Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

London hospitals canceled over 800 operations in the week after Synnovis ransomware attack

DORA Compliance Strategy for Business Leaders

City of Cleveland still working to fully restore systems impacted by a cyber attack

Two Ukrainians accused of spreading Russian propaganda and hack soldiers’ phones

Google fixed an actively exploited zero-day in the Pixel Firmware

Multiple flaws in Fortinet FortiOS fixed

CISA adds Arm Mali GPU Kernel Driver, PHP bugs to its Known Exploited Vulnerabilities catalog

Ukraine Police arrested a hacker who developed a crypter used by Conti and LockBit ransomware operation

JetBrains fixed IntelliJ IDE flaw exposing GitHub access tokens

Microsoft Patch Tuesday security updates for June 2024 fixed only one critical issue

Cylance confirms the legitimacy of data offered for sale in the dark web

Arm zero-day in Mali GPU Drivers actively exploited in the wild

Expert released PoC exploit code for Veeam Backup Enterprise Manager flaw CVE-2024-29849. Patch it now!

Japanese video-sharing platform Niconico was victim of a cyber attack

UK NHS call for O-type blood donations following ransomware attack on London hospitals

Christie’s data breach impacted 45,798 individuals

Sticky Werewolf targets the aviation industry in Russia and Belarus

Frontier Communications data breach impacted over 750,000 individuals

PHP addressed critical RCE flaw potentially impacting millions of servers

International Press – Newsletter

Cybercrime  

O positive and O negative donors asked to urgently book appointments to give blood following London hospitals IT incident  

BlackBerry Cylance Data Offered for Sale on Dark Web  

They attacked a leading enterprise in the Netherlands and Belgium: the police exposed an accomplice of Russian hackers   

City of Cleveland Scrambling to Restore Systems Following Cyberattack

 

Malware

Ransomware Attackers May Have Used Privilege Escalation Vulnerability as Zero-day   

Operation Celestial Force employs mobile and desktop malware to target Indian entities

Dissecting SSLoad Malware: A Comprehensive Technical Analysis      

DISGOMOJI Malware Used to Target Indian Government   

Arid Viper poisons Android apps with AridSpy  

Hacking

Bypassing Veeam Authentication CVE-2024-29849   

Updates for security issue affecting IntelliJ-based IDEs 2023.1+ and JetBrains GitHub Plugin   

Challenges in red teaming AI systems

The mystery of an alleged data broker’s data breach  

GPT-4 autonomously hacks zero-day security flaws with 53% success rate

EmailGPT Exposed to Prompt Injection Attacks           

Intelligence and Information Warfare 

Howling at the Inbox: Sticky Werewolf’s Latest Malicious Aviation Attacks  

Two Ukrainians suspected of helping Russia spread propaganda, hack military phones

Microsoft Chose Profit Over Security and Left U.S. Government Vulnerable to Russian Hack, Whistleblower Says  

Insights on Cyber Threats Targeting Users and Enterprises in Brazil        

Cybersecurity  

Security Alert: CVE-2024-4577 – PHP CGI Argument Injection Vulnerability  

What Snowflake isn’t saying about its customer data breaches

Why are hospitals becoming more of a target for ransomware attacks  

Arm Warns of Actively Exploited Zero-Day Vulnerability in Mali GPU Drivers

THE JUNE 2024 SECURITY UPDATE REVIEW  

Update on cyber incident: Clinical impact in south east London – Friday 14 June 2024  

Pierluigi Paganini

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

(SecurityAffairs – hacking, newsletter)