A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.
Police dismantled bulletproof hosting service provider Lolek Hosted |
Python URL parsing function flaw can enable command execution |
UK govt contractor MPD FM leaks employee passport data |
Power Generator in South Africa hit with DroxiDat and Cobalt Strike |
The Evolution of API: From Commerce to Cloud |
Gafgyt botnet is targeting EoL Zyxel routers |
Charming Kitten APT is targeting Iranian dissidents in Germany |
Statc Stealer, a new sophisticated info-stealing malware |
CISA discovered a new backdoor, named Whirlpool, used in Barracuda ESG attacks |
CISA adds actively exploited flaw in .NET, Visual Studio to its Known Exploited Vulnerabilities catalog |
US Govt launches Artificial Intelligence Cyber Challenge |
Data of all serving police officers Police Service of Northern Ireland (PSNI) mistakenly published online |
Balada Injector still at large – new domains discovered |
EvilProxy used in massive cloud account takeover scheme |
Downfall Intel CPU side-channel attack exposes sensitive data |
LockBit threatens to leak medical data of cancer patients stolen from Varian Medical Systems |
Microsoft Patch Tuesday for August 2023 fixed 2 actively exploited flaws |
UK Electoral Commission discloses a data breach |
43 Android apps in Google Play with 2.5M installs loaded ads when a phone screen was off |
Zoom trains its AI model with some user data, without giving them an opt-out option |
North Korea compromised Russian missile engineering firm NPO Mashinostroyeniya |
A new sophisticated SkidMap variant targets unsecured Redis servers |
FBI warns of crooks posing as NFT developers in fraudulent schema |
The number of ransomware attacks targeting Finland increased fourfold since it started the process to join NATO |
Microsoft fixed a flaw in Power Platform after being criticized |
Colorado Department of Higher Education (CDHE) discloses data breach after ransomware attack |
BlueCharlie changes attack infrastructure in response to reports on its activity |
Cybercrime
Criminals Pose as Non-Fungible Token (NFT) Developers to Target Internet Users with an Interest in NFT Acquisition
Interpol Busts Phishing-as-a-Service Platform ’16Shop,’ Leading to 3 Arrests
5 arrested in Poland for running bulletproof hosting service for cybercrime gangs
Administrator of ‘Bulletproof’ Webhosting Domain Charged in Connection with Facilitation of NetWalker Ransomware
Hackers Rig Casino Card-Shuffling Machines for ‘Full Control’ Cheating
Malware
Honeypot Recon: New Variant of SkidMap Targeting Redis
Invisible Adware: Unveiling Ad Fraud Targeting Korean Android Users
MAR-10454006.r4.v2 SEASPY and WHIRLPOOL Backdoors
Statc Stealer: Decoding the Elusive Malware Threat
Focus on DroxiDat/SystemBC
Hacking
UK Electoral Commission – Public notification of cyber-attack on Electoral Commission systems
Downfall Attacks
Cloud Account Takeover Campaign Leveraging EvilProxy Targets Top-Level Executives at over 100 Global Organizations
Zyxel Router Command Injection Attack
Python Parsing Error Enabling Bypass CVE-2023-24329
Teens Hacked Boston Subway Cards to Get Infinite Free Rides—and This Time, Nobody Got Sued
Intelligence and Information Warfare
Comrades in Arms? | North Korea Compromises Sanctioned Russian Missile Engineering Company
Ukrainian official touts country’s wartime cyber intelligence efforts
Iranian cyber spies are targeting dissidents in Germany, warns intelligence service
MoustachedBouncer: Espionage against foreign diplomats in Belarus
Department of Homeland Security’s Cyber Safety Review Board to Conduct Review on Cloud Security
Cybersecurity
Microsoft mitigates Power Platform Custom Code information disclosure vulnerability
Chinese Lawfare in the Maritime, Aviation, and Information Technology Domains
Zoom can now train its A.I. using some customer data, according to updated terms
THE AUGUST 2023 SECURITY UPDATE REVIEW
‘Monumental’ data breach exposes names of entire Northern Ireland police force
Pentagon launches AI competition to solicit help securing computer systems
Northern Ireland police may have endangered its own officers by posting details online in error
OpenAI’s web scraping GPTBot is under attack – here’s why
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, newsletter)
The post Security Affairs newsletter Round 432 by Pierluigi Paganini – International edition appeared first on Security Affairs.