Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Crooks manipulate GitHub’s search results to distribute malware
BatBadBut flaw allowed an attacker to perform command injection on Windows
Roku disclosed a new security breach impacting 576,000 accounts
LastPass employee targeted via an audio deepfake call
TA547 targets German organizations with Rhadamanthys malware
CISA adds D-Link multiple NAS devices bugs to its Known Exploited Vulnerabilities catalog
US CISA published an alert on the Sisense data breach
Palo Alto Networks fixed multiple DoS bugs in its firewalls
Apple warns of mercenary spyware attacks on iPhone users in 92 countries
Microsoft fixed two zero-day bugs exploited in malware attacks
Group Health Cooperative data breach impacted 530,000 individuals
AT&T states that the data breach impacted 51 million former and current customers
Fortinet fixed a critical remote code execution bug in FortiClientLinux
Microsoft Patches Tuesday security updates for April 2024 fixed hundreds of issues
Over 91,000 LG smart TVs running webOS are vulnerable to hacking
Crowdfense is offering a larger 30M USD exploit acquisition program
Over 92,000 Internet-facing D-Link NAS devices can be easily hacked

Cybercrime    

Social Engineering Attacks Targeting IT Help Desks in the Health Sector

DOJ data on 341,000 people leaked in cyberattack on consulting firm

Hackers deploy crypto drainers on thousands of WordPress sites

530k Impacted by Data Breach at Wisconsin Healthcare Organization  

TA547 Targets German Organizations with Rhadamanthys Stealer

Attempted Audio Deepfake Call Targets LastPass Employee  

Malware

Shifting the Lens: Detecting Malware in npm ecosystem with Large Language Models

ScrubCrypt Deploys VenomRAT with an Arsenal of Plugins  

Smoke and (screen) mirrors: A strange signed backdoor  

New Technique to Trick Developers Detected in an Open Source Supply Chain Attack

Active Nitrogen campaign delivered via malicious ads for PuTTY, FileZilla       

Hacking 

Crowdfense Exploit Acquisition Program

Vulnerabilities Identified in LG WebOS  

Roku warns 576,000 accounts hacked in new credential stuffing attacks

BatBadBut: You can’t securely execute commands on Windows 

XZ backdoor story – Initial analysis

PSG: the club’s ticketing system attacked     

Intelligence and Information Warfare 

China tests US voter fault lines and ramps AI content to boost its geopolitical interests

Apple drops term ‘state-sponsored’ attacks from its threat notification policy     

Why we must take seriously China’s mastery and misuse of AI espionage

Messages between Chinese hackers show Australian Strategic Policy Institute is a target       

Top Israeli spy chief exposes his true identity in online security lapse   

Cybersecurity          

The April 2024 security updates review 

Attack on data analytics company Sisense prompts alert from CISA 

Why CISA is Warning CISOs About a Breach at Sisense

Global taxi software vendor exposes details of nearly 300K across UK and Ireland

British DARPA’ to build AI gatekeepers for ‘quantitative safety guarantees      

(SecurityAffairs – hacking, newsletter)

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to our Newsletter