Security Affairs newsletter Round 498 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

A botnet exploits e GeoVision zero-day to compromise EoL devices

Palo Alto Networks confirmed active exploitation of recently disclosed zero-day

NSO Group used WhatsApp exploits even after Meta-owned company sued it

Glove Stealer bypasses Chrome’s App-Bound Encryption to steal cookies

Bitfinex hacker Ilya Lichtenstein was sentenced to 5 years in prison

U.S. CISA adds Palo Alto Networks Expedition bugs to its Known Exploited Vulnerabilities catalog

Hackers target critical flaw CVE-2024-10914 in EOL D-Link NAS Devices

China-linked threat actors compromised multiple telecos and spied on a limited number of U.S. government officials

Bitdefender released a decryptor for the ShrinkLocker ransomware

China’s Volt Typhoon botnet has re-emerged

Zoom addressed two high-severity issues in its platform

Microsoft Patch Tuesday security updates for November 2024 fix two actively exploited zero-days

Ahold Delhaize experienced a cyber incident affecting several of its U.S. brands

A cyberattack on payment systems blocked cards readers across stores and gas stations in Israel

Apple indeed added a feature called “inactivity reboot” in iOS 18.1 that reboots locked devices

Ymir ransomware, a new stealthy ransomware grow in the wild

Amazon discloses employee data breach after May 2023 MOVEit attacks

A new fileless variant of Remcos RAT observed in the wild

A surge in Pro-Russia cyberattacks after decision to monitor North Korean Troops in Ukraine

U.S. agency cautions employees to limit phone use due to Salt Typhoon hack of telco providers

International Press – Newsletter

Cybercrime  

Amazon confirms employee data stolen after hacker claims MOVEit breach  

Bitcoin Fog Founder Sentenced to 12 Years for Cryptocurrency Money Laundering

A new way we’re helping others track frauds and scams online  

An Interview With the Target & Home Depot Hacker   

Bitfinex Hacker Sentenced in Money Laundering Conspiracy Involving Billions in Stolen Cryptocurrency  

Bitfinex Hacker Sentenced in Money Laundering Conspiracy Involving Billions in Stolen Cryptocurrency     

Malware

New Campaign Uses Remcos RAT to Exploit Victims

Bengal cat lovers in Australia get psspsspss’d in Google-driven Gootloader campaign      

Glove Stealer: Leveraging IElevator to Bypass App-Bound Encryption & Steal Sensitive Data  

Ymir: new stealthy ransomware in the wild  

Botnet exploits GeoVision zero-day to install Mirai malware

Hacking

Seoul accuses pro-Kremlin hackers of attacking websites over decision to monitor North Korean troops in Ukraine   

Massive MOVEit Vulnerability Breach: Hacker Leaks Employee Data from Amazon, McDonald’s, HSBC, HP, and Potentially 1000+ Other Companies  

DDoS cyberattack temporarily blocks Israeli credit card payments       

GoIssue – The Tool Behind Recent GitHub Phishing Attacks

Fault Injection – Down the Rabbit Hole      

Exploiting a Quarantine UAF Mitigation on a Custom Allocator Challenge   

Command Injection Vulnerability in name parameter for D-Link NAS 

PAN-OS Firewall Vulnerability Under Active Exploitation – IoCs Released

Intelligence and Information Warfare 

U.S. Agency Warns Employees About Phone Use Amid Ongoing China Hack

APT Actors Embed Malware within macOS Flutter Applications  

The Botnet is Back: SSC STRIKE Team Uncovers a Renewed Cyber Threat  

Iranian “Dream Job” Campaign 11.24  

Hamas-affiliated Threat Actor WIRTE Continues its Middle East Operations and Moves to Disruptive Activity  

CVE-2024-43451: A New Zero-Day Vulnerability Exploited in the wild  

Joint Statement from FBI and CISA on the People’s Republic of China (PRC) Targeting of Commercial Telecommunications Infrastructure  

Malware Spotlight:  A Deep-Dive Analysis of WezRat

Cybersecurity

iOS 18.1 added a new ‘Inactivity Reboot’ security feature for iPhone   

The November 2024 Security Update Review  

CISA Flags Two Actively Exploited Palo Alto Flaws; New RCE Attack Confirmed

Pregnancy Tracking App ‘What to Expect’ Refuses to Fix Issue that Allows Full  

New Apple security feature reboots iPhones after 3 days, researchers confirm

NSO Group used WhatsApp exploits after the messaging app sued the spyware developer, court filing says     

Insights and Current Gaps in Open-Source LLM Vulnerability Scanners: A Comparative Analysis  

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)