Security Affairs newsletter Round 466 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

More than 16,000 Ivanti VPN gateways still vulnerable to RCE CVE-2024-21894
Cisco warns of XSS flaw in end-of-life small business routers
Magento flaw exploited to deploy persistent backdoor hidden in XML
Cyberattack disrupted services at Omni Hotels & Resorts
HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks
US cancer center City of Hope: data breach impacted 827149 individuals
Ivanti fixed for 4 new issues in Connect Secure and Policy Secure
Jackson County, Missouri, discloses a ransomware attack
Google addressed another Chrome zero-day exploited at Pwn2Own in March
The New Version of JsOutProx is Attacking Financial Institutions in APAC and MENA via Gitlab Abuse
Google fixed two actively exploited Pixel vulnerabilities
Highly sensitive files mysteriously disappeared from EUROPOL headquarters
XSS flaw in WordPress WP-Members Plugin can lead to script injection
Binarly released the free online scanner to detect the CVE-2024-3094 Backdoor
Google agreed to erase billions of browser records to settle a class action lawsuit
PandaBuy data breach allegedly impacted over 1.3 million customers
OWASP discloses a data breach
New Vultur malware version includes enhanced remote control and evasion capabilities
Pentagon established the Office of the Assistant Secretary of Defense for Cyber Policy
Info stealer attacks target macOS users
DinodasRAT Linux variant targets users worldwide
AT&T confirmed that a data breach impacted 73 million customers

Cybercrime    

Serious security breach hits EU police agency  
Jackson County in state of emergency after ransomware attack

‘The Manipulaters’ Improve Phishing, Still Fail at Opsec

US Cancer Center Data Breach Impacting 800,000  

Malware

DinodasRAT Linux implant targeting entities worldwide 

Infostealers continue to pose threat to macOS users

Android Malware Vultur Expands Its Wingspan 

The New Version Of JsOutProx Is Attacking Financial Institutions In APAC And MENA Via GitLab Abuse 

Persistent Magento backdoor hidden in XML 

Hacking 

Inside the failed attempt to backdoor SSH globally — that got caught by chance  

XZ Utils Supply Chain Puzzle: Binarly Ships Free Scanner for CVE-2024-3094 Backdoor  

Inside the failed attempt to backdoor SSH globally — that got caught by chance  

A stealth attack came close to compromising the world’s computers  

HTTP/2 CONTINUATION frames can be utilized for DoS attacks  

Command Injection and Backdoor Account in D-Link NAS Devices  

Intelligence and Information Warfare 

Establishment of the Office of the Assistant Secretary of Defense for Cyber Policy  

Government board pins China hack on Microsoft’s ‘inadequate’ cybersecurity strategies  

How Soccer’s 2022 World Cup in Qatar Was Nearly Hacked  

Wirecard fugitive helped run Russian spy operations across Europe

Ukraine gives award to foreign vigilantes for hacks on Russia     

Cybersecurity          

Skills shortage and unpatched systems soar to high-ranking 2030 cyber threats  

OWASP Data Breach Notification  

Google to delete billions of browser records to settle ‘Incognito’ lawsuit  

Unauthenticated Stored Cross-Site Scripting Vulnerability Patched in WP-Members Membership Plugin – $500 Bounty Awarded   

The Mystery of ‘Jia Tan,’ the XZ Backdoor Mastermind  

Ivanti-linked breach of CISA potentially affected more than 100,000 individuals  

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)