A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box.
Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.
| A cyber attack hit Iranian government sites and nuclear facilities |
| Ransomware operators exploited Veeam Backup & Replication flaw CVE-2024-40711 in recent attacks |
| GitLab fixed a critical flaw that could allow arbitrary CI/CD pipeline execution |
| Iran and China-linked actors used ChatGPT for preparing attacks |
| Internet Archive data breach impacted 31M users |
| E-skimming campaign uses Unicode obfuscation to hide the Mongolian Skimmer |
| U.S. CISA adds Ivanti CSA and Fortinet bugs to its Known Exploited Vulnerabilities catalog |
| Mozilla issued an urgent Firefox update to fix an actively exploited flaw |
| Palo Alto fixed critical flaws in PAN-OS firewalls that allow for full compromise of the devices |
| Cybercriminals Are Targeting AI Conversational Platforms |
| Awaken Likho APT group targets Russian government with a new implant |
| U.S. CISA adds Windows and Qualcomm bugs to its Known Exploited Vulnerabilities catalog |
| Three new Ivanti CSA zero-day actively exploited in attacks |
| Ukrainian national pleads guilty in U.S. court for operating the Raccoon Infostealer |
| Qualcomm fixed a zero-day exploited limited, targeted attacks |
| MoneyGram discloses data breach following September cyberattack |
| American Water shut down some of its systems following a cyberattack |
| Universal Music data breach impacted 680 individuals |
| Cyber warfare |
| Kyiv’s hackers launched an unprecedented cyber attack on Russian state media VGTRK on Putin’s birthday |
| FBCS data breach impacted 238,000 Comcast customers |
| Critical Apache Avro SDK RCE flaw impacts Java applications |
| Man pleads guilty to stealing over $37 Million worth of cryptocurrency |
| U.S. CISA adds Synacor Zimbra Collaboration flaw to its Known Exploited Vulnerabilities catalog |
| China-linked group Salt Typhoon hacked US broadband providers and breached wiretap systems |
| Google Pixel 9 supports new security features to mitigate baseband attacks |
International Press – Newsletter
Cybercrime
Indiana Man Pleads Guilty to Conspiracies Involving Cyber Intrusion and $37 Million Cryptocurrency Theft
Recognition Tech onto Meta’s Smart Glasses to Instantly Dox Strangers
MoneyGram says hackers stole customers’ personal information and transaction data
Ukrainian National Pleads Guilty to “Raccoon Infostealer” Cybercrime
Not All Fun and Games: Lua Malware Targets Educational Sector and Student Gaming Engines
Lamborghini Carjackers Lured by $243M Cyberheist
69,000 Bitcoins Are Headed for the US Treasury—While the Agent Who Seized Them Is in Jail
Timeshare Owner? The Mexican Drug Cartels Want You
Casio: Notice of Partial Service Outage and Information Leak Caused by Ransomware Attack
He founded a “startup” to access sanctioned Russian websites: the cyber police of Khmelnytskyi region exposed the hacker
Hacked ‘AI Girlfriend’ Data Shows Prompts Describing Child Sexual Abuse
Malware
Over 300,000! GorillaBot: The New King of DDoS Attacks
Hidden cryptocurrency mining and theft campaign affected over 28,000 users
The Mongolian Skimmer: different clothes, equally dangerous
Ransomware Report: Unveiling Trends in Attack Payouts and Negotiations
Hacking
Qualcomm Urges OEMs to Patch Critical DSP and WLAN Flaws Amid Active Exploits
Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited
Mozilla fixes Firefox zero-day actively exploited in attacks
Palo Alto Expedition: From N-Day to Full Compromise
LLM attacks take just 42 seconds on average, 20% of jailbreaks succeed
Twitter Bot Network
The Internet Archive is under attack, with a breach revealing info for 31 million accounts
Intelligence and Information Warfare
U.S. Wiretap Systems Targeted in China-Linked Hack
Hacker attack disrupts Russian state media on Putin’s birthday
Awaken Likho is awake: new techniques of an APT group
Mind the (air) gap: GoldenJackal gooses government guardrails
Contagious Interview: DPRK Threat Actors Lure Tech Industry Job Seekers to Install New Variants of BeaverTail and InvisibleFerret Malware
Navigating the Shadows: An In-Depth Analysis of Iranian APTs and Their Evolving Threat Landscape in 2024
OpenAI Report: Influence and cyber operations: an update
NSA cyber chief: Espionage is now Russia’s focus for cyberattacks on Ukraine
Iran Hit By ‘Heavy Cyberattacks’ Targeting Its Nuclear Facilities Amid Middle East Tensions
Update on SVR Cyber Operations and Vulnerability Exploitation
Cybersecurity
America’s allies are shifting: Cyberspace is about persistence, not deterrence
Global State of CPS Security report
About a quarter million Comcast subscribers had their data stolen from debt collector
Vulnerable APIs and Bot Attacks Costing Businesses Up to $186 Billion Annually
American Water shuts down online services after cyberattack
Rise of the robots: AI to shape UK defense review
Managing Cybersecurity in the Age of Artificial Intelligence
New Ponemon Report Shows Awareness of Cyber Risks to Healthcare Organizations is not Always Translating to Adequate Protections
Best Practices to Configure BIG-IP LTM Systems to Encrypt HTTP Persistence Cookies
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, newsletter)
