A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.
| New York Times source code compromised via exposed GitHub token |
| SolarWinds fixed multiple flaws in Serv-U and SolarWinds Platform |
| Pandabuy was extorted twice by the same threat actor |
| UAC-0020 threat actor used the SPECTR Malware to target Ukraine’s defense forces |
| Chinese threat actor exploits old ThinkPHP flaws since October 2023 |
| A new Linux version of TargetCompany ransomware targets VMware ESXi environments |
| FBI obtained 7,000 LockBit decryption keys, victims should contact the feds to get support |
| RansomHub operation is a rebranded version of the Knight RaaS |
| Malware can steal data collected by the Windows Recall tool, experts warn |
| Cisco addressed Webex flaws used to compromise German government meetings |
| Zyxel addressed three RCEs in end-of-life NAS devices |
| A ransomware attack on Synnovis impacted several London hospitals |
| RansomHub gang claims the hack of the telecommunications giant Frontier Communications |
| Cybercriminals attack banking customers in EU with V3B phishing kit – PhotoTAN and SmartID supported. |
| Experts released PoC exploit code for a critical bug in Progress Telerik Report Servers |
| Multiple flaws in Cox modems could have impacted millions of devices |
| CISA adds Oracle WebLogic Server flaw to its Known Exploited Vulnerabilities catalog |
| Spanish police shut down illegal TV streaming network |
| APT28 targets key networks in Europe with HeadLace malware |
| Experts found information of European politicians on the dark web |
| FlyingYeti targets Ukraine using WinRAR exploit to deliver COOKBOX Malware |
International Press – Newsletter
Cybercrime
Cybercriminals Attack Banking Customers In EU With V3B Phishing Kit
The National Police dismantles a network that obtained more than 5,300,000 euros through the illicit distribution of audiovisual content
London hospital services impacted by ransomware incident
Snowflake Data Breach Impacts Ticketmaster, Other Organizations
New York Times source code stolen using exposed GitHub token
Malware
Russian Power Companies, IT Firms, and Govt Agencies Hit by Decoy Dog Trojan
RansomHub: New Ransomware has Origins in Older Knight
FBI recovers 7,000 LockBit keys, urges ransomware victims to reach out
TargetCompany’s Linux Variant Targets ESXi Environments
UAC-0020 (Vermin) attacks the Defense Forces of Ukraine using the SPECTR WPS in tandem with a legitimate SyncThing (“SickSync” campaign)
Hacking
Snowflake at centre of world’s largest data breach
Hacking Millions of Modems (and Investigating Who Hacked My Modem)
Molding Lies Into Reality || Exploiting CVE-2024-4358
Five new vulnerabilities found in Zyxel NAS devices (including code execution and privilege escalation)
A Zero Day TikTok Hack Is Taking Over Celebrity And Brand Accounts
Stealing everything you’ve ever typed or viewed on your own Windows PC is now possible with two lines of code — inside the Copilot+ Recall disaster
2024: Old CVEs, New Targets — Active Exploitation of ThinkPHP
Intelligence and Information Warfare
Video Games Might Matter for Terrorist Financing
Disrupting FlyingYeti’s campaign targeting Ukraine
GRU’s BlueDelta Targets Key Networks in Europe with Multi-Phase Espionage Campaigns
Revealed: Russian legal foundation linked to Kremlin activities in Europe
NSA chief says China readying destructive cyberattacks on critical infrastructure
How Russia is trying to disrupt the 2024 Paris Olympic Games
Cybersecurity
Generative AI is expected to magnify the risk of deepfakes and other fraud in banking
Cyber house of cards – Politicians’ personal details exposed online
Preventing and Waging War in the AI–CYBER Era
Google Leak Reveals Thousands of Privacy Incidents
Coast Guard To Empower Maritime Cybersecurity
361 million stolen accounts leaked on Telegram added to HIBP
Cisco Patches Webex Bugs Following Exposure of German Government Meetings
How to Opt Out of Instagram and Facebook Using Your Posts for AI
How to spot a deepfake: the maker of a detection tool shares the key giveaways
Pierluigi Paganini
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, newsletter)
