A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.
| Someone is sending mysterious smartwatches to the US Military personnel |
| CISA orders govt agencies to fix recently disclosed flaws in Apple devices |
| VMware fixed five memory corruption issues in vCenter Server |
| Fortinet fixes critical FortiNAC RCE, install updates asap |
| More than a million GitHub repositories potentially vulnerable to RepoJacking |
| New Mirai botnet targets tens of flaws in popular IoT devices |
| Researchers released a PoC exploit for CVE-2023-20178 flaw in Cisco AnyConnect Secure |
| Norton parent firm Gen Digital, was victim of a MOVEit attack too |
| Apple addressed actively exploited zero-day flaws in iOS, macOS, and Safari |
| Analyzing the TriangleDB implant used in Operation Triangulation Russia-linked APT28 hacked Roundcube email servers of Ukrainian entities |
| New Condi DDoS botnet targets TP-Link Wi-Fi routers |
| Critical RCE flaw CVE-2023-20887 in VMware vRealize exploited in the wild |
| 3CX data exposed, third-party to blame |
| New Tsunami botnet targets Linux SSH servers |
| Zyxel addressed critical flaw CVE-2023-27992 in NAS Devices |
| Tackling Data Sovereignty with DDR |
| ASUS addressed critical flaws in some router models |
| Experts found components of a complex toolkit employed in macOS attacks |
| EU member states are urged to restrict without delay 5G equipment from risky suppliers Diicot cybercrime gang expands its attack capabilities |
| Microsoft: June Outlook and cloud platform outages were caused by DDoS |
Cybercrime
US govt offers $10 million bounty for info on Clop ransomware
FBI seizes BreachForums after arresting its owner Pompompurin in March
US Military Personnel Receiving Unsolicited, Suspicious Smartwatches
Twitter Hacker Sentenced to 5 Years in Prison for $120,000 Crypto Scam
Reddit Files: BlackCat/ALPHV ransomware gang claims to have stolen 80GB of data from Reddit
US govt offers $10 million bounty for info linking Clop ransomware gang to a foreign government.
Malware
Tracking Diicot: an emerging Romanian threat actor
Fragments of Cross-Platform Backdoor Hint at Larger Mac OS Attack
Tsunami DDoS Malware Distributed to Linux SSH Servers
Condi DDoS Botnet Spreads via TP-Link’s CVE-2023-1389
Dissecting TriangleDB, a Triangulation spyware implant
Why Malware Crypting Services Deserve More Scrutiny
Hacking
Microsoft Response to Layer 7 Distributed Denial of Service (DDoS) Attacks
VMware warns of critical vRealize flaw exploited in attacks
Researchers Expose New Severe Flaws in Wago and Schneider Electric OT Products
PoC Exploit Published for Cisco AnyConnect Secure Vulnerability
GitHub Dataset Research Reveals Millions Potentially Vulnerable to RepoJacking
Intelligence and Information Warfare
BlueDelta Exploits Ukrainian Government Roundcube Mail Servers to Support Espionage Activities
APT28 group used three Roundcube exploits (CVE-2020-35730, CVE-2021-44026, CVE-2020-12641) during another espionage campaign (CERT-UA#6805)
China-Linked APT15 Targets Foreign Ministries With ‘Graphican’ Backdoor
Cybersecurity
Second report on Member States’ progress in implementing the EU Toolbox on 5G Cybersecurity
Google Backs Creation of Cybersecurity Clinics With $20 Million Donation
U.S. Cybersecurity Agency Adds 6 Flaws to Known Exploited Vulnerabilities Catalog
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, newsletter)
The post Security Affairs newsletter Round 425 by Pierluigi Paganini – International edition appeared first on Security Affairs.