A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box.
Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.
| Pro-Russia group NoName targeted the websites of Italian airports |
| North Korea actors use OtterCookie malware in Contagious Interview campaign |
| Experts warn of a surge in activity associated FICORA and Kaiten botnets |
| Palo Alto Networks fixed a high-severity PAN-OS flaw |
| Brazilian citizen charged for threatening to release data stolen from a company in 2020 |
| A new Mirai botnet variant targets DigiEver DS-2105 Pro DVRs |
| A ransomware attack disrupted services at Pittsburgh Regional Transit |
| A cyber attack hit Japan Airlines delaying ticket sales for flights |
| Apache fixed a critical SQL Injection in Apache Traffic Control |
| BellaCPP, Charming Kitten’s BellaCiao variant written in C++ |
| DMM Bitcoin $308M Bitcoin heist linked to North Korea |
| Adobe is aware that ColdFusion bug CVE-2024-53961 has a known PoC exploit code |
| Apache Foundation fixed a severe Tomcat vulnerability |
| Italy’s data protection watchdog fined OpenAI €15 million over ChatGPT’s data management violations |
| U.S. CISA adds Acclaim Systems USAHERDS flaw to its Known Exploited Vulnerabilities catalog |
| U.S. Court rules against NSO Group in WhatsApp spyware Lawsuit |
| Lazarus APT targeted employees at an unnamed nuclear-related organization |
| US charged Dual Russian and Israeli National as LockBit Ransomware developer |
International Press – Newsletter
Cybercrime
Phishing platform Rockstar 2FA trips, and “FlowerStorm” picks up the pieces
Pittsburgh Regional Transit attributes recent service disruptions to ransomware attack
Brazilian Man Charged With Making Extortionate Threats To Publicize Stolen Data Obtained By Unlawful Computer Intrusion
Malware
Now You See Me, Now You Don’t: Using LLMs to Obfuscate Malicious JavaScript
Analyzing Malicious Intent in Python Code: A Case Study
DigiEver Fix That IoT Thing!
Hacking
The Insecure IoT Cloud Strikes Again: RCE on Ruijie Cloud-Connected Devices
Cybersecurity firm’s Chrome extension hijacked to steal users’ data
Japan Airlines was hit by a cyberattack, delaying flights during the year-end holiday season
Hackers exploit DoS flaw to disable Palo Alto Networks firewalls
Intelligence and Information Warfare
Ukraine’s state registers hit with one of Russia’s largest cyberattacks, officials say
Lazarus group evolves its infection chain with old and new malware
FBI, DC3, and NPA Identification of North Korean Cyber Actors, Tracked as TraderTraitor, Responsible for Theft of $308 Million USD from Bitcoin.DMM.com
BellaCPP: Discovering a new BellaCiao variant written in C++
OtterCookie, a new malware used by Contagious Interview
Recent Cases of Watering Hole Attacks, Part 2
Cybersecurity
U.S. Judge Rules Against NSO Group in WhatsApp Pegasus Spyware Case
Italy fines OpenAI over ChatGPT privacy rules breach
Adobe Patches ColdFusion Flaw at High Risk of Exploitation
The Intersection of AI and OSINT: Advanced Threats On The Horizon
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, newsletter)
