A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. U.S. CISA adds Draytek VigorConnect and Kingsoft WPS Office bugs to its Known Exploited Vulnerabilities catalog A flaw […] A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. U.S. CISA adds Draytek VigorConnect and Kingsoft WPS Office bugs to its Known Exploited Vulnerabilities catalogA flaw in WordPress LiteSpeed Cache Plugin allows account takeoverCar rental company Avis discloses a data breachSonicWall warns that SonicOS bug exploited in attacksApache fixed a new remote code execution flaw in Apache OFBizRussia-linked GRU Unit 29155 targeted critical infrastructure globallyVeeam fixed a critical flaw in Veeam Backup & Replication softwareEarth Lusca adds multiplatform malware KTLVdoor to its arsenalIs Russian group APT28 behind the cyber attack on the German air traffic control agency (DFS)?Quishing, an insidious threat to electric car ownersGoogle fixed actively exploited Android flaw CVE-2024-32896Discontinued D-Link DIR-846 routers are affected by code execution flaws. Replace them!Head Mare hacktivist group targets Russia and BelarusZyxel fixed critical OS command injection flaw in multiple routersVMware fixed a code execution flaw in Fusion hypervisorU.S. oil giant Halliburton disclosed a data breachVulnerabilities in Microsoft apps for macOS allow stealing permissionsThree men plead guilty to running MFA bypass service OTP.AgencyTransport for London (TfL) is dealing with an ongoing cyberattackLockbit gang claims the attack on the Toronto District School Board (TDSB)A new variant of Cicada ransomware targets VMware ESXi systemsAn air transport security system flaw allowed to bypass airport security screenings International Press Newsletter Cybercrime Cambodian scam giant handled $49 billion in crypto transactions since 2021, researchers say Toronto school board confirms students’ info stolen as LockBit claims breach Owners of 1-Time Passcode Theft Service Plead Guilty Spoofed GlobalProtect Used to Deliver Unique WikiLoader Variant Exclusive: LockBit 3.0 appears to be duplicating old listings as Design Intoto named a second time Malla: Demystifying Real-world Large Language Model Integrated Malicious Services EXPOSED: OnlyFans Hack Gone Wrong How Cyber Criminals Turn into Victims Overnight Planned Parenthood confirms cyberattack as RansomHub claims breach Russian authorities able to identify train saboteur from anonymous Telegram account Malware BlackSuit Ransomware Year-Long Campaign of Malicious npm Packages Targeting Roblox Users Rocinante: The trojan horse that wanted to fly Earth Lusca Uses KTLVdoor Backdoor for Multiplatform Intrusion FBI: Play ransomware gang has attacked 300 orgs since 2022 New Android SpyAgent Campaign Steals Crypto Credentials via Image Recognition Hacking Bypassing airport security via SQL injection Dragon Hactivists on Prowl Hiding in plain sight: Techniques and defenses against `/proc` filesystem manipulation in Linux How multiple vulnerabilities in Microsoft apps for macOS pave the way to stealing permissions Learning Rust for fun and backdoo-rs Head Mare: adventures of a unicorn in Russia and Belarus Earth Lusca Uses KTLVdoor Backdoor for Multiplatform Intrusion Windows Wi-Fi Driver RCE Vulnerability CVE-2024-30078 Advanced forensic techniques for recovering hidden data in wearable devices Recent SonicWall Firewall Vulnerability Potentially Exploited in the Wild Threat Actors Exploit GeoServer Vulnerability CVE-2024-36401 Intelligence and Information Warfare The Geopolitics of Cyber Espionage Goes Far Beyond Sensitive Information Theft Social Media as an Intelligence Tool for Information Warfare NATO Wants to Boost Its Undersea Defenses German air traffic control was attacked by pro-Russian hackers Russian Military Cyber Actors Target US and Global Critical Infrastructure NSA’s China-focused ‘innovation pipeline’ targets economic imbalances US cracks down on Russian disinformation before 2024 election BlindEagle Targets Colombian Insurance Sector with BlotchyQuasar Chinese APT Abuses VSCode to Target Government in Asia With charges and sanctions, US takes aim at Russian disinformation ahead of November election North Korea Aggressively Targeting Crypto Industry with Well-Disguised Social Engineering Attacks Cybersecurity A concrete example of ES|QL and SOC detection rules TfL faces ‘ongoing cyber security incident’ What is the future of cross-border data flows? Managing Cybersecurity in the Age of Artificial Intelligence Clearview AI Faces 30.5M Fine for Building Illegal Facial Recognition Database X is hiring staff for security and safety after two years of layoffs Critical Account Takeover Vulnerability Patched in LiteSpeed Cache Plugin A scientific approach to eavesdropping via HDMI Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini (SecurityAffairs hacking, newsletter)
Published: 2024-09-08T11:58:29