A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box.
Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.
| Is the INC ransomware gang behind the attack on McLaren hospitals? |
| Crooks took control of a cow milking robot causing the death of a cow |
| Sonos smart speakers flaw allowed to eavesdrop on users |
| Five zero-days impacts EoL Cisco Small Business IP Phones. Replace them with newer models asap! |
| CISA adds Apache OFBiz and Android kernel bugs to its Known Exploited Vulnerabilities catalog |
| Russian cyber spies stole data and emails from UK government systems |
| 0.0.0.0 Day flaw allows malicious websites to bypass security in major browsers |
| FBI and CISA update a joint advisory on the BlackSuit Ransomware group |
| Rhysida Ransomware group claims to have breached Bayhealth Hospital in Delaware |
| Critical XSS bug in Roundcube Webmail allows attackers to steal emails and sensitive data |
| New Android spyware LianSpy relies on Yandex Cloud to avoid detection |
| Hackers breached MDM firm Mobile Guardian and wiped thousands of devices |
| A ransomware attack hit French museum network |
| CISA adds Microsoft COM for Windows bug to its Known Exploited Vulnerabilities catalog |
| Google warns of an actively exploited Android kernel flaw |
| Should Organizations Pay Ransom Demands? |
| Keytronic incurred approximately $17 million of expenses following ransomware attack |
| A flaw in Rockwell Automation ControlLogix 1756 could expose critical control systems to unauthorized access |
| China-linked APT41 breached Taiwanese research institute |
| Chinese StormBamboo APT compromised ISP to deliver malware |
| Hackers attempt to sell the personal data of 3 billion people resulting from an April data breach |
International Press – Newsletter
Cybercrime
Personal Data of 3 Billion People Stolen in Hack, Suit Says
Cryptonator founder indicted after platform found handling $235 million in illicit funds
SharpRhino – New Hunters International RAT identified by Quorum Cyber
French museum network hit by ransomware attack, but no disruptions are reported at Olympic events
Police recover over USD 40 million from international email scam
USPS Text Scammers Duped His Wife, So He Hacked Their Operation
Malware
Surge in Magniber ransomware attacks impact home users worldwide
BlankBot – a new Android banking trojan with screen recording, keylogging and remote control capabilities
LianSpy: new Android spyware targeting Russian users
Royal Ransomware Actors Rebrand as “BlackSuit,” FBI and CISA Release Update to Advisory
New Widespread Extension Trojan Malware Campaign
Hacking
Bypassing Rockwell Automation Logix Controllers’ Local Chassis Security Protection
Linux kernel impacted by new SLUBStick cross-cache attack
Bloody Wolf strikes organizations in Kazakhstan with STRRAT commercial malware
Hacker wipes 13,000 devices after breaching classroom management platform
Government Emails at Risk: Critical Cross-Site Scripting Vulnerability in Roundcube Webmail
0.0.0.0 Day: Exploiting Localhost APIs From the Browser
BlackHat USA 2024 – Listen-Up: Sonos Over-The-Air Remote Kernel Exploitation and Covert Wiretap
‘Sinkclose’ Flaw in Hundreds of Millions of AMD Chips Allows Deep, Virtually Unfixable Infections
E.U. Regulations Made the CrowdStrike Fiasco Much Worse
Hotel to Search Rooms During DEF CON Hacking Conference
Intelligence and Information Warfare
StormBamboo Compromises ISP to Abuse Insecure Software Update Mechanisms
APT41 likely compromised Taiwanese government-affiliated research institute with ShadowPad and Cobalt Strike
North Korean hackers exploit VPN update flaw to install malware
Moscow’s Spies Were Stealing US Tech — Until the FBI Started a Sabotage Campaign
How the FBI Is Hunting North Korean Hackers Who Attacked U.S. Healthcare System
Stressed Pungsan: DPRK-aligned threat actor leverages npm for initial access
Exclusive: Russian spies hacked UK government systems earlier this year, stole data and emails
Cybersecurity
The human body is the next cyber battlefield — and I’m living proof
Elon Musk’s X under pressure from regulators over data harvesting for Grok AI
How the theft of 40M UK voter register records was entirely preventable
SonicWall Discovers Second Critical Apache OFBiz Zero-Day Vulnerability
Google Patches New Android Kernel Vulnerability Exploited in the Wild
CrowdStrike trying to use legal threats to suppress criticism and parody of global IT outage
Leaked Documents Show Nvidia Scraping ‘A Human Lifetime’ of Videos Per Day to Train AI
Industry report says 92% of ICT jobs will be transformed by AI
Crowdstrike Channel File 291 Incident: Root Cause Analysis is Available
macOS Sequoia brings better Gatekeeper, stalkerware protections
Cisco warns of critical RCE zero-days in end of life IP phones
Microsoft Hits Back at Delta After the Airline Said Last Month’s Tech Outage Cost It $500 Million
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, newsletter)