Security Affairs newsletter Round 495 by Pierluigi Paganini – INTERNATIONAL EDITION


Security Affairs newsletter Round 495 by Pierluigi Paganini – INTERNATIONAL EDITION

Pierluigi Paganini
Security Affairs newsletter Round 495 by Pierluigi Paganini – INTERNATIONAL EDITION October 27, 2024

Security Affairs newsletter Round 495 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

International Press – Newsletter

Cybercrime  

Cisco Confirms Security Incident After Hacker Offers to Sell Data

Using gRPC and HTTP/2 for Cryptominer Deployment: An Unconventional Approach

Threat actor abuses Gophish to deliver new PowerRAT and DCRAT

Researchers link Polyfill supply chain attack to huge network of copycat gambling sites

Fake LockBit, Real Damage: Ransomware Samples Abuse AWS S3 to Steal Data 

Illicit Uses for Deepfake Technology

Largest Retail Breach in History: 350 Million “Hot Topic” Customers’ Personal & Payment Data Exposed — As a Result of Infostealer Infection          

Landmark, an administrator for insurance firms, says 800,000 affected by data breach

Voice-enabled AI agents can automate everything, even your phone scams

UnitedHealth says Change Healthcare hack affects over 100 million, the largest-ever US healthcare data breach  

Four REvil Ransomware Members Sentenced in Rare Russian Cybercrime Convictions

Malware

New Bumblebee Loader Infection Chain Signals Possible Resurgence   

Threat Actors Push ClickFix Fake Browser Updates Using Stolen Credentials  

ReliaQuest Uncovers New Black Basta Social Engineering Technique  

Unmasking Lumma Stealer: Analyzing Deceptive Tactics with Fake CAPTCHA  

TeamTNT’s Docker Gatling Gun Campaign

From cyber attacks to sabotage: How Israel’s covert operations are targeting Iran’s vital assets  

Hacking

Fake attachment. Roundcube mail server attacks exploit CVE-2024-37383 vulnerability   

“Hey ESET, Wait for the Leak”: Dissecting the “OctoberSeventh” Wiper targeting ESET customers in Israel

Internet Archive breached again through stolen access tokens   

End-to-End Encrypted Cloud Storage in the Wild A Broken Ecosystem  

CVE-2024-44068: Samsung m2m1shot_scaler0 device driver page use-after-free in Android  

Fortinet warns of new critical FortiManager flaw used in zero-day attacks

Investigating FortiManager Zero-Day Exploitation (CVE-2024-47575)  

Cisco Patches Vulnerability Exploited in Large-Scale Brute-Force Campaign 

Pwn2Own Ireland 2024: Day Three Results

An Update on Windows Downdate   

Threat Actors Are Exploiting Vulnerabilities Faster Than Ever  

Intelligence and Information Warfare 

“Hey ESET, Wait for the Leak”: Dissecting the “OctoberSeventh” Wiper targeting ESET customers in Israel  

The Crypto Game of Lazarus APT: Investors vs. Zero-days

Iranian hacker group aims at US election websites and media before vote, Microsoft says      

Burning Zero Days: FortiJump FortiManager vulnerability used by nation state in espionage via MSPs  

Amazon identified internet domains abused by APT29     

RDP configuration files as a means of obtaining remote access to a computer or “Rogue RDP” (CERT-UA#11690)

Joint Statement by FBI and CISA on PRC Activity Targeting Telecommunications

Chinese hackers targeted Trump and Vance’s phone data       

Cybersecurity

SEC Charges Four Companies With Misleading Cyber Disclosures   

Digital Echo Chambers and Erosion of Trust – Key Threats to the US Elections  

Apple will pay security researchers up to $1 million to hack its private AI cloud

The Global Surveillance Free-for-All in Mobile Ad Data  

Apple: Security research on Private Cloud Compute

How the ransomware attack at Change Healthcare went down: A timeline  

Irish Data Protection Commission fines LinkedIn Ireland €310 million  

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)







Source link