Security Affairs newsletter Round 484 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Is the INC ransomware gang behind the attack on McLaren hospitals?
Crooks took control of a cow milking robot causing the death of a cow
Sonos smart speakers flaw allowed to eavesdrop on users
Five zero-days impacts EoL Cisco Small Business IP Phones. Replace them with newer models asap!
CISA adds Apache OFBiz and Android kernel bugs to its Known Exploited Vulnerabilities catalog
Russian cyber spies stole data and emails from UK government systems
0.0.0.0 Day flaw allows malicious websites to bypass security in major browsers
FBI and CISA update a joint advisory on the BlackSuit Ransomware group
Rhysida Ransomware group claims to have breached Bayhealth Hospital in Delaware
Critical XSS bug in Roundcube Webmail allows attackers to steal emails and sensitive data
New Android spyware LianSpy relies on Yandex Cloud to avoid detection
Hackers breached MDM firm Mobile Guardian and wiped thousands of devices
A ransomware attack hit French museum network
CISA adds Microsoft COM for Windows bug to its Known Exploited Vulnerabilities catalog
Google warns of an actively exploited Android kernel flaw
Should Organizations Pay Ransom Demands?
Keytronic incurred approximately $17 million of expenses following ransomware attack
A flaw in Rockwell Automation ControlLogix 1756 could expose critical control systems to unauthorized access
China-linked APT41 breached Taiwanese research institute
Chinese StormBamboo APT compromised ISP to deliver malware
Hackers attempt to sell the personal data of 3 billion people resulting from an April data breach

International Press – Newsletter

Cybercrime  

Personal Data of 3 Billion People Stolen in Hack, Suit Says

Cryptonator founder indicted after platform found handling $235 million in illicit funds  

SharpRhino – New Hunters International RAT identified by Quorum Cyber

French museum network hit by ransomware attack, but no disruptions are reported at Olympic events  

Police recover over USD 40 million from international email scam 

USPS Text Scammers Duped His Wife, So He Hacked Their Operation   

Malware

Surge in Magniber ransomware attacks impact home users worldwide

BlankBot – a new Android banking trojan with screen recording, keylogging and remote control capabilities  

LianSpy: new Android spyware targeting Russian users  

Royal Ransomware Actors Rebrand as “BlackSuit,” FBI and CISA Release Update to Advisory  

New Widespread Extension Trojan Malware Campaign 

Hacking

Bypassing Rockwell Automation Logix Controllers’ Local Chassis Security Protection  

Linux kernel impacted by new SLUBStick cross-cache attack

Bloody Wolf strikes organizations in Kazakhstan with STRRAT commercial malware  

Hacker wipes 13,000 devices after breaching classroom management platform

Government Emails at Risk: Critical Cross-Site Scripting Vulnerability in Roundcube Webmail

0.0.0.0 Day: Exploiting Localhost APIs From the Browser  

BlackHat USA 2024 – Listen-Up: Sonos Over-The-Air Remote Kernel Exploitation and Covert Wiretap  

‘Sinkclose’ Flaw in Hundreds of Millions of AMD Chips Allows Deep, Virtually Unfixable Infections

E.U. Regulations Made the CrowdStrike Fiasco Much Worse      

Hotel to Search Rooms During DEF CON Hacking Conference  

Intelligence and Information Warfare 

StormBamboo Compromises ISP to Abuse Insecure Software Update Mechanisms

APT41 likely compromised Taiwanese government-affiliated research institute with ShadowPad and Cobalt Strike

North Korean hackers exploit VPN update flaw to install malware

Moscow’s Spies Were Stealing US Tech — Until the FBI Started a Sabotage Campaign

How the FBI Is Hunting North Korean Hackers Who Attacked U.S. Healthcare System 

Stressed Pungsan: DPRK-aligned threat actor leverages npm for initial access       

Exclusive: Russian spies hacked UK government systems earlier this year, stole data and emails 

Cybersecurity

The human body is the next cyber battlefield — and I’m living proof

Elon Musk’s X under pressure from regulators over data harvesting for Grok AI         

How the theft of 40M UK voter register records was entirely preventable  

SonicWall Discovers Second Critical Apache OFBiz Zero-Day Vulnerability

Google Patches New Android Kernel Vulnerability Exploited in the Wild

CrowdStrike trying to use legal threats to suppress criticism and parody of global IT outage

Leaked Documents Show Nvidia Scraping ‘A Human Lifetime’ of Videos Per Day to Train AI  

Industry report says 92% of ICT jobs will be transformed by AI  

Crowdstrike Channel File 291 Incident: Root Cause Analysis is Available  

macOS Sequoia brings better Gatekeeper, stalkerware protections

Cisco warns of critical RCE zero-days in end of life IP phones

Microsoft Hits Back at Delta After the Airline Said Last Month’s Tech Outage Cost It $500 Million  

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to our Newsletter