Security Affairs newsletter Round 479 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

GootLoader is still active and efficient
Hackers stole OpenAI secrets in a 2023 security breach
Hackers leak 170k Taylor Swift’s ERAS Tour Barcodes
Polyfill.io Supply Chain Attack: 384,773 hosts still embedding a polyfill JS script linking to the malicious domain
New Golang-based Zergeca Botnet appeared in the threat landscape
Microsoft discloses 2 flaws in Rockwell Automation PanelView Plus
Hackers compromised Ethereum mailing list and launched a crypto draining attack
OVHcloud mitigated a record-breaking DDoS attack in April 2024
Healthcare fintech firm HealthEquity disclosed a data breach
Brazil data protection authority bans Meta from training AI models with data originating in the country
Splunk fixed tens of flaws in Splunk Enterprise and Cloud Platform
Polish government investigates Russia-linked cyberattack on state news agency
Evolve Bank data breach impacted fintech firms Wise and Affirm
Prudential Financial data breach impacted over 2.5 million individuals
Australian man charged for Evil Twin Wi-Fi attacks on domestic flights
China-linked APT exploited Cisco NX-OS zero-day to deploy custom malware
Critical unauthenticated remote code execution flaw in OpenSSH server
Monti gang claims the hack of the Wayne Memorial Hospital in Pennsylvania
Juniper Networks fixed a critical authentication bypass flaw in some of its routers
Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769
Russia-linked Midnight Blizzard stole email of more Microsoft customers
Russia-linked group APT29 likely breached TeamViewer’s corporate network

International Press – Newsletter

Cybercrime  

USD 257 million seized in global police crackdown against online scams  

Man charged over creation of ‘evil twin’ free WiFi networks to access personal data  

Europol coordinates global action against criminal abuse of Cobalt Strike

Twilio says hackers identified cell phone numbers of two-factor app Authy users  

HealthEquity data breach exposes protected health information

The Rise of Packet Rate Attacks: When Core Routers Turn Evil 

Free Tickets? Fraud Alert: Hackers Leak Taylor Swift’s ERAS Tour Barcodes Targeting Ticketmaster         

Some data is ‘breached’ during a hacking attack on the Alabama Education Department  

Malware

CapraTube Remix | Transparent Tribe’s Android Spyware Targeting Gamers, Weapons Enthusiasts

Supply Chain Compromise Leads to Trojanized Installers for Notezilla, RecentX, Copywhiz 

MerkSpy: Exploiting CVE-2021-40444 to Infiltrate Systems 

Meet Brain Cipher — The new ransomware behind Indonesia’s data center attack            

Hacking

Perma-Vuln: D-Link DIR-859, CVE-2024-0769   

regreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server

Apple IDs Targeted in US Smishing Campaign        

High-Precision Branch Target Injection Attacks Exploiting the Indirect Branch Predictor  

blog.ethereum.org mailing list incident  

July 2: Polyfill.io Supply Chain Attack – Digging into the Web of Compromised Domains  

New Intel CPU Vulnerability ‘Indirector’ Exposes Sensitive Data

 Attack Cases Against HTTP File Server (HFS) (CVE-2024-23692)  

Intelligence and Information Warfare 

TeamViewer IT security update  

How the CIA is using generative AI — now and into the future 

China-Nexus Threat Group ‘Velvet Ant’ Exploits Cisco Zero-Day (CVE-2024-20399) to Compromise Nexus Switch Devices – Advisory for Mitigation and Response

UN urges Russia to ‘immediately’ cease interference in European satellites

Polish news agency probably hit by Russian cyberattack, minister says 

How Intelligence Sharing Can Help Keep Major Worldwide Sporting Events on Track       

Cybersecurity  

If you’re using Polyfill.io code on your site – like 100,000+ are – remove it immediately  

Fintech company Wise says some customers affected by Evolve Bank data breach   

Brazil data regulator bans Meta from mining data to train AI models   

Vulnerabilities in PanelView Plus devices could lead to remote code execution   

A Hacker Stole OpenAI Secrets, Raising Fears That China Could, Too  

There’s a new government in the UK. What can we expect from it on cyber? 

Ticketmaster discredits dark web claims of stolen barcodes for Taylor Swift concerts  

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)