Security Affairs newsletter Round 433 by Pierluigi Paganini – International edition


A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Over 3,000 Android Malware spotted using unsupported/unknown compression methods to avoid detection
WinRAR flaw enables remote code execution of arbitrary code
#OpFukushima: Anonymous group protests against the plan to dump Fukushima RADIOACTIVE wastewater into Pacific
Massive phishing campaign targets users of the Zimbra Collaboration email server
Africa Cyber Surge II law enforcement operation has led to the arrest of 14 suspects
Bronze Starlight targets the Southeast Asian gambling sector
APT29 is targeting Ministries of Foreign Affairs of NATO-aligned countries
A massive campaign delivered a proxy server application to 400,000 Windows systems
Alarming lack of cybersecurity practices on world’s most popular websites
Experts devise an exploit for Apple iOS 16 that relies on fake Airplane Mode
Cleaning Products manufacturer Clorox Company took some systems offline after a cyberattack
CISA adds flaw in Citrix ShareFile to its Known Exploited Vulnerabilities catalog
A massive phishing campaign using QR codes targets the energy sector
Two unauthenticated stack buffer overflows found in Ivanti Avalanche EMM
Approximately 2000 Citrix NetScaler servers were backdoored in a massive campaign
Credentials for cybercrime forums found on roughly 120K computers infected with info stealers
Monti Ransomware gang launched a new Linux encryptor
Hacking ATMs by exploiting flaws in ScrutisWeb ATM fleet software
QwixxRAT, a new Windows RAT appears in the threat landscape
Ongoing Xurum attacks target Magento 2 e-stores
Colorado HCPF Department notifies 4 million individuals after IBM MOVEit breach
Experts found multiple flaws in AudioCodes desk phones and Zoom’s Zero Touch Provisioning (ZTP)
Nine flaws in CyberPower and Dataprobe solutions expose data centers to hacking
Multiple flaws in CODESYS V3 SDK could lead to RCE or DoS
The DHS’s CSRB to review cloud security practices following the hack of Microsoft Exchange govt email accounts

Cybercrime

100,000 Hackers Exposed from Top Cybercrime Forums

Major Energy Company Targeted in Large QR Code Campaign

Cybercrime: 14 arrests, thousands of illicit cyber networks disrupted in Africa operation

Mass-spreading campaign targeting Zimbra users

Cyber security researchers become target of criminal hackers

Diligere, Equity-Invest Are New Firms of U.K. Con Man

Malware

Unwanted Guests: Mitigating Remote Access Trojan Infection Risk

Monti Ransomware Unleashes a New Encryptor for Linux

Approximately 2000 Citrix NetScalers backdoored in mass-exploitation campaign

ProxyNation: The dark nexus between proxy apps and malware

Over 3,000 Android Malware Samples Using Multiple Techniques to Bypass Detection

Hacking

Multiple high severity vulnerabilities in CODESYS V3 SDK could lead to RCE or DoS

The Threat Lurking in Data Centers – Hack Power Management Systems, Take All the Power

Zero Touch Pwn: Abusing Zoom’s Zero Touch Provisioning for Remote Attacks on Desk Phones

Xurum: New Magento Campaign Discovered

Exploits Explained: Finding Flaws in an ATM Software Tool

Hackers attack Japan nuclear websites over Fukushima water plan

RARLAB WinRAR Recovery Volume Improper Validation of Array Index Remote Code Execution Vulnerability

This $70 device can spoof an Apple device and trick you into sharing your password

Intelligence and Information Warfare

North Korean Hackers Suspected in New Wave of Malicious npm Packages

German Embassy Lure: Likely Part of Campaign Against NATO Aligned Ministries of Foreign Affairs

Chinese Entanglement | DLL Hijacking in the Asian Gambling Sector

Cybersecurity

Navigating rising storm of maritime cyber threats, as cyber adversaries strike port systems and networks

India Passes New Digital Personal Data Protection Bill (DPDPB), Putting Users’ Privacy First

Indicators of Compromise Scanner for Citrix ADC Zero-Day (CVE-2023-3519)

LinkedIn hack: You need to check your LinkedIn account

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)

The post Security Affairs newsletter Round 433 by Pierluigi Paganini – International edition appeared first on Security Affairs.





Source link