Security Affairs newsletter Round 451 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

LockBit ransomware gang claims to have breached accountancy firm Xeinadin
Mobile virtual network operator Mint Mobile discloses a data breach
Akira ransomware gang claims the theft of sensitive data from Nissan Australia
Member of Lapsus$ gang sentenced to an indefinite hospital order
Real estate agency exposes details of 690k customers
ESET fixed a high-severity bug in the Secure Traffic Scanning Feature of several products
Phishing attacks use an old Microsoft Office flaw to spread Agent Tesla malware
Data leak exposes users of car-sharing service Blink Mobility
Google addressed a new actively exploited Chrome zero-day
German police seized the dark web marketplace Kingdom Market
Law enforcement Operation HAECHI IV led to the seizure of $300 Million
Sophisticated JaskaGO info stealer targets macOS and Windows
BMW dealer at risk of takeover by cybercriminals
FBI claims to have dismantled AlphV/Blackcat ransomware operation, but the group denies it
Smishing Triad: Cybercriminals Impersonate UAE Federal Authority for Identity and Citizenship on the Peak of Holidays Season
The ransomware attack on Westpole is disrupting digital services for Italian public administration
Info stealers and how to protect against them
Pro-Israel Predatory Sparrow hacker group disrupted services at around 70% of Iran’s fuel stations
Qakbot is back and targets the Hospitality industry
A supply chain attack on crypto hardware wallet Ledger led to the theft of $600K
MongoDB investigates a cyberattack, customer data exposed
InfectedSlurs botnet targets QNAP VioStor NVR vulnerability

Cybercrime

MongoDB Suffers Security Breach, Exposing Customer Data

A letter from ledger chairman & CEO Pascal Gauthier regarding ledger connect kit exploit  

Justice Department Disrupts Prolific ALPHV/Blackcat Ransomware Variant

FBI disrupts Blackcat ransomware operation, creates decryption tool

How Law Enforcement Actions Break Down Ransomware (featuring a Black Cat)

USD 300 million seized and 3,500 suspects arrested in international financial crime operation   

BlackCat Ransomware Raises Ante After FBI Disruption     

Online fraud schemes: a web of deceit (IOCTA 2023)       

German police take down Kingdom Market, a darknet emporium of illicit goods 

WEREWOLVES: A FIRST ANALYSIS OF THE RUSSIAN-SPEAKING RANSOMWARE GROUP

Lapsus$: GTA 6 hacker handed indefinite hospital order

Online fraud schemes: a web of deceit (IOCTA 2023)       

Malware

QakBot Malware Resurfaces with New Tactics, Targeting the Hospitality Industry

Behind the Scenes: JaskaGO’s Coordinated Strike on macOS and Windows  

#StopRansomware: Play Ransomware  

Threat Actors Exploit CVE-2017-11882 To Deliver Agent Tesla

Hacking

CISA Releases Key Risk and Vulnerability Findings for Healthcare and Public Health Sector  

Iran points at Israeli-linked group as cyberattack disrupts fuel network  

Web injections are back on the rise: 40+ banks affected by new malware campaign   

Action against digital skimming reveals 443 compromised online merchants  

Intelligence and Information Warfare

Ukraine’s partners launch Tallinn Mechanism to amplify cyber support  

Cybersecurity

NSA Releases Recommendations to Mitigate Software Supply Chain Risks  

Google fixes 8th Chrome zero-day exploited in attacks this year

Ubisoft says it’s investigating reports of a new security breach

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)