Today's Core Dump is brought to you by ThreatPerspective

Security Affairs

Security Affairs newsletter Round 495 by Pierluigi Paganini INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Chinese cyber spies targeted phones used by Trump and Vance Irish Data Protection Commission fined LinkedIn 310M for […] A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Chinese cyber spies targeted phones used by Trump and VanceIrish Data Protection Commission fined LinkedIn 310M for GDPR infringementChange Healthcare data breach impacted over 100 million peopleOnePoint Patient Care data breach impacted 795916 individualsFrom Risk Assessment to Action: Improving Your DLP ResponseU.S. CISA adds Cisco ASA and FTD, and RoundCube Webmail bugs to its Known Exploited Vulnerabilities catalogPwn2Own Ireland 2024 Day 2: participants demonstrated an exploit against Samsung Galaxy S24Cisco fixed tens of vulnerabilities, including an actively exploited oneFortiJump flaw CVE-2024-47575 has been exploited in zero-day attacks since June 2024U.S. CISA adds Fortinet FortiManager flaw to its Known Exploited Vulnerabilities catalogDigital Echo Chambers and Erosion of Trust – Key Threats to the US ElectionsU.S. CISA adds Microsoft SharePoint flaw to its Known Exploited Vulnerabilities catalogCrooks are targeting Docker API servers to deploy SRBMinerWhy DSPM is Essential for Achieving Data Privacy in 2024SEC fined 4 companies for misleading disclosures about the impact of the SolarWinds attackSamsung zero-day flaw actively exploited in the wildExperts warn of a new wave of Bumblebee malware attacksU.S. CISA adds ScienceLogic SL1 flaw to its Known Exploited Vulnerabilities catalogVMware failed to fully address vCenter Server RCE flaw CVE-2024-38812Cisco states that data published on cybercrime forum was taken from public-facing DevHub environmentInternet Archive was breached twice in a monthUnknown threat actors exploit Roundcube Webmail flaw in phishing campaignF5 fixed a high-severity elevation of privilege vulnerability in BIG-IP International Press Newsletter Cybercrime   Cisco Confirms Security Incident After Hacker Offers to Sell Data Using gRPC and HTTP/2 for Cryptominer Deployment: An Unconventional Approach Threat actor abuses Gophish to deliver new PowerRAT and DCRAT Researchers link Polyfill supply chain attack to huge network of copycat gambling sites Fake LockBit, Real Damage: Ransomware Samples Abuse AWS S3 to Steal Data  Illicit Uses for Deepfake Technology Largest Retail Breach in History: 350 Million “Hot Topic” Customers’ Personal & Payment Data Exposed As a Result of Infostealer Infection           Landmark, an administrator for insurance firms, says 800,000 affected by data breach Voice-enabled AI agents can automate everything, even your phone scams UnitedHealth says Change Healthcare hack affects over 100 million, the largest-ever US healthcare data breach   Four REvil Ransomware Members Sentenced in Rare Russian Cybercrime Convictions Malware New Bumblebee Loader Infection Chain Signals Possible Resurgence    Threat Actors Push ClickFix Fake Browser Updates Using Stolen Credentials   ReliaQuest Uncovers New Black Basta Social Engineering Technique   Unmasking Lumma Stealer: Analyzing Deceptive Tactics with Fake CAPTCHA   TeamTNT’s Docker Gatling Gun Campaign From cyber attacks to sabotage: How Israel’s covert operations are targeting Iran’s vital assets   Hacking Fake attachment. Roundcube mail server attacks exploit CVE-2024-37383 vulnerability    “Hey ESET, Wait for the Leak”: Dissecting the “OctoberSeventh” Wiper targeting ESET customers in Israel Internet Archive breached again through stolen access tokens    End-to-End Encrypted Cloud Storage in the Wild A Broken Ecosystem   CVE-2024-44068: Samsung m2m1shot_scaler0 device driver page use-after-free in Android   Fortinet warns of new critical FortiManager flaw used in zero-day attacks Investigating FortiManager Zero-Day Exploitation (CVE-2024-47575)   Cisco Patches Vulnerability Exploited in Large-Scale Brute-Force Campaign  Pwn2Own Ireland 2024: Day Three Results An Update on Windows Downdate    Threat Actors Are Exploiting Vulnerabilities Faster Than Ever   Intelligence and Information Warfare  “Hey ESET, Wait for the Leak”: Dissecting the “OctoberSeventh” Wiper targeting ESET customers in Israel   The Crypto Game of Lazarus APT: Investors vs. Zero-days Iranian hacker group aims at US election websites and media before vote, Microsoft says       Burning Zero Days: FortiJump FortiManager vulnerability used by nation state in espionage via MSPs   Amazon identified internet domains abused by APT29      RDP configuration files as a means of obtaining remote access to a computer or “Rogue RDP” (CERT-UA#11690) Joint Statement by FBI and CISA on PRC Activity Targeting Telecommunications Chinese hackers targeted Trump and Vance’s phone data        Cybersecurity SEC Charges Four Companies With Misleading Cyber Disclosures    Digital Echo Chambers and Erosion of Trust – Key Threats to the US Elections   Apple will pay security researchers up to $1 million to hack its private AI cloud The Global Surveillance Free-for-All in Mobile Ad Data   Apple: Security research on Private Cloud Compute How the ransomware attack at Change Healthcare went down: A timeline   Irish Data Protection Commission fines LinkedIn Ireland 310 million   Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini (SecurityAffairs   hacking, newsletter)

Published: 2024-10-27T13:30:09











© Segmentation Fault . All rights reserved.

Privacy | Terms of Use | Contact Us