Security Affairs newsletter Round 488 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

U.S. CISA adds Draytek VigorConnect and Kingsoft WPS Office bugs to its Known Exploited Vulnerabilities catalog
A flaw in WordPress LiteSpeed Cache Plugin allows account takeover
Car rental company Avis discloses a data breach
SonicWall warns that SonicOS bug exploited in attacks
Apache fixed a new remote code execution flaw in Apache OFBiz
Russia-linked GRU Unit 29155 targeted critical infrastructure globally
Veeam fixed a critical flaw in Veeam Backup & Replication software
Earth Lusca adds multiplatform malware KTLVdoor to its arsenal
Is Russian group APT28 behind the cyber attack on the German air traffic control agency (DFS)?
Quishing, an insidious threat to electric car owners
Google fixed actively exploited Android flaw CVE-2024-32896
Discontinued D-Link DIR-846 routers are affected by code execution flaws. Replace them!
Head Mare hacktivist group targets Russia and Belarus
Zyxel fixed critical OS command injection flaw in multiple routers
VMware fixed a code execution flaw in Fusion hypervisor
U.S. oil giant Halliburton disclosed a data breach
Vulnerabilities in Microsoft apps for macOS allow stealing permissions
Three men plead guilty to running MFA bypass service OTP.Agency
Transport for London (TfL) is dealing with an ongoing cyberattack
Lockbit gang claims the attack on the Toronto District School Board (TDSB)
A new variant of Cicada ransomware targets VMware ESXi systems
An air transport security system flaw allowed to bypass airport security screenings

International Press – Newsletter

Cybercrime  

Cambodian scam giant handled $49 billion in crypto transactions since 2021, researchers say

Toronto school board confirms students’ info stolen as LockBit claims breach      

Owners of 1-Time Passcode Theft Service Plead Guilty  

Spoofed GlobalProtect Used to Deliver Unique WikiLoader Variant  

Exclusive: LockBit 3.0 appears to be duplicating old listings as Design Intoto named a second time  

Malla: Demystifying Real-world Large Language Model Integrated Malicious Services  

EXPOSED: OnlyFans Hack Gone Wrong – How Cyber Criminals Turn into Victims Overnight

Planned Parenthood confirms cyberattack as RansomHub claims breach

Russian authorities able to identify train saboteur from anonymous Telegram account  

Malware

BlackSuit Ransomware

Year-Long Campaign of Malicious npm Packages Targeting Roblox Users  

Rocinante: The trojan horse that wanted to fly   

Earth Lusca Uses KTLVdoor Backdoor for Multiplatform Intrusion     

FBI: Play ransomware gang has attacked 300 orgs since 2022  

New Android SpyAgent Campaign Steals Crypto Credentials via Image Recognition  

Hacking

Bypassing airport security via SQL injection

Dragon Hactivists on Prowl      

Hiding in plain sight: Techniques and defenses against `/proc` filesystem manipulation in Linux

How multiple vulnerabilities in Microsoft apps for macOS pave the way to stealing permissions

Learning Rust for fun and backdoo-rs    

Head Mare: adventures of a unicorn in Russia and Belarus       

Earth Lusca Uses KTLVdoor Backdoor for Multiplatform Intrusion  

Windows Wi-Fi Driver RCE Vulnerability – CVE-2024-30078 

Advanced forensic techniques for recovering hidden data in wearable devices  

Recent SonicWall Firewall Vulnerability Potentially Exploited in the Wild

Threat Actors Exploit GeoServer Vulnerability CVE-2024-36401   

Intelligence and Information Warfare 

The Geopolitics of Cyber Espionage Goes Far Beyond Sensitive Information Theft  

Social Media as an Intelligence Tool for Information Warfare

NATO Wants to Boost Its Undersea Defenses     

German air traffic control was attacked by pro-Russian hackers  

Russian Military Cyber Actors Target US and Global Critical Infrastructure

NSA’s China-focused ‘innovation pipeline’ targets economic imbalances

US cracks down on Russian disinformation before 2024 election      

BlindEagle Targets Colombian Insurance Sector with BlotchyQuasar

Chinese APT Abuses VSCode to Target Government in Asia  

With charges and sanctions, US takes aim at Russian disinformation ahead of November election

North Korea Aggressively Targeting Crypto Industry with Well-Disguised Social Engineering Attacks      

Cybersecurity

A concrete example of ES|QL and SOC detection rules  

TfL faces ‘ongoing cyber security incident’  

What is the future of cross-border data flows?  

Managing Cybersecurity in the Age of Artificial Intelligence  

Clearview AI Faces €30.5M Fine for Building Illegal Facial Recognition Database

X is hiring staff for security and safety after two years of layoffs  

Critical Account Takeover Vulnerability Patched in LiteSpeed Cache Plugin  

A scientific approach to eavesdropping via HDMI  

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to our Newsletter