Security Affairs newsletter Round 496 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Chinese threat actors use Quad7 botnet in password-spray attacks
FBI arrested former Disney World employee for hacking computer menus and mislabeling allergy info
Sophos details five years of China-linked threat actors’ activity targeting network devices worldwide
PTZOptics cameras zero-days actively exploited in the wild
New LightSpy spyware version targets iPhones with destructive capabilities
LottieFiles confirmed a supply chain attack on Lottie-Player
Threat actor says Interbank refused to pay the ransom after a two-week negotiation
QNAP fixed second zero-day demonstrated at Pwn2Own Ireland 2024
New version of Android malware FakeCall redirects bank calls to scammersRussia-linked Midnight Blizzard APT targeted 100+ organizations with a spear-phishing campaign using RDP files
Google fixed a critical vulnerability in Chrome browser
QNAP fixed NAS backup zero-day demonstrated at Pwn2Own Ireland 2024
International law enforcement operation dismantled RedLine and Meta infostealers
Fog and Akira ransomware attacks exploit SonicWall VPN flaw CVE-2024-40766
Russia-linked espionage group UNC5812 targets Ukraine’s military with malware
France’s second-largest telecoms provider Free suffered a cyber attack
A crime ring compromised Italian state databases reselling stolen info
Third-Party Identities: The Weakest Link in Your Cybersecurity Supply Chain
Black Basta affiliates used Microsoft Teams in recent attacks
Four REvil Ransomware members sentenced for hacking and money laundering

International Press – Newsletter

Cybercrime  

Italy police arrest four over alleged illegal database access, source says   

Free, France’s second-largest telecoms company, confirms being hit by cyberattack  

The Crime Messenger: How Sky ECC Phones Became a Tool of the Criminal Trade  

Attackers Target Crypto Wallets Using Codeless Webflow Phishing Pages

Operation Magnus    

Cryptocurrency Enthusiasts Targeted in Multi-Vector Supply Chain Attack  

Ex-Disney worker accused of hacking computer menus to add profanities, errors   

Malware

EIW — ESET Israel Wiper — used in active attacks targeting Israeli orgs   

ESET Online Scanner for Redline and META  

Massive PSAUX ransomware attack targets 22,000 CyberPanel instances  

LightSpy: Implant for iOS  

Pygmy Goat

Hacking

Protect AI’s October 2024 Vulnerability Report  

An analysis of the Keycloak authentication system   

Anthropic flags AI’s potential to ‘automate sophisticated destructive cyber attacks’ 

Lottie-Player Supply Chain Attack Targets Cryptocurrency Wallets  

Rare Case of Privilege Escalation Patched in LiteSpeed Cache Plugin  

GreyNoise Intelligence Discovers Zero-Day Vulnerabilities in Live Streaming Cameras with the Help of AI   

Intelligence and Information Warfare 

Tenacious Pungsan: A DPRK threat actor linked to Contagious Interview 

Hybrid Russian Espionage and Influence Campaign Aims to Compromise Ukrainian Military Recruits and Deliver Anti-Mobilization Narratives   

Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files 

CloudScout: Evasive Panda scouting cloud services

Hidden Warfare: Iran’s Growing Dependence on Criminal Networks  

New Tradecraft of Iranian Cyber Group Aria Sepehr Ayandehsazan aka Emennet Pasargad

Cybersecurity

Unchaining Blockchain Security Part 1: The Emerging Risks of Private Blockchains in Enterprises    

OT security becoming a mainstream concern  

My Habit Was Collecting  

OpenAI’s new ChatGPT Search Chrome extension feels like a search hijacker

Synology hurries out patches for zero-days exploited at Pwn2Own

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to our Newsletter