Security Affairs newsletter Round 448 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Researchers devised an attack technique to extract ChatGPT training data
Fortune-telling website WeMystic exposes 13M+ user records
Expert warns of Turtle macOS ransomware
US govt sanctioned North Korea-linked APT Kimsuky
Black Basta Ransomware gang accumulated at least $107 million in Bitcoin ransom payments since early 2022
Apple addressed 2 new iOS zero-day vulnerabilities
Critical Zoom Room bug allowed to gain access to Zoom Tenants
Rhysida ransomware group hacked King Edward VII’s Hospital in London
Google addressed the sixth Chrome Zero-Day vulnerability in 2023
Okta reveals additional attackers’ activities in October 2023 Breach
Thousands of secrets lurk in app images on Docker Hub
Threat actors started exploiting critical ownCloud flaw CVE-2023-49103
International police operation dismantled a prominent Ukraine-based Ransomware group
Daixin Team group claimed the hack of North Texas Municipal Water District
Healthcare provider Ardent Health Services disclosed a ransomware attack
Ukraine’s intelligence service hacked Russia’s Federal Air Transport Agency, Rosaviatsia
Iranian hacker group Cyber Av3ngers hacked the Municipal Water Authority of Aliquippa in Pennsylvania
The hack of MSP provider CTS potentially impacted hundreds of UK law firms

Cybercrime

Legal tech firm investigating cyberattack that could scupper sales  

Ransomware group dismantled in Ukraine in a major international operation supported by Eurojust and Europol  

Inside Job: How a Hacker Helped Cocaine Traffickers Infiltrate Europe’s Biggest Ports  

Black Basta ransomware victims have paid over $100 million  

Ransomware ‘catastrophe’ at Fidelity National Financial causes panic with homeowners and buyers

Malware

Find Malwares Using Sysmon  

Akira Ransomware

It’s Turtles All The Way Down

Disruptive new wave of ransomware hits critical infrastructure      

New Tool Set Found Used Against Organizations in the Middle East, Africa and the US 

Hacking

Municipal Water Authority of Aliquippa hacked by Iranian-backed cyber group  

Big update to my Semgrep C/C++ ruleset  

Exploitation of Critical ownCloud Vulnerability Begins 

Okta Says Hackers Stole Data for All Customer Support Users   

Claiming Zoom Rooms Service Accounts to Gain Access to Zoom Tenants  

Extracting Training Data from ChatGPT  

Siemens PLCs Still Vulnerable to Stuxnet-like Cyberattacks

23andMe says hackers accessed ‘significant number’ of files about users’ ancestry  

Intelligence and Information Warfare

Defence Intelligence of Ukraine conducted a cyber operation against Rosaviatsia – sanctions accelerate Russia’s aviation collapse   

Crypto Country: North Korea’s Targeting of Cryptocurrency  

Treasury Targets DPRK’s International Agents and Illicit Cyber Intrusion Group  

Google Warns China Is Ramping Up Cyberattacks Against Taiwan  

Cybersecurity

Some Google Drive users claim that they lost months worth of files  

The rising tide of vulnerabilities…might be more predictable than you think  

Guidance for Securing AI Issued by NSA, NCSC-UK, CISA, and Partners

October Customer Support Security Incident – Update and Recommended Actions      

Google Chrome emergency update fixes 6th zero-day exploited in 2023

Founder of spyware maker Hacking Team arrested for attempted murder: local media  

Integrity Reports, Third Quarter 2023  

EU Council president proposes ‘European cyber force’ with ‘offensive capabilities’      

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)