A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.
| TikTok fined €345M by Irish DPC for violating children’s privacy |
| Iranian Peach Sandstorm group behind recent password spray attacks |
| Dariy Pankov, the NLBrute malware author, pleads guilty |
| Dangerous permissions detected in top Android health apps |
| Caesars Entertainment paid a ransom to avoid stolen data leaks |
| Free Download Manager backdoored to serve Linux malware for more than 3 years |
| Lockbit ransomware gang hit the Carthage Area Hospital and the Clayton-Hepburn Medical Center in New York |
| UK Greater Manchester Police disclosed a data breach |
| The iPhone of a Russian journalist was infected with the Pegasus spyware |
| Kubernetes flaws could lead to remote code execution on Windows endpoints |
| Threat actor leaks sensitive data belonging to Airbus |
| A new ransomware family called 3AM appears in the threat landscape |
| Redfly group infiltrated an Asian national grid as long as six months |
| Mozilla fixed a critical zero-day in Firefox and Thunderbird |
| Microsoft September 2023 Patch Tuesday fixed 2 actively exploited zero-day flaws |
| Save the Children confirms it was hit by cyber attack |
| Adobe fixed actively exploited zero-day in Acrobat and Reader |
| A new Repojacking attack exposed over 4,000 GitHub repositories to hack |
| MGM Resorts hit by a cyber attack |
| Anonymous Sudan launched a DDoS attack against Telegram |
| Iranian Charming Kitten APT targets various entities in Brazil, Israel, and the U.A.E. using a new backdoor |
| GOOGLE FIXED THE FOURTH CHROME ZERO-DAY OF 2023 |
| CISA adds recently discovered Apple zero-days to Known Exploited Vulnerabilities Catalog |
| UK and US sanctioned 11 members of the Russia-based TrickBot gang |
| New HijackLoader malware is rapidly growing in popularity in the cybercrime community |
| Some of TOP universities wouldn’t pass cybersecurity exam: left websites vulnerable |
| Evil Telegram campaign: Trojanized Telegram apps found on Google Play |
| Rhysida Ransomware gang claims to have hacked three more US hospitals |
| Akamai prevented the largest DDoS attack on a US financial company |
Cybercrime
Manchester Police officers’ data exposed in ransomware attack
An Avoidable Breach — FBI Hacker Leaks Sensitive Airbus Data
Upstate New York nonprofit hospitals still facing issues after LockBit ransomware attack
Caesars Entertainment, Inc. ransomware attack
Russian Malware Developer Pleads Guilty To Conspiracy To Commit Wire And Computer Fraud
Site for Generating Non-Consensual AI Porn Restricts Content Following 404 Media Investigation
Major trucking software provider confirms ransomware incident
Malware
Spyware messengers on Google Play
Evil Telegram doppelganger attacks Chinese users
Technical Analysis of HijackLoader
United States and United Kingdom Sanction Additional Members of the Russia-Based Trickbot Cybercrime Gang
Ransomware, extortion and the cyber crime ecosystem
3AM: New Ransomware Family Used As Fallback in Failed LockBit Attack
In a first, spyware is found on phone of prominent Russian journalist
Free Download Manager backdoored – a possible supply chain attack on Linux machines
The State of Ransomware in the US: Report and Statistics 2022
Probe reveals previously secret Israeli spyware that infects targets via ads
Hacking
Akamai Prevents the Largest DDoS Attack on a U.S. Financial Company
Geolocating a Traveler via OSINT techniques
Telegram Hit by a DDoS Attack: What Is the Cause Behind It?
‘Cybersecurity Issue’ Forces Systems Shutdown at MGM Hotels and Casinos
Persistent Threat: New Exploit Puts Thousands of GitHub Repositories and Millions of Users at Risk
WiKI-Eve Attack: Intercepting Smartphone Keystrokes Through Wi-Fi Vulnerability
Can’t Be Contained: Finding a Command Injection Vulnerability in Kubernetes
Bypassing UAC with SSPI Datagram Contexts
Intelligence and Information Warfare
Suspected Chinese operatives using AI generated images to spread disinformation among US voters, Microsoft says
Sponsor with batch-filed whiskers: Ballistic Bobcat’s scan and strike backdoor
Redfly: Espionage Actors Continue to Target Critical Infrastructure
Pegasus Infection of Galina Timchenko, exiled Russian Journalist and Publisher
Peach Sandstorm password spray campaigns enable intelligence collection at high-value targets
More Russian journalists investigating possible spyware infections
Cybersecurity
The September 2023 security update review
Generative AI: A pragmatic blueprint for data security
Hacking Meduza: Pegasus spyware used to target Putin’s critic
ENISA Foresight 2030 Threats
TikTok fined €345m by Ireland’s data regulator for violating children’s privacy
NCSC Cyber Incident Response scheme now available to more organisations
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, newsletter)
The post Security Affairs newsletter Round 437 by Pierluigi Paganini – International edition appeared first on Security Affairs.