Security Affairs newsletter Round 479 by Pierluigi Paganini – INTERNATIONAL EDITION

International Press – Newsletter

Cybercrime  

USD 257 million seized in global police crackdown against online scams  

Man charged over creation of ‘evil twin’ free WiFi networks to access personal data  

Europol coordinates global action against criminal abuse of Cobalt Strike

Twilio says hackers identified cell phone numbers of two-factor app Authy users  

HealthEquity data breach exposes protected health information

The Rise of Packet Rate Attacks: When Core Routers Turn Evil 

Free Tickets? Fraud Alert: Hackers Leak Taylor Swift’s ERAS Tour Barcodes Targeting Ticketmaster         

Some data is ‘breached’ during a hacking attack on the Alabama Education Department  

Malware

CapraTube Remix | Transparent Tribe’s Android Spyware Targeting Gamers, Weapons Enthusiasts

Supply Chain Compromise Leads to Trojanized Installers for Notezilla, RecentX, Copywhiz 

MerkSpy: Exploiting CVE-2021-40444 to Infiltrate Systems 

Meet Brain Cipher — The new ransomware behind Indonesia’s data center attack            

Hacking

Perma-Vuln: D-Link DIR-859, CVE-2024-0769   

regreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server

Apple IDs Targeted in US Smishing Campaign        

High-Precision Branch Target Injection Attacks Exploiting the Indirect Branch Predictor  

blog.ethereum.org mailing list incident  

July 2: Polyfill.io Supply Chain Attack – Digging into the Web of Compromised Domains  

New Intel CPU Vulnerability ‘Indirector’ Exposes Sensitive Data

 Attack Cases Against HTTP File Server (HFS) (CVE-2024-23692)  

Intelligence and Information Warfare 

TeamViewer IT security update  

How the CIA is using generative AI — now and into the future 

China-Nexus Threat Group ‘Velvet Ant’ Exploits Cisco Zero-Day (CVE-2024-20399) to Compromise Nexus Switch Devices – Advisory for Mitigation and Response

UN urges Russia to ‘immediately’ cease interference in European satellites

Polish news agency probably hit by Russian cyberattack, minister says 

How Intelligence Sharing Can Help Keep Major Worldwide Sporting Events on Track       

Cybersecurity  

If you’re using Polyfill.io code on your site – like 100,000+ are – remove it immediately  

Fintech company Wise says some customers affected by Evolve Bank data breach   

Brazil data regulator bans Meta from mining data to train AI models   

Vulnerabilities in PanelView Plus devices could lead to remote code execution   

A Hacker Stole OpenAI Secrets, Raising Fears That China Could, Too  

There’s a new government in the UK. What can we expect from it on cyber? 

Ticketmaster discredits dark web claims of stolen barcodes for Taylor Swift concerts  

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)