{"id":167519,"date":"2024-08-25T07:19:45","date_gmt":"2024-08-25T07:19:45","guid":{"rendered":"https:\/\/securityaffairs.com\/?p=167519"},"modified":"2024-08-25T07:19:47","modified_gmt":"2024-08-25T07:19:47","slug":"security-affairs-newsletter-round-486-by-pierluigi-paganini-international-edition","status":"publish","type":"post","link":"https:\/\/securityaffairs.com\/167519\/breaking-news\/security-affairs-newsletter-round-486-by-pierluigi-paganini-international-edition.html","title":{"rendered":"Security Affairs newsletter Round 486 by Pierluigi Paganini \u2013 INTERNATIONAL EDITION"},"content":{"rendered":"
<\/div>\n

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box.<\/h2>\n\n\n\n

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.<\/p>\n\n\n\n

Hackers can take over Ecovacs home robots to spy on their owners<\/a><\/td><\/tr>
Russian national arrested in Argentina for laundering money of crooks and Lazarus APT<\/a><\/td><\/tr>
Qilin ransomware steals credentials stored in Google Chrome<\/a><\/td><\/tr>
Phishing attacks target mobile users via progressive web applications (PWA)<\/a><\/td><\/tr>
New malware Cthulhu Stealer targets Apple macOS users<\/a><\/td><\/tr>
China-linked APT Velvet Ant exploited zero-day to compromise Cisco switches<\/a><\/td><\/tr>
A cyberattack hit US oil giant Halliburton<\/a><\/td><\/tr>
U.S. CISA adds Dahua IP Camera, Linux Kernel and Microsoft Exchange Server bugs to its Known Exploited Vulnerabilities catalog<\/a><\/td><\/tr>
SolarWinds fixed a hardcoded credential issue in Web Help Desk<\/a><\/td><\/tr>
A cyberattack disrupted operations of US chipmaker Microchip Technology<\/a><\/td><\/tr>
Google addressed the ninth actively exploited Chrome zero-day this year<\/a><\/td><\/tr>
GitHub fixed a new critical flaw in the GitHub Enterprise Server <\/a><\/td><\/tr>
Experts disclosed a critical information-disclosure flaw in Microsoft Copilot Studio<\/a><\/td><\/tr>
North Korea-linked APT used a new RAT called MoonPeak<\/a><\/td><\/tr>
Pro-Russia group Vermin targets Ukraine with a new malware family<\/a><\/td><\/tr>
A backdoor in millions of Shanghai Fudan Microelectronics RFID cards allows cloning<\/a><\/td><\/tr>
Ransomware payments rose from $449.1 million to $459.8 million<\/a><\/td><\/tr>
Previously unseen Msupedge backdoor targeted a university in Taiwan<\/a><\/td><\/tr>
Oracle NetSuite misconfiguration could lead to data exposure<\/a><\/td><\/tr>
Toyota disclosed a data breach after ZeroSevenGroup leaked stolen data on a cybercrime forum<\/a><\/td><\/tr>
CISA adds Jenkins Command Line Interface (CLI) bug to its Known Exploited Vulnerabilities catalog<\/a><\/td><\/tr>
Researchers uncovered new infrastructure linked to the cybercrime group FIN7<\/a>Hacking<\/a><\/td><\/tr>
From 2018: DeepMasterPrints: deceive fingerprint recognition systems with MasterPrints generated with GANs<\/a><\/td><\/tr>
Large-scale extortion campaign targets publicly accessible environment variable files (.env)<\/a><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n

International Press \u2013 Newsletter<\/strong><\/p>\n\n\n\n

Cybercrime<\/strong>  <\/p>\n\n\n\n

<\/a>The \u201cMad Liberator\u201d ransomware group leverages social-engineering moves to watch out for<\/a>  <\/p>\n\n\n\n

New U.N. Cybercrime Treaty Could Threaten Human Rights<\/a> <\/p>\n\n\n\n

FIN7: The Truth Doesn’t Need to be so STARK<\/a> <\/p>\n\n\n\n

2024 Crypto Crime Mid-year Update Part 1: Cybercrime Climbs as Exchange Thieves and Ransomware Attackers Grow Bolder<\/a>      <\/p>\n\n\n\n

Pulaski County Man Sentenced for Cyber Intrusion and Aggravated Identity Theft<\/a> <\/p>\n\n\n\n

Microchip Technology says operations disrupted by cyberattack<\/a> <\/p>\n\n\n\n

Member of Russian cybercrime group charged in Ohio<\/a>  <\/p>\n\n\n\n

Argentinian Authorities Arrest Russian National for Laundering the Crypto Proceeds of Illicit Activity<\/a> <\/p>\n\n\n\n

Hacker tried to dodge child support by breaking into registry to fake his death, prosecutors say<\/a>  <\/p>\n\n\n\n

Malware<\/strong><\/p>\n\n\n\n

Meet UULoader: An Emerging and Evasive Malicious Installer<\/a><\/p>\n\n\n\n

BlindEagle flying high in Latin America<\/a>  <\/p>\n\n\n\n

Finding Malware: Unveiling NUMOZYLOD with Google Security Operations<\/a>      <\/p>\n\n\n\n

NGate Android malware relays NFC traffic to steal cash<\/a>\u00a0\u00a0<\/p>\n\n\n\n

From the Depths: Analyzing the Cthulhu Stealer Malware for macOS<\/a>  <\/p>\n\n\n\n

PEAKLIGHT: Decoding the Stealthy Memory-Only Malware<\/a>\u00a0\u00a0<\/gwmw><\/p>\n\n\n\n

Qilin ransomware caught stealing credentials stored in Google Chrome<\/a>\u00a0\u00a0<\/p>\n\n\n\n

Hacking<\/strong><\/p>\n\n\n\n

MakeShift: Security Analysis of Shimano Di2 Wireless Gear Shifting in Bicycles<\/a><\/p>\n\n\n\n

Potential Widespread Data Exposure Analysis: Oracle NetSuite<\/a>  <\/p>\n\n\n\n

MIFARE Classic: exposing the static encrypted nonce variant… and a few hardware backdoors<\/a><\/p>\n\n\n\n

SSRFing the Web with the help of Copilot Studio<\/a>  <\/p>\n\n\n\n

$4,998 Bounty Awarded and 100,000 WordPress Sites Protected Against Unauthenticated Remote Code Execution Vulnerability Patched in GiveWP WordPress Plugin<\/a><\/p>\n\n\n\n

Phrack hacker zine publishes new edition after three years<\/a><\/p>\n\n\n\n

Google fixes ninth Chrome zero-day exploited in attacks this year<\/a><\/p>\n\n\n\n

Hackers now use AppDomain Injection to drop CobaltStrike beacons<\/a><\/p>\n\n\n\n

Ecovacs says it will fix bugs that can be abused to spy on robot owners<\/a>  <\/p>\n\n\n\n

Be careful what you pwish for \u2013 Phishing in PWA applications<\/a>  <\/p>\n\n\n\n

Intelligence and Information Warfare<\/strong> <\/p>\n\n\n\n

Disrupting a covert Iranian influence operation<\/a>  <\/p>\n\n\n\n

Safeguarding Digital Freedom: How a Gen Discovery Helped to Protect Windows Users Everywhere<\/a>   <\/p>\n\n\n\n

Best Laid Plans: TA453 Targets Religious Figure with Fake Podcast Invite Delivering New BlackSmith Malware Toolset<\/a><\/p>\n\n\n\n

Russia-linked Vermin hackers target Ukraine with new malware strain<\/a>  <\/p>\n\n\n\n

TodoSwift Disguises Malware Download Behind Bitcoin PDF<\/a>  <\/p>\n\n\n\n

MoonPeak malware from North Korean actors unveils new details on attacker infrastructure<\/a><\/p>\n\n\n\n

China-Nexus Threat Group \u2018Velvet Ant\u2019 Leverages a Zero-Day to Deploy Malware on Cisco Nexus Switches<\/a>  <\/p>\n\n\n\n

From cybercrime to terrorism, FBI director says America faces many elevated threats \u2018all at once\u2019<\/a>  <\/p>\n\n\n\n

US government accuses Iran of Trump campaign hack; Iran scoffs<\/a>  <\/p>\n\n\n\n

Cybersecurity<\/strong><\/p>\n\n\n\n

Nvidia Sued for Scraping YouTube After 404 Media Investigation<\/a> <\/p>\n\n\n\n

The Rise of Techno-Colonialism<\/a>  <\/p>\n\n\n\n

Toyota confirms breach after stolen data leaks on hacking forum<\/a><\/p>\n\n\n\n

Researchers Have Ranked AI Models Based on Risk\u2014and Found a Wild Range<\/a>  <\/p>\n\n\n\n

Critical Privilege Escalation in LiteSpeed Cache Plugin Affecting 5+ Million Sites<\/a>  <\/p>\n\n\n\n

Memory corruption vulnerabilities in Suricata and FreeRDP<\/a>  <\/p>\n\n\n\n

Top US oilfield firm Halliburton hit by cyberattack, source says<\/a> <\/p>\n\n\n\n

Local Networks Go Global When Domain Names Collide<\/a>  <\/p>\n\n\n\n

The New Bioweapons<\/a>  <\/p>\n\n\n\n

Hack on North Miami Tests Ransom Payment Bans<\/a>  <\/p>\n\n\n\n

National Public Data Published Its Own Passwords<\/a><\/p>\n\n\n\n

Finding security flaws in Android ahead of malicious hackers<\/a>      <\/p>\n\n\n\n

Follow me on Twitter: @securityaffairs<\/strong><\/a> and Facebook<\/strong><\/a> and Mastodon<\/a><\/p>\n\n\n\n

Pierluigi Paganini<\/strong><\/a><\/p>\n\n\n\n

(<\/strong>SecurityAffairs<\/strong><\/a>\u00a0\u2013<\/strong>\u00a0hacking,\u00a0newsletter)<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Hackers can take over Ecovacs home robots to spy on their owners Russian national arrested in Argentina for […]<\/p>\n","protected":false},"author":1,"featured_media":35167,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[3323],"tags":[182,9508,9506,10918,30,3529,687,841,1533],"class_list":["post-167519","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-breaking-news","tag-data-breach","tag-hacking-news","tag-information-security-news","tag-it-information-security","tag-malware-2","tag-newsletter","tag-pierluigi-paganini","tag-security-affairs","tag-security-news"],"yoast_head":"\n杭州江阴科强工业胶带有限公司