Security Affairs newsletter Round 461 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

U.S. authorities charged an Iranian national for long-running hacking campaign
US cyber and law enforcement agencies warn of Phobos ransomware attacks
Five Eyes alliance warns of attacks exploiting known Ivanti Gateway flaws
Crooks stole €15 Million from European retail company Pepco
CISA adds Microsoft Streaming Service bug to its Known Exploited Vulnerabilities catalog
Researchers found a zero-click Facebook account takeover
Police seized Crimemarket, the largest German-speaking cybercrime marketplace
New SPIKEDWINE APT group is targeting officials in Europe
Is the LockBit gang resuming its operation?
Lazarus APT exploited zero-day in Windows driver to gain kernel privileges
Pharmaceutical giant Cencora discloses a data breach
Unmasking 2024’s Email Security Landscape
FBI, CISA, HHS warn of targeted ALPHV/Blackcat ransomware attacks against the healthcare sector
Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations
Black Basta and Bl00dy ransomware gangs exploit recent ConnectWise ScreenConnect bugs
XSS flaw in LiteSpeed Cache plugin exposes millions of WordPress sites at risk
IDAT Loader used to infect a Ukraine entity in Finland with Remcos RAT
US pharmacy outage caused by Blackcat ransomware attack on Optum Solutions
Zyxel fixed four bugs in firewalls and access points
Russia-linked APT29 switched to targeting cloud services
A cyber attack hit Thyssenkrupp Automotive Body Solutions business unit
Hacking firm I-Soon data leak revealed Chinese gov hacking capabilities
IntelBroker claimed the hack of the Los Angeles International Airport
LockBit is back and threatens to target more government organizations
A cyber attack hit the Royal Canadian Mounted Police
Crooks stole $10 million from Axie Infinity co-founder

Cybercrime

Axie Infinity co-founder loses $9.7M in 3,248-ETH wallet hack  

Thyssenkrupp confirms cyber attack on automotive division 

“Pantsless Data”: Decoding Chinese Cybercrime TTPs  

US pharmacy outage triggered by ‘Blackcat’ ransomware at UnitedHealth unit, sources say 

Threat Actor Groups, Including Black Basta, are Exploiting Recent ScreenConnect Vulnerabilities  

Hackers Steal Personal Information From Pharma Giant Cencora

Ransomware Groups Are Bouncing Back Faster From Law Enforcement Busts  

The Chainalysis 2024 Crypto Crime Report

Strike against the largest illegal German-speaking trading platform on the Internet – information on the status of the investigation and the measures taken  

Retailer Pepco loses about 15 mln euros in Hungarian phishing attack   

BlackCat Ransomware Affiliate TTPs 

Malware

Unveiling UAC-0184: The Steganography Saga of the IDAT Loader Delivering Remcos RAT to a Ukraine Entity in Finland  

#StopRansomware: ALPHV Blackcat  

European diplomats targeted by SPIKEDWINE with WINELOADER  

#StopRansomware: Phobos Ransomware   

The Art of Domain Deception: Bifrost’s New Tactic to Deceive Users 

Hacking

RCMP networks targeted by cyberattack

Hackers Leak 2.5M Private Plane Owners’ Data Linked to LA Intl. Airport Breach 

UAC-0149: Targeted selective attacks against the Defense Forces of Ukraine using COOKBOX (CERT-UA#9204)

Lazarus and the FudModule Rootkit: Beyond BYOVD with an Admin-to-Kernel Zero-Day  

0-Click Account Takeover on Facebook  

CISA and Partners Release Advisory on Threat Actors Exploiting Ivanti Connect Secure and Policy Secure Gateways Vulnerabilities  

Iranian National Charged for Multi-Year Hacking Campaign Targeting U.S. Defense Contractors and Private Sector Companies  

Intelligence and Information Warfare 

Biden to sign executive order on US port cybersecurity targeting Chinese-manufactured shipping cranes     

SVR Cyber Actors Adapt Tactics for Initial Cloud Access

Russian Cyber Actors Use Compromised Routers to Facilitate Cyber Operations

Unmasking I-Soon | The Leak That Revealed China’s Cyber Operations  

European diplomats targeted by SPIKEDWINE with WINELOADER  

Cybersecurity          

What role artificial intelligence could play in evaluating the compliance of military operations with international humanitarian law: The case study of the conduct of hostilities in Ukraine

XSS Vulnerability in LiteSpeed Cache Plugin Affecting 4+ Million Sites

NIST updates Cybersecurity Framework after a decade of lessons 

Meta targeted in privacy complaints by EU consumer groups 

Best Practices for Cyber Crisis Management  

The CISO: 2024’s Most Important C-Suite Officer

President Biden Blocks Mass Transfer of Personal Data to High-Risk Nations 

Enhanced External Integrity Checking Tool to Provide Additional Visibility and Protection for Customers Against Evolving Threat Actor Techniques in Relation to Previously Disclosed Vulnerabilities  

Cyber Security Brief 24-03 – February 2024  

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)