A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box.
Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.
| Malicious npm packages target Ethereum developers |
| US Treasury Department sanctioned Chinese cybersecurity firm linked to Flax Typhoon APT |
| FireScam Android info-stealing malware supports spyware capabilities |
| Richmond University Medical Center data breach impacted 674,033 individuals |
| Apple will pay $95 Million to settle lawsuit over Siri’s alleged eavesdropping |
| LDAPNightmare, a PoC exploit targets Windows LDAP flaw CVE-2024-49113 |
| Around 3.3 million POP3 and IMAP mail servers lack TLS encryption |
| A US soldier was arrested for leaking presidential call logs |
| DoubleClickjacking allows clickjacking on major websites |
| Russian media outlets Telegram channels blocked in European countries |
| Three Russian-German nationals charged with suspicion of secret service agent activity |
| Lumen reports that it has locked out the Salt Typhoon group from its network |
| Proposed updates to HIPAA Security Rule mandate to restore the loss of certain relevant electronic information systems and data within 72 hours |
| U.S. Treasury sanctions Russian and Iranian entities for interfering in the presidential election |
| Rhode Island ’s data from health benefits system leaked on the dark web |
| Hacking campaign compromised at least 16 Chrome browser extensions |
| China-linked actors hacked US Treasury Department |
| An X user claimed a 7-Zip zero-day vulnerability, but 7-Zip’s creator says is a fake |
| Cisco states that the second data leak is linked to the one from October |
| Threat actors attempt to exploit a flaw in Four-Faith routers |
| ZAGG disclosed a data breach that exposed its customers’ credit card data |
| China-linked APT Salt Typhoon breached a ninth U.S. telecommunications firm |
International Press – Newsletter
Cybercrime
Cyberhaven Chrome Extension Hack Linked to Widening Supply Chain Campaign
Rhode Islanders’ data was leaked from a cyberattack on state health benefits website
US Army soldier who allegedly stole Trump’s AT&T call logs arrested
Atos, contractor for French military and intelligence agencies, dismisses ransomware attack claims
Malware
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
The Mac Malware of 2024
Inside FireScam : An Information Stealer with Spyware Capabilities
Malicious npm Campaign Targets Ethereum Developers with Fake Hardhat Packages
Hacking
How to Hack a Drone
Four-Faith Industrial Router CVE-2024-12856 Exploited in the Wild
Former NSA cyberspy’s not-so-secret hobby: Hacking Christmas lights
On the sixth day of Christmas, an X account gave to me: a fake 7-Zip ACE
Cyberhaven Extension Compromise
Cyberhaven’s preliminary analysis of the recent malicious Chrome extension
DoubleClickjacking: A New Era of UI Redressing
LDAPNightmare: SafeBreach Labs Publishes First Proof-of-Concept Exploit for CVE-2024-49113
Intelligence and Information Warfare
US Plans More Actions Against China Over Telecom Hack
China Hacked Treasury Dept. in ‘Major’ Breach, U.S. Says
US telco Lumen says its network is now clear of China’s Salt Typhoon hackers
Three Russian-German Nationals Charged with Espionage for Russian Secret Service
China claims ‘world’s first’ military 5G can connect 10,000 robots in any terrain
Theory of Mind: US military to build AI that predicts adversaries’ next moves
Treasury Sanctions Technology Company for Support to Malicious Cyber Group
Cybersecurity
AT&T and Verizon say networks secure after Salt Typhoon breach
Dirty DAG: New Vulnerabilities in Azure Data Factory’s Apache Airflow Integration
Treasury Sanctions Entities in Iran and Russia That Attempted to Interfere in the U.S. 2024 Election
HIPAA Security Rule Notice of Proposed Rulemaking to Strengthen Cybersecurity for Electronic Protected Health Information
Telegram blocks Russian state-owned media channels in several EU countries
Large language models can do jaw-dropping things. But nobody knows exactly why
Apple to Pay $95 Million to Settle Lawsuit Accusing Siri of Snoopy Eavesdropping
US sanctions China’s Integrity Technology over alleged hacking sweep
Meta’s AI Profiles Are Indistinguishable From Terrible Spam That Took Over Facebook
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, newsletter)
