Security Affairs newsletter Round 456 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Pro-Ukraine hackers wiped 2 petabytes of data from Russian research center
Participants earned more than $1.3M at the Pwn2Own Automotive competition
A TrickBot malware developer sentenced to 64 months in prison
Russian Midnight Blizzard APT is targeting orgs worldwide, Microsoft warns
Watch out, experts warn of a critical flaw in Jenkins
Pwn2Own Automotive 2024 Day 2 – Tesla hacked again
Yearly Intel Trend Review: The 2023 RedSense report
Cisco warns of a critical bug in Unified Communications products, patch it now!
Russia-linked APT group Midnight Blizzard hacked Hewlett Packard Enterprise (HPE)
CISA adds Atlassian Confluence Data Center bug to its Known Exploited Vulnerabilities catalog
5379 GitLab servers vulnerable to zero-click account takeover attacks
Experts released PoC exploit for Fortra GoAnywhere MFT flaw CVE-2024-0204
Akira ransomware attack on Tietoevry disrupted the services of many Swedish organizations
Splunk fixed high-severity flaw impacting Windows versions
Watch out, a new critical flaw affects Fortra GoAnywhere MFT
Australian government announced sanctions for Medibank hacker
LoanDepot data breach impacted roughly 16.6 individuals
Black Basta gang claims the hack of the UK water utility Southern Water
CISA adds VMware vCenter Server bug to its Known Exploited Vulnerabilities catalog
Mother of all breaches – a historic data leak reveals 26 billion records: check what’s exposed
Apple fixed actively exploited zero-day CVE-2024-23222
“My Slice”, an Italian adaptive phishing campaign
Threat actors exploit Apache ActiveMQ flaw to deliver the Godzilla Web Shell
Cybercriminals leaked massive volumes of stolen PII data from Thailand in Dark Web
Backdoored pirated applications targets Apple macOS users
LockBit ransomware gang claims the attack on the sandwich chain Subway

Cybercrime

Dark web threats and dark market predictions for 2024  

Cybercriminals Leaked Massive Volumes Of Stolen PII Data From Thailand In Dark Web  

Update on ransomware attack in Sweden: Restoration work progressing at Tietoevry 

Russian National Sentenced for Involvement in Development and Deployment of Trickbot Malware  

Using Google Search to Find Software Can Be Risky  

Malware

Jamf Threat Labs discovers new malware embedded in pirated applications  

Apache ActiveMQ Vulnerability Leads to Stealthy Godzilla Webshell  

Outsmarting Ransomware’s New Playbook

Global ransomware threat expected to rise with AI, NCSC warns  

Hacking

Hacking Neural Networks  

Exploiting 0-click Android Bluetooth vulnerability to inject keystrokes without pairing  

CVE-2024-0204: Fortra GoAnywhere MFT Authentication Bypass Deep-Dive

Over 5,300 GitLab servers exposed to zero-click account takeover attacks  

Excessive Expansion: Uncovering Critical Security Vulnerabilities in Jenkins  

In major gaffe, hacked Microsoft test account was assigned admin privileges  

PWN2OWN AUTOMOTIVE 2024 – DAY THREE RESULTS  

Intelligence and Information Warfare 

Tech Giant HP Enterprise Hacked by Russian Hackers Linked to DNC Breach

Midnight Blizzard: Guidance for responders on nation-state attack

They destroyed the enemy “planet” – details of the cyber attack against the center of space hydrometeorology of the Russian Federation  

Russian War against Ukraine Lessons Learned Curriculum Guide  

N. Korea attempts to use generative AI for hacking attacks: spy agency

Cybersecurity

Is artificial intelligence the solution to cyber security threats?  

Apple fixes first zero-day bug exploited in attacks this year

Mother of all breaches – a historic data leak reveals 26 billion records: check what’s exposed

Cyber sanctions in response to Medibank Private cyber attack     

Fortra warns of new critical GoAnywhere MFT auth bypass, patch now

CrowdStrike CEO: Microsoft Explanation For Russia Hack Doesn’t Add Up  

Yearly Intel Trend Review: 2023  

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)