A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box.
If you want to also receive for free the newsletter with the international press subscribe here.
| LockBit leaks data stolen from the South Korean National Tax Service |
| Italy’s Data Protection Authority temporarily blocks ChatGPT over privacy concerns |
| CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog |
| Hackers are actively exploiting a flaw in the Elementor Pro WordPress plugin |
| Cyber Police of Ukraine arrested members of a gang that defrauded EU citizens of $4.33M |
| Russian APT group Winter Vivern targets email portals of NATO and diplomats |
| Super FabriXss vulnerability in Microsoft Azure SFX could lead to RCE |
| New AlienFox toolkit harvests credentials for tens of cloud services |
| 3CX voice and video conferencing software victim of a supply chain attack |
| New Mélofée Linux malware linked to Chinese APT groups |
| QNAP fixed Sudo privilege escalation bug in NAS devices |
| Australia’s Casino Giant Crown Resorts disclosed data breach after Clop ransomware attack |
| OpenAI quickly fixed account takeover bugs in ChatGPT |
| Google TAG shares details about exploit chains used to install commercial spyware |
| Clipper attacks use Trojanized TOR Browser installers |
| Toyota Italy accidentally leaked sensitive data |
| Bitter APT group targets China’s nuclear energy sector |
| Latitude Data breach is worse than initially estimated. 14 million individuals impacted |
| Europol warns of criminal use of ChatGPT Telecom giant Lumen suffered a ransomware attack and disclose a second incident |
| Apple fixes recently disclosed CVE-2023-23529 zero-day on older devices |
| New MacStealer macOS malware appears in the cybercrime underground |
| Updates from the MaaS: new threats delivered through NullMixer |
| Technical analysis of China-linked Earth Preta APT’s infection chain |
| Malicious Python Package uses Unicode support to evade detection |
| OpenAI: A Redis bug caused a recent ChatGPT data exposure incident |
| Microsoft shares guidance for investigating attacks exploiting CVE-2023-23397 |
| Vice Society claims attack on Puerto Rico Aqueduct and Sewer Authority |
International Press
Cybercrime
The criminal use of ChatGPT – a cautionary tale about large language models
Casino Giant Crown Resorts Investigating Ransomware Group’s Data Theft Claims
The cyber police exposed members of a criminal group that defrauded EU citizens of 160 million hryvnias with the help of phishing
Hacking
Spyware vendors use 0-days and n-days against popular platforms
Sudoedit bypass in Sudo <= 1.9.12p1 CVE-2023-22809
#SmoothOperator | Ongoing Campaign Trojanizes #3CXDesktopApp in Supply Chain Attack
Super FabriXss: From XSS to an RCE in Azure Service Fabric Explorer by Abusing an Event Tab Cluster Toggle (CVE-2023-23383) Lidor Ben Shitrit Reading time: 11 Minutes
Critical Elementor Pro Vulnerability Exploited
Malware
Malicious Actors Use Unicode Support in Python to Evade Detection
Updates from the MaaS: new threats delivered through NullMixer
MacStealer: New macOS-based Stealer Malware Identified
Copy-paste heist or clipboard-injector attacks on cryptousers
Mélofée: a new alien malware in the Panda’s toolset targeting Linux hosts
Ironing out (the macOS details) of a Smooth Operator
Dissecting AlienFox | The Cloud Spammer’s Swiss Army Knife
Intelligence and Information Warfare
Guidance for investigating attacks using CVE-2023-23397
Pack it Secretly: Earth Preta’s Updated Stealthy Strategies
Phishing Campaign Targets Chinese Nuclear Energy Industry
Exploitation is a Dish Best Served Cold: Winter Vivern Uses Known Zimbra Vulnerability to Target Webmail Portals of NATO-Aligned Governments in Europe
Cybersecurity
Lloyd’s of London says its controversial cyberwar exclusions could hit profits
Wearable Brain Devices Will Challenge Our Mental Privacy
President Biden Signs Executive Order Restricting Use of Commercial Spyware
UK Introduces Mass Surveillance With Online Safety Bill
Artificial intelligence: stop to ChatGPT by the Italian SA
Personal data is collected unlawfully, no age verification system is in place for children
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Please vote for Security Affairs (https://securityaffairs.com/) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections:
- The Teacher – Most Educational Blog
- The Entertainer – Most Entertaining Blog
- The Tech Whizz – Best Technical Blog
- Best Social Media Account to Follow (@securityaffairs)
Please nominate Security Affairs as your favorite blog.
Nominate here: https://docs.google.com/forms/d/e/1FAIpQLSfaFMkrMlrLhOBsRPKdv56Y4HgC88Bcji4V7OCxCm_OmyPoLw/viewform
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, newsletter)
The post Security Affairs newsletter Round 413 by Pierluigi Paganini – International edition appeared first on Security Affairs.