Security Affairs newsletter Round 502 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

IOCONTROL cyberweapon used to target infrastructure in the US and Isreael
U.S. CISA adds Cleo Harmony, VLTrader, and LexiCom flaw to its Known Exploited Vulnerabilities catalog
German agency BSI sinkholed a botnet of 30,000 devices infected with BadBox
U.S. authorities seized cybercrime marketplace Rydox
Experts discovered the first mobile malware families linked to Russia’s Gamaredon
US Bitcoin ATM operator Byte Federal suffered a data breach
Experts discovered surveillance tool EagleMsgSpy used by Chinese law enforcement
Operation PowerOFF took down 27 DDoS platforms across 15 countries
Russia’s Secret Blizzard APT targets Ukraine with Kazuar backdoor
Ivanti fixed a maximum severity vulnerability in its CSA solution
Operation Digital Eye: China-linked relies on Visual Studio Code Remote Tunnels to spy on Europen entities
Chinese national charged for hacking thousands of Sophos firewalls
Cybercriminals Impersonate Dubai Police to Defraud Consumers in the UAE – Smishing Triad in Action
U.S. CISA adds Microsoft Windows CLFS driver flaw to its Known Exploited Vulnerabilities catalog
Microsoft December 2024 Patch Tuesday addressed actively exploited zero-day
SAP fixed critical SSRF flaw in NetWeaver’s Adobe Document Services
Romanian energy supplier Electrica Group is facing a ransomware attack
Deloitte denied its systems were hacked by Brain Cipher ransomware group
Hacking
Mandiant devised a technique to bypass browser isolation using QR codes
2023 Anna Jaques Hospital data breach impacted over 310,000 people
RedLine info-stealer campaign targets Russian businesses through pirated corporate software

International Press – Newsletter

Cybercrime  

Anna Jaques Hospital ransomware breach exposed data of 300K patients

Black Basta Ransomware Campaign Drops Zbot, DarkGate, and Custom Malware  

It’s time to get to know deepfakes before they get to know you 

Law enforcement shuts down 27 DDoS booters ahead of annual Christmas attacks  

Rydox Cybercrime Marketplace Shut Down and Three Administrators Arrested  

The ‘Ghost Gun’ Linked to Luigi Mangione Shows Just How Far 3D-Printed Weapons Have Come  

Malware

PROXY.AM Powered by Socks5Systemz Botnet 

Inside Zloader’s Latest Trick: DNS Tunneling  

BSI points out pre-installed malware on IoT devices  

Declawing PUMAKIT  

Lookout Discovers New Chinese Surveillance Tool Used by Public Security Bureaus  

Hacking

(QR) Coding My Way Out of Here: C2 in Browser Isolation Environments 

Researchers Uncover Prompt Injection Vulnerabilities in DeepSeek and Claude AI

From Naptime to Big Sleep: Using Large Language Models To Catch Vulnerabilities In Real-World Code  

Key electricity distributor in Romania warns of ‘cyber attack in progress’  

An offensive Rust encore  

China-Based Hacker Charged for Conspiring to Develop and Deploy Malware That Exploited Tens of Thousands of Firewalls Worldwide     

Not All Roads Lead to PWN2OWN: Hardware Hacking (Part 1)  

BadRAM:Practical Memory Aliasing Attacks on Trusted Execution Environments

Teaching an Old Framework New Tricks: The Dangers of Windows UI Automation 

Threat Advisory: Oh No Cleo! Cleo Software Actively Being Exploited in the Wild  

Intelligence and Information Warfare 

New documentary details how governments use spyware to monitor citizens’ phones

Operation Digital Eye | Chinese APT Compromises Critical Digital Infrastructure via Visual Studio Code Tunnels  

US Senator announces new bill to secure telecom companies in wake of Chinese hacks  

Targeted cyberattacks UAC-0185 against the Defense Forces and defense industry enterprises of Ukraine (CERT-UA#12414)  

Frequent freeloader part II: Russian actor Secret Blizzard using tools of other groups to attack Ukraine  

Lookout Discovers Two Russian Android Spyware Families from Gamaredon APT 

Inside a New OT/IoT Cyberweapon: IOCONTROL

Cybersecurity

He Investigates the Internet’s Most Vicious Hackers—From a Secret Location 

The December 2024 Security Update Review  

WhatsApp fixes bug that let users bypass ‘View Once’ privacy feature  

Treasury Sanctions Cybersecurity Company Involved in Compromise of Firewall Products and Attempted Ransomware Attacks  

Yahoo cybersecurity team sees layoffs, outsourcing of ‘red team,’ under new CTO  

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)