Security Affairs newsletter Round 468 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Critical CrushFTP zero-day exploited in attacks in the wild
A French hospital was forced to reschedule procedures after cyberattack
MITRE revealed that nation-state actors breached its systems via Ivanti zero-days
FBI chief says China is preparing to attack US critical infrastructure
United Nations Development Programme (UNDP) investigates data breach
FIN7 targeted a large U.S. carmaker with phishing attacks
Law enforcement operation dismantled phishing-as-a-service platform LabHost
Previously unknown Kapeka backdoor linked to Russian Sandworm APT
Cisco warns of a command injection escalation flaw in its IMC. PoC publicly available
Linux variant of Cerber ransomware targets Atlassian servers
Ivanti fixed two critical flaws in its Avalanche MDMResearchers released exploit code for actively exploited Palo Alto PAN-OS bug
Cisco warns of large-scale brute-force attacks against VPN and SSH services
PuTTY SSH Client flaw allows of private keys recovery
A renewed espionage campaign targets South Asia with iOS spyware LightSpy
Misinformation and hacktivist campaigns targeting the Philippines skyrocket
Russia is trying to sabotage European railways, Czech minister said
Cisco Duo warns telephony supplier data breach exposed MFA SMS logs
Ukrainian Blackjack group used ICS malware Fuxnet against Russian targets
CISA adds Palo Alto Networks PAN-OS Command Injection flaw to its Known Exploited Vulnerabilities catalog
Threat actors exploited Palo Alto Pan-OS issue to deploy a Python Backdoor
U.S. and Australian police arrested Firebird RAT author and operator
Canadian retail chain Giant Tiger data breach may have impacted millions of customers

International Press Newsletter

Cybercrime    

SoCal Man Arrested on Federal Charges Alleging He Schemed to Advertise and Sell ‘Hive’ Computer Intrusion Malware

AFP traps alleged RAT developer      

Ransomware Group Claims Theft of Data From Chipmaker Nexperia  

International investigation disrupts phishing-as-a-service platform LabHost   

Threat Group FIN7 Targets the U.S. Automotive Industry  

Chinese Organized Crime’s Latest U.S. Target: Gift Cards

Ransomware Victims Who Pay a Ransom Drops to Record Low  

840-bed hospital in France postpones procedures after cyberattack  

Malware

Unpacking the Blackjack Group’s Fuxnet Malware  

LightSpy Returns: Renewed Espionage Campaign Targets Southern Asia, Possibly India  

Cerber Ransomware: Dissecting the three heads  

Kapeka: A novel backdoor spotted in Eastern Europe  

OfflRouter virus causes Ukrainian users to upload confidential documents to VirusTotal 

Hacking 

Hacker claims Giant Tiger data breach, leaks 2.8M records online

Zero-Day Exploitation of Unauthenticated Remote Code Execution Vulnerability in GlobalProtect (CVE-2024-3400)

PuTTY vulnerability vuln-p521-bias

Palo Alto – Putting The Protecc In GlobalProtect (CVE-2024-3400)     

Large-scale brute-force activity targeting VPNs, SSH services with commonly used login credentials  

Cisco discloses root escalation flaw with public exploit code

SteganoAmor campaign: TA558 mass-attacking companies and public institutions all around the world  

CrushFTP Virtual Filesystem Escape Vulnerability in the Wild   

Intelligence and Information Warfare 

Threat Brief: Operation MidnightEclipse, Post-Exploitation Activity Related to CVE-2024-3400 

Misinformation And Hacktivist Campaigns Target The Philippines Amidst Rising Tensions With China 

FBI says Chinese hackers preparing to attack US infrastructure  

Russia-linked hacking group suspected of carrying out cyberattack on Texas water facility, cybersecurity firm says

Cybersecurity   

United Nations Agency Investigating Ransomware Attack Involving Data Theft

House passes bill banning Uncle Sam from snooping on citizens via data brokers

UNDP Investigates Cyber-Security Incident  

GT exclusive: Volt Typhoon false narrative a collusion among US politicians, intelligence community and companies to cheat funding, defame China: report 

ICS Network Controllers Open to Remote Exploit, No Patches Available     

Advanced Cyber Threats Impact Even the Most Prepared

Government Releases Guidance on Securing Election Infrastructure     

Warrantless spying powers extended to 2026 with Biden’s signature  

Follow me on Twitter@securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)