A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.
| Over 3,000 Android Malware spotted using unsupported/unknown compression methods to avoid detection |
| WinRAR flaw enables remote code execution of arbitrary code |
| #OpFukushima: Anonymous group protests against the plan to dump Fukushima RADIOACTIVE wastewater into Pacific |
| Massive phishing campaign targets users of the Zimbra Collaboration email server |
| Africa Cyber Surge II law enforcement operation has led to the arrest of 14 suspects |
| Bronze Starlight targets the Southeast Asian gambling sector |
| APT29 is targeting Ministries of Foreign Affairs of NATO-aligned countries |
| A massive campaign delivered a proxy server application to 400,000 Windows systems |
| Alarming lack of cybersecurity practices on world’s most popular websites |
| Experts devise an exploit for Apple iOS 16 that relies on fake Airplane Mode |
| Cleaning Products manufacturer Clorox Company took some systems offline after a cyberattack |
| CISA adds flaw in Citrix ShareFile to its Known Exploited Vulnerabilities catalog |
| A massive phishing campaign using QR codes targets the energy sector |
| Two unauthenticated stack buffer overflows found in Ivanti Avalanche EMM |
| Approximately 2000 Citrix NetScaler servers were backdoored in a massive campaign |
| Credentials for cybercrime forums found on roughly 120K computers infected with info stealers |
| Monti Ransomware gang launched a new Linux encryptor |
| Hacking ATMs by exploiting flaws in ScrutisWeb ATM fleet software |
| QwixxRAT, a new Windows RAT appears in the threat landscape |
| Ongoing Xurum attacks target Magento 2 e-stores |
| Colorado HCPF Department notifies 4 million individuals after IBM MOVEit breach |
| Experts found multiple flaws in AudioCodes desk phones and Zoom’s Zero Touch Provisioning (ZTP) |
| Nine flaws in CyberPower and Dataprobe solutions expose data centers to hacking |
| Multiple flaws in CODESYS V3 SDK could lead to RCE or DoS |
| The DHS’s CSRB to review cloud security practices following the hack of Microsoft Exchange govt email accounts |
Cybercrime
100,000 Hackers Exposed from Top Cybercrime Forums
Major Energy Company Targeted in Large QR Code Campaign
Cybercrime: 14 arrests, thousands of illicit cyber networks disrupted in Africa operation
Mass-spreading campaign targeting Zimbra users
Cyber security researchers become target of criminal hackers
Diligere, Equity-Invest Are New Firms of U.K. Con Man
Malware
Unwanted Guests: Mitigating Remote Access Trojan Infection Risk
Monti Ransomware Unleashes a New Encryptor for Linux
Approximately 2000 Citrix NetScalers backdoored in mass-exploitation campaign
ProxyNation: The dark nexus between proxy apps and malware
Over 3,000 Android Malware Samples Using Multiple Techniques to Bypass Detection
Hacking
Multiple high severity vulnerabilities in CODESYS V3 SDK could lead to RCE or DoS
The Threat Lurking in Data Centers – Hack Power Management Systems, Take All the Power
Zero Touch Pwn: Abusing Zoom’s Zero Touch Provisioning for Remote Attacks on Desk Phones
Xurum: New Magento Campaign Discovered
Exploits Explained: Finding Flaws in an ATM Software Tool
Hackers attack Japan nuclear websites over Fukushima water plan
RARLAB WinRAR Recovery Volume Improper Validation of Array Index Remote Code Execution Vulnerability
This $70 device can spoof an Apple device and trick you into sharing your password
Intelligence and Information Warfare
North Korean Hackers Suspected in New Wave of Malicious npm Packages
German Embassy Lure: Likely Part of Campaign Against NATO Aligned Ministries of Foreign Affairs
Chinese Entanglement | DLL Hijacking in the Asian Gambling Sector
Cybersecurity
Navigating rising storm of maritime cyber threats, as cyber adversaries strike port systems and networks
India Passes New Digital Personal Data Protection Bill (DPDPB), Putting Users’ Privacy First
Indicators of Compromise Scanner for Citrix ADC Zero-Day (CVE-2023-3519)
LinkedIn hack: You need to check your LinkedIn account
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, newsletter)
The post Security Affairs newsletter Round 433 by Pierluigi Paganini – International edition appeared first on Security Affairs.