Security Affairs newsletter Round 480 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Vyacheslav Igorevich Penchukov was sentenced to prison for his role in Zeus and IcedID operations

Rite Aid disclosed data breach following RansomHub ransomware attack

New AT&T data breach exposed call logs of almost all customers

Critical flaw in Exim MTA could allow to deliver malware to users’ inboxes

Palo Alto Networks fixed a critical bug in the Expedition tool

Smishing Triad Is Targeting India To Steal Personal and Payment Data at Scale

October ransomware attack on Dallas County impacted over 200,000 people

CrystalRay operations have scaled 10x to over 1,500 victims

Multiple threat actors exploit PHP flaw CVE-2024-4577 to deliver malware

AI-Powered Russia’s bot farm operates on X, US and its allies warn

VMware fixed critical SQL-Injection in Aria Automation product

Citrix fixed critical and high-severity bugs in NetScaler product

Multiple cybersecurity agencies warn of China-linked APT40 ‘s capabilities

A new flaw in OpenSSH can lead to remote code execution

Microsoft Patch Tuesday for July 2024 fixed 2 actively exploited zero-days

U.S. CISA adds Microsoft Windows and Rejetto HTTP File Server bugs to its Known Exploited Vulnerabilities catalog

Evolve Bank data breach impacted over 7.6 million individuals

More than 31 million customer email addresses exposed following Neiman Marcus data breach

Avast released a decryptor for DoNex Ransomware and its predecessors

RockYou2024 compilation containing 10 billion passwords was leaked online

Critical Ghostscript flaw exploited in the wild. Patch it now!

Apple removed 25 VPN apps from the App Store in Russia following Moscow’s requests

CISA adds Cisco NX-OS Command Injection bug to its Known Exploited Vulnerabilities catalog

Apache fixed a source code disclosure flaw in Apache HTTP Server

International Press – Newsletter

Cybercrime  

Home Routing is limiting law enforcement evidence gathering, warns Europol    

Huione Guarantee: The multi-billion dollar marketplace used by online scammers   

CRYSTALRAY: Inside the Operations of a Rising Threat Actor Exploiting OSS Tools  

Smoked Out: Uncovering the Life & Personality of a SmokeLoader Actor Targeted by Operation Endgame

Smishing Triad Is Targeting India To Steal Personal And Payment Data At Scale  

Crooks Steal Phone, SMS Records for Nearly All AT&T Customers           

Rite Aid breached (again) according to new ransomware claim

Hacker ‘Tank’ gets prison sentence for connections to Zeus and IcedID malware        

 

Malware

New Android Spyware Steals Data from Gamers and TikTok Users  

Mekotio Banking Trojan Threatens Financial Systems in Latin America  

Turning Jenkins Into a Cryptomining Machine From an Attacker’s Perspective

Patch or Peril: A Veeam vulnerability incident

New Malware Campaign Targeting Spanish Language Victims

DarkGate: Dancing the Samba With Alluring Excel Files   

Hacking

Attackers Exploiting Remote Code Execution Vulnerability in Ghostscript  

RockYou2024: 10 billion passwords leaked in the largest compilation of all time

New OpenSSH Vulnerability Discovered: Potential Remote Code Execution Risk

Blast-RADIUS Attack in More Detail 

Introducing a New Vulnerability Class: False File Immutability     

Vulnerability in Exim MTA Could Allow Malicious Email Attachments Past Filters  

AT&T says criminals stole phone records of ‘nearly all’ customers in new data breach  

Intelligence and Information Warfare 

Signals intelligence has become a cyber-activity  

Russian-linked cybercampaigns put a bull’s-eye on France. Their focus? The Olympics and elections

The Invisible War: How OSINT Shapes the Battle for Ukraine      

Emboldened and Evolving: A Snapshot of Cyber Threats Facing NATO  

People’s Republic of China (PRC) Ministry of State Security APT40 Tradecraft in Action  

State-Sponsored Russian Media Leverages Meliorator Software for Foreign Malign Influence Activity

Comprehensive Threat Intelligence Report: APT Groups Targeting Universities in the EU and US    

Two Australian citizens charged with an espionage-related offence  

Cybersecurity  

VPN service apps Proton, Nord, Red Shield and Le VPN removed from Russian AppStore  

Chinese self-driving cars have quietly traveled 1.8 million miles on U.S. roads, collecting detailed data with cameras and lasers 

Shopify denies it was hacked, links stolen data to third-party app

The July 2024 Security Update Review  

Can AI be Meaningfully Regulated, or is Regulation a Deceitful Fudge?   

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)