A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

New York Times source code compromised via exposed GitHub token

SolarWinds fixed multiple flaws in Serv-U and SolarWinds Platform

Pandabuy was extorted twice by the same threat actor

UAC-0020 threat actor used the SPECTR Malware to target Ukraine’s defense forces

Chinese threat actor exploits old ThinkPHP flaws since October 2023

A new Linux version of TargetCompany ransomware targets VMware ESXi environments

FBI obtained 7,000 LockBit decryption keys, victims should contact the feds to get support

RansomHub operation is a rebranded version of the Knight RaaS

Malware can steal data collected by the Windows Recall tool, experts warn

Cisco addressed Webex flaws used to compromise German government meetings

Zyxel addressed three RCEs in end-of-life NAS devices

A ransomware attack on Synnovis impacted several London hospitals

RansomHub gang claims the hack of the telecommunications giant Frontier Communications

Cybercriminals attack banking customers in EU with V3B phishing kit – PhotoTAN and SmartID supported.

Experts released PoC exploit code for a critical bug in Progress Telerik Report Servers

Multiple flaws in Cox modems could have impacted millions of devices

CISA adds Oracle WebLogic Server flaw to its Known Exploited Vulnerabilities catalog

Spanish police shut down illegal TV streaming network

APT28 targets key networks in Europe with HeadLace malware

Experts found information of European politicians on the dark web

FlyingYeti targets Ukraine using WinRAR exploit to deliver COOKBOX Malware

International Press – Newsletter

Cybercrime  

Cybercriminals Attack Banking Customers In EU With V3B Phishing Kit      

The National Police dismantles a network that obtained more than 5,300,000 euros through the illicit distribution of audiovisual content        

London hospital services impacted by ransomware incident  

Snowflake Data Breach Impacts Ticketmaster, Other Organizations

New York Times source code stolen using exposed GitHub token

Malware

Russian Power Companies, IT Firms, and Govt Agencies Hit by Decoy Dog Trojan

RansomHub: New Ransomware has Origins in Older Knight

FBI recovers 7,000 LockBit keys, urges ransomware victims to reach out   

TargetCompany’s Linux Variant Targets ESXi Environments  

UAC-0020 (Vermin) attacks the Defense Forces of Ukraine using the SPECTR WPS in tandem with a legitimate SyncThing (“SickSync” campaign)   

Hacking 

Snowflake at centre of world’s largest data breach 

Hacking Millions of Modems (and Investigating Who Hacked My Modem)  

Molding Lies Into Reality || Exploiting CVE-2024-4358  

Five new vulnerabilities found in Zyxel NAS devices (including code execution and privilege escalation)

A Zero Day TikTok Hack Is Taking Over Celebrity And Brand Accounts    

Stealing everything you’ve ever typed or viewed on your own Windows PC is now possible with two lines of code — inside the Copilot+ Recall disaster      

2024: Old CVEs, New Targets — Active Exploitation of ThinkPHP  

Intelligence and Information Warfare 

Video Games Might Matter for Terrorist Financing  

Disrupting FlyingYeti’s campaign targeting Ukraine

GRU’s BlueDelta Targets Key Networks in Europe with Multi-Phase Espionage Campaigns      

Revealed: Russian legal foundation linked to Kremlin activities in Europe  

NSA chief says China readying destructive cyberattacks on critical infrastructure  

How Russia is trying to disrupt the 2024 Paris Olympic Games  

Cybersecurity  

Generative AI is expected to magnify the risk of deepfakes and other fraud in banking  

Cyber house of cards – Politicians’ personal details exposed online

Preventing and Waging War in the AI–CYBER Era

Google Leak Reveals Thousands of Privacy Incidents    

Coast Guard To Empower Maritime Cybersecurity  

361 million stolen accounts leaked on Telegram added to HIBP

Cisco Patches Webex Bugs Following Exposure of German Government Meetings

How to Opt Out of Instagram and Facebook Using Your Posts for AI        

How to spot a deepfake: the maker of a detection tool shares the key giveaways  

Pierluigi Paganini

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

(SecurityAffairs – hacking, newsletter)

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Ticketmaster confirms data breach impacting 560 million customers

Critical Apache Log4j2 flaw still threatens global finance

Crooks stole more than $300M worth of Bitcoin from the exchange DMM Bitcoin

ShinyHunters is selling data of 30 million Santander customers

Over 600,000 SOHO routers were destroyed by Chalubo malware in 72 hours

LilacSquid APT targeted organizations in the U.S., Europe, and Asia since at least 2021

BBC disclosed a data breach impacting its Pension Scheme members

CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog

Experts found a macOS version of the sophisticated LightSpy spyware

Operation Endgame, the largest law enforcement operation ever against botnets

Law enforcement operation dismantled 911 S5 botnet

Okta warns of credential stuffing attacks targeting its Cross-Origin Authentication feature Check Point released hotfix for actively exploited VPN zero-day

BreachForums resurrected after FBI seizure

ABN Amro discloses data breach following an attack on a third-party provider

Christie disclosed a data breach after a RansomHub attack

Experts released PoC exploit code for RCE in Fortinet SIEM

WordPress Plugin abused to install e-skimmers in e-commerce sites

TP-Link Archer C5400X gaming router is affected by a critical flaw

Sav-Rx data breach impacted over 2.8 million individuals

The Impact of Remote Work and Cloud Migrations on Security Perimeters

New ATM Malware family emerged in the threat landscape

A high-severity vulnerability affects Cisco Firepower Management Center

CERT-UA warns of malware campaign conducted by threat actor UAC-0006

Malware-laced JAVS Viewer deploys RustDoor implant in supply chain attack

International Press – Newsletter

Cybercrime  

Into the Lion’s Den Inside the Growing Risk of Gift Card Fraud  

Phishing with Cloudflare Workers: Transparent Phishing and HTML Smuggling  

Christie’s Confirms Data Breach After Ransomware Group Claims Attack  

Breach Forums Return to Clearnet and Dark Web Despite FBI Seizure

Treasury Sanctions a Cybercrime Network Associated with the 911 S5 Botnet  

911 S5 Botnet Dismantled and Its Administrator Arrested in Coordinated International Operation  

Largest ever operation against botnets hits dropper malware ecosystem   

Hackers steal $305M from DMM Bitcoin crypto exchange 

Ticketmaster confirms data hack which could affect 560m globally

How a Nigerian influencer, North Korean hacker and Canadian scammer committed fraud worldwide        

Malware

New ATM Malware Threatens European Banking Security   

Server Side Credit Card Skimmer Lodged in Obscure Plugin   

LightSpy: Implant for macOS  

The Pumpkin Eclipse  

Hacking 

Remote Command Execution on TP-Link Archer C5400X 

CVE-2024-23108: Fortinet FortiSIEM 2nd Order Command Injection Deep-Dive   

Important Security Update – Stay Protected Against VPN Information Disclosure (CVE-2024-24919)

Detecting Cross-Origin Authentication Credential Stuffing Attacks     

Recent ‘MFA Bombing’ Attacks Targeting Apple Users

Intelligence and Information Warfare 

NATO holds first meeting of Critical Undersea Infrastructure Network  

CERT-UA warns: Ukrainian finances targeted with SmokeLoader malware  

How the DOJ is using a Civil War-era law to enforce corporate cybersecurity  

LilacSquid: The stealthy trilogy of PurpleInk, InkBox and InkLoader  

GRU’s BlueDelta Targets Key Networks in Europe with Multi-Phase Espionage Campaigns  

OpenAI models used in nation-state influence campaigns, company says  

Cybersecurity  

Stop Using “SLA” When Discussing Vulnerabilities  

How to Identify and Remove VPN Applications That Contain 911 S5 Back Doors  

Multiple botnets dismantled in largest international ransomware operation ever  

HUGE Google Search document leak reveals inner workings of ranking algorithm       

NIST Getting Outside Help for National Vulnerability Database

Cybersecurity Education Maturity Assessment  

‘It’s putting patients’ lives in danger’: Nurses say ransomware attack is stressing hospital operations   

Could the Next War Begin in Cyberspace?   

OpenAI’s Altman Sidesteps Questions About Governance, Johansson at UN AI Summit

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)