National Cyber Warfare Foundation (NCWF)

Security Affairs newsletter Round 492 by Pierluigi Paganini INTERNATIONAL EDITION


0 user ratings
2024-10-06 23:22:14
milo
Blue Team (CND)
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. WordPress LiteSpeed Cache plugin flaw could allow site takeover Apple iOS 18.0.1 and iPadOS 18.0.1 fix media session […


A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box.





Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.





WordPress LiteSpeed Cache plugin flaw could allow site takeover
Apple iOS 18.0.1 and iPadOS 18.0.1 fix media session and passwords bugsGoogle removed Kaspersky’s security apps from the Play Store
New Perfctl Malware targets Linux servers in cryptomining campaign
Microsoft and DOJ seized the attack infrastructure used by Russia-linked Callisto Group
Dutch police breached by a state actor
Thousands of Adobe Commerce e-stores hacked by exploiting the CosmicSting bug
Cloudflare mitigated new record-breaking DDoS attack of 3.8 Tbps
Telegram revealed it shared U.S. user data with law enforcement
U.S. CISA adds Ivanti Endpoint Manager (EPM) flaw to its Known Exploited Vulnerabilities catalog
14 New DrayTek routers’ flaws impacts over 700,000 devices in 168 countries
Rhadamanthys information stealer introduces AI-driven capabilities
Critical Zimbra Postjournal flaw CVE-2024-45519 actively exploited in the wild. Patch it now!
Police arrested four new individuals linked to the LockBit ransomware operation
UMC Health System diverted patients following a ransomware attack
U.S. CISA adds D-Link DIR-820 Router, DrayTek Multiple Vigor Router, Motion Spell GPAC, SAP Commerce Cloud bugs to its Known Exploited Vulnerabilities catalog
News agency AFP hit by cyberattack, client services impacted
North Korea-linked APT Kimsuky targeted German defense firm Diehl Defence
Patelco Credit Union data breach impacted over 1 million people
Community Clinic of Maui discloses a data breach following May Lockbit ransomware attack
A British national has been charged for his execution of a hack-to-trade scheme
Critical NVIDIA Container Toolkit flaw could allow access to the underlying host
Israel army hacked the communication network of the Beirut Airport control tower




International Press – Newsletter





Cybercrime  





U.K. National Charged with Multimillion-Dollar Hack-to-Trade Fraud Scheme  





Crooked Cops, Stolen Laptops & the Ghost of UGNazi 





Investigating Infrastructure and Tactics of Phishing-as-a-Service Platform Sniper Dz 





Police arrest four suspects linked to LockBit ransomware gang





How the FBI and Mandiant caught a ‘serial hacker’ who tried to fake his own death





FIN7 hosting honeypot domains with malicious AI DeepNude Generators – New Silent Push research     





Arrests in international operation targeting cybercriminals in West Africa 





A Single Cloud Compromise Can Feed an Army of AI Sex Bots  





Pig Butchering Alert: Fraudulent Trading App targeted iOS and Android users





Fraudsters imprisoned for scamming Apple out of 6,000 iPhones





Malware





Rhadamanthys Stealer Adds Innovative AI Feature in Version 0.7.0





Threat Actors leverage Docker Swarm and Kubernetes to mine cryptocurrency at scale  





Crypto-Stealing Code Lurking in Python Package Dependencies     





Fake browser updates spread updated WarmCookie malware





Hacking





Demystifying Physical Memory Primitive Exploitation on Windows  





Trojan cars: Why the US fears Chinese cyberattacks on electric vehicles





Wiz Research Finds Critical NVIDIA AI Vulnerability Affecting Containers Using NVIDIA GPUs, Including Over 35% of Cloud Environments      





Zimbra – Remote Command Execution (CVE-2024-45519)  





Critical Zimbra Vulnerability Exploited One Day After PoC Release





Zero-Day Breach at Rackspace Sparks Vendor Blame Game 





Thousands of Adobe Commerce stores hacked in competing CosmicSting campaigns





Unauthenticated Stored XSS Vulnerability in LiteSpeed Cache Plugin Affecting 6+ Million Sites   





Intelligence and Information Warfare 





Israel reportedly hacks Beirut airport control tower, warns Iranian plane not to land  





Army to close active information operations command as it moves those ops to smaller specialized units  





FSB Center for Special Technologies (TsST): Crafting Russia’s Cyber Weapons for Information Warfare  





North Korean hackers targeted arms company Diehl  





The Silent Battlefield Above: Unraveling Russia’s Cyber Operations Against Military Satellites and Space Assets  





Chinese Military Exploring Wasy to Win in Intelligent Warfare Amidst Change & Constancy





North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks





Dutch government blames a ‘state actor’ for hacking a police network





Justice Department Disrupts Russian Intelligence Spear-Phishing Efforts  





Deep Dive into North Korea’s Ongoing Campaign Against Southeast Asia





Separating the bee from the panda: CeranaKeeper making a beeline for Thailand  





Cybersecurity





Endpoint Prevention and Response (EPR) Test findings





Critical Flaws in Tank Gauge Systems Expose Gas Stations to Remote Attacks





Media giant AFP hit by cyberattack impacting news delivery services





SecurityCracking the Cloud: The Persistent Threat of Credential-Based Attacks  





Dray:Break





Fake memories, persistent threats: When AI remembers what isn’t true  





Telegram Confirms it Gave U.S. User Data to the Cops 





First Ai-iD Kit toolkit built to empower and educate everyone about deepfakes





How Cloudflare auto-mitigated world record 3.8 Tbps DDoS attack  





Protecting Democratic Institutions from Cyber Threats





Finding a needle in a haystack: Machine learning at the forefront of threat hunting research      





German-French recommendations for the use of AI programming assistants  





Pixel’s Proactive Approach to Security: Addressing Vulnerabilities in Cellular Modems





Subscribe to the newsletter for free here:





https://www.linkedin.com/build-relation/newsletter-follow?entityUrn=7093942975545667584





Follow me on Twitter: @securityaffairs and Facebook and Mastodon





Pierluigi Paganini





(SecurityAffairs –hacking, newsletter)







Source: SecurityAffairs
Source Link: https://securityaffairs.com/169417/breaking-news/security-affairs-newsletter-round-492-by-pierluigi-paganini-international-edition.html


Comments
new comment
Nobody has commented yet. Will you be the first?
 
Forum
Blue Team (CND)



Copyright 2012 through 2024 - National Cyber Warfare Foundation - All rights reserved worldwide.