A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box.
Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.
| North Korea-linked APT Citrine Sleet exploit Chrome zero-day to deliver FudModule rootkit |
| Fortra fixed two severe issues in FileCatalyst Workflow, including a critical flaw |
| Threat actors exploit Atlassian Confluence bug in cryptomining campaigns |
| Russia-linked APT29 reused iOS and Chrome exploits previously developed by NSO Group and Intellexa |
| Cisco addressed a high-severity flaw in NX-OS software |
| Corona Mirai botnet spreads via AVTECH CCTV zero-day |
| Telegram CEO Pavel Durov charged in France for facilitating criminal activities |
| Iran-linked group APT33 adds new Tickler malware to its arsenal |
| U.S. CISA adds Google Chromium V8 bug to its Known Exploited Vulnerabilities catalog |
| Young Consulting data breach impacts 954,177 individuals |
| BlackByte Ransomware group targets recently patched VMware ESXi flaw CVE-2024-37085 |
| US offers $2.5M reward for Belarusian man involved in mass malware distribution |
| U.S. CISA adds Apache OFBiz bug to its Known Exploited Vulnerabilities catalog |
| Critical flaw in WPML WordPress plugin impacts 1M websites |
| China-linked APT Volt Typhoon exploited a zero-day in Versa Director |
| Researchers unmasked the notorious threat actor USDoD |
| The Dutch Data Protection Authority (DPA) has fined Uber a record €290M |
| Google addressed the tenth actively exploited Chrome zero-day this year |
| SonicWall addressed an improper access control issue in its firewalls |
| A cyberattack impacted operations at the Port of Seattle and Sea-Tac Airport |
| Linux malware sedexp uses udev rules for persistence and evasion |
| France police arrested Telegram CEO Pavel Durov |
| U.S. CISA adds Versa Director bug to its Known Exploited Vulnerabilities catalog |
International Press – Newsletter
Cybercrime
Telegram messaging app CEO Durov arrested in France
Thousands of travelers, airport operations impacted by Port of Seattle cyberattack
Hacker who stole 3 billion US data was discovered and is Brazilian
Pressure Grows in Congress to Treat Crypto Investigator Tigran Gambaryan, Jailed in Nigeria, as a Hostage
Reward for Information: Belarusian National Volodymyr Kadariya
Phishing in Style: Microsoft Sway Abused to Deliver Quishing Attacks
French Authorities Charge Telegram CEO with Facilitating Criminal Activities on Platform
Scam Sites at Scale: LLMs Fueling a GenAI Criminal Revolution
2 men from Europe charged with ‘swatting’ plot targeting former US president and members of Congress
Malware
Unveiling “sedexp”: A Stealthy Linux Malware Exploiting udev Rules
Malware infiltrates Pidgin messenger’s official plugin repository
RansomHub ransomware-as-a-service
StopRansomware: RansomHub Ransomware
The Malware That Must Not Be Named: Suspected Espionage Campaign Delivers “Voldemort”
Hacking
WPML Multilingual CMS Authenticated Contributor+ Remote Code Execution (RCE) via Twig Server-Side Template Injection (SSTI)
Identify and Exploit Vulnerabilities in Routers: An Introductory Guide & Technical Case Studies
How to discover a major hacker’s identity with OSINT — Solution 1
May 2024 Cyber Attacks Statistics
Beware the Unpatchable: Corona Mirai Botnet Spreads via Zero-Day
Linux Detection Engineering – A Sequel on Persistence Mechanism
How AitM Phishing Attacks Bypass MFA and EDR—and How to Fight Back
Analysis of two arbitrary code execution vulnerabilities affecting WPS Office
Threat Actors Target the Middle East Using Fake Palo Alto GlobalProtect Tool
When Get-Out-The-Vote Efforts Look Like Phishing
Bypassing airport security via SQL injection
Intelligence and Information Warfare
New 0-Day Attacks Linked to China’s ‘Volt Typhoon’
Taking the Crossroads: The Versa Director Zero-Day Exploitation
South Korea’s “Pseudo Hunter” APT organization uses multiple domestic software vulnerabilities to attack China
Peach Sandstorm deploys new custom Tickler malware in long-running intelligence gathering operations
Telegram Founder Was Wooed and Targeted by Governments
I Spy With My Little Eye: Uncovering an Iranian Counterintelligence Operation
Russian government hackers found using exploits made by spyware companies NSO and Intellexa
State-backed attackers and commercial surveillance vendors repeatedly use the same exploits
CISA and Partners Release Advisory on Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations
North Korean threat actor Citrine Sleet exploiting Chromium zero-day
North Korea Still Attacking Developers via npm
Cybersecurity
FAA to issue cyber rule for newly built airplanes and equipment
SonicWall Issues Critical Patch for Firewall Vulnerability Allowing Unauthorized Access
Dutch DPA imposes a fine of 290 million euro on Uber because of transfers of drivers’ data to the US
Research AI model unexpectedly attempts to modify its own code to extend runtime
Chinese broadband satellites may be Beijing’s flying spying censors, think tank warns
Signal Is More Than Encrypted Messaging. Under Meredith Whittaker, It’s Out to Prove Surveillance Capitalism Wrong
EU investigating Telegram over user numbers
Cryptojacking via CVE-2023-22527: Dissecting a Full-Scale Cryptomining Ecosystem
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, newsletter)
