Security Affairs newsletter Round 483 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

US sued TikTok and ByteDance for violating children’s privacy laws
Russia-linked APT used a car for sale as a phishing lure to target diplomats with HeadLace malware
Investors sued CrowdStrike over false claims about its Falcon platform
Avtech camera vulnerability actively exploited in the wild, CISA warns
Over 20,000 internet-exposed VMware ESXi instances vulnerable to CVE-2024-37085
Pharma Giant Cencora confirmed the theft of personal and health information
Apple fixed dozens of vulnerabilities in iOS and macOS
Phishing campaigns target SMBs in Poland, Romania, and Italy with multiple malware families
A Fortune 50 company paid a record-breaking $75 million ransom
CISA adds VMware ESXi bug to its Known Exploited Vulnerabilities catalog
Mandrake Android spyware found in five apps in Google Play with over 32,000 downloads since 2022
SideWinder phishing campaign targets maritime facilities in multiple countries
A crafty phishing campaign targets Microsoft OneDrive users
Ransomware gangs exploit recently patched VMware ESXi bug CVE-2024-37085
Acronis Cyber Infrastructure bug actively exploited in the wild
Fake Falcon crash reporter installer used to target German Crowdstrike users
Belarus-linked APT Ghostwriter targeted Ukraine with PicassoLoader malware
French authorities launch disinfection operation to eradicate PlugX malware from infected hosts

International Press – Newsletter

Cybercrime  

Malicious Inauthentic Falcon Crash Reporter Installer Distributed to German Entity via Spearphishing Website      

Ransomware operators exploit ESXi hypervisor vulnerability for mass encryption     

STARGAZERS GHOST NETWORK

Dark Angels ransomware receives record-breaking $75 million ransom

UNC4393 Goes Gently into the SILENTNIGHT

Three Individuals Sentenced for Massive $88M Business Telephone System Software License Piracy Scheme   

Ransomware Attack Hits OneBlood Blood Bank, Disrupts Medical Operations 

Malware

Unplugging PlugX: Sinkholing the PlugX USB worm botnet  

Mandrake spyware sneaks onto Google Play again, flying under the radar for two years

Phishing targeting Polish SMBs continues via ModiLoader  

BingoMod: The new android RAT that steals money and wipes data  

BITS and Bytes: Analyzing BITSLOTH, a newly identified backdoor

Hacking

SeleniumGreed: Threat actors exploit exposed Selenium Grid services for Cryptomining  

Acronis Product Vulnerability Exploited in the Wild 

OneDrive Pastejacking: The crafty phishing and downloader campaign 

“EchoSpoofing” — A Massive Phishing Campaign Exploiting Proofpoint’s Email Protection to Dispatch Millions of Perfectly Spoofed Emails 

Windows AppLocker Driver LPE Vulnerability – CVE-2024-21338     

StackExchange Abused to Spread Malicious Python Package That Drains Victims Crypto Wallets

WHO KNEW? DOMAIN HIJACKING IS SO EASY 

Social Media Malvertising Campaign Promotes Fake AI Editor Website for Credential Theft  

A $500 Open Source Tool Lets Anyone Hack Computer Chips With Lasers 

Israeli hacktivist group brags it took down Iran’s internet  

Intelligence and Information Warfare 

SideWinder Utilizes New Infrastructure to Target Ports and Maritime Facilities in the Mediterranean Sea

North Korean Government Hacker Charged for Involvement in Ransomware Attacks Targeting U.S. Hospitals and Health Care Providers  

U.S. Trades Cybercriminals to Russia in Prisoner Swap 

Fighting Ursa Luring Targets With Car for Sale  

Cybersecurity

When Cyberattacks Are Inevitable, Focus on Cyber Resilience  

IBM: Cost of a breach reaches nearly $5 million, with healthcare being hit the hardest  

Attor­ney Gen­er­al Ken Pax­ton Secures $1.4 Bil­lion Set­tle­ment with Meta Over Its Unau­tho­rized Cap­ture of Per­son­al Bio­met­ric Data In Largest Set­tle­ment Ever Obtained From An Action Brought By A Sin­gle State

Google Chrome adds app-bound encryption to block infostealer malware

UK calls out China state-affiliated actors for malicious cyber targeting of UK democratic institutions and parliamentarians        

Hackers Steal Personal Information From Pharma Giant Cencora

CrowdStrike sued by shareholders over global outage     

Using Threat Intelligence to Predict Potential Ransomware Attacks

Justice Department Sues TikTok and Parent Company ByteDance for Widespread Violations of Children’s Privacy Laws  

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)