Redirects Users to Scam Sites  

Protecting Networks from Opportunistic Ivanti Pulse Secure Vulnerability Exploitation 

StopRansomware: Black Basta  

Hacking 

French cyberwarriors ready to test their defense against hackers and malware during the Olympics 

Technical Deep Dive: Understanding the Anatomy of a Cyber Intrusion 

May 4, 2024: Over Half of Exposed Tinyproxy Instances Potentially Vulnerable to Trivial Exploit CVE-2023-49606 

TunnelVision (CVE-2024-3661): How Attackers Can Decloak Routing-Based VPNs For a Total VPN Leak  

LLM PENTEST: LEVERAGING AGENT INTEGRATION FOR RCE 

Alleged Europol Breach by IntelBroker  

Russian hackers hijack Ukrainian TV to broadcast Victory Day parade  

Von der Leyen’s campaign website hit by cyberattack  

Intelligence and Information Warfare 

The United States Condemns Malicious Cyber Activity Targeting Germany, Czechia, and Other EU Member States  

UNDERSTANDING CHINA’S TAIWAN CYBER STRATEGY  

Fighting disinformation gets harder, just when it matters most 

MoD data breach: State involvement cannot be ruled out in armed forces hack, says Grant Shapps  

APT28 campaign targeting Polish government institutions  

A (Strange) Interview With the Russian-Military-Linked Hackers Targeting US Water Utilities

Signal’s Katherine Maher Problem     

Cybersecurity   

Massive Dump Of Hacked Salvadorean Headshots And PII Highlights Growing Threat-Actor Interest In Biometric Data  

Russia’s Anti-Satellite Nuke Could Leave Lower Orbit Unusable, Test Vehicle May Already Be Deployed  

BIG VULNERABILITIES IN NEXT-GEN BIG-IP  

Chrome Zero-Day Alert — Update Your Browser to Patch New Vulnerability

European Parliament’s recruitment application compromised in data breach  

Encrypted services Apple, Proton and Wire helped Spanish police identify activist  

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to our Newsletter