Security Affairs Newsletter

 "Security Affairs Newsletter Round 481 by Pierluigi Paganini-International Edition."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 21 July 2024, 2225 UTC.

Content and Source:  https://securityaffairs.com.

Please check link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

Security Affairs

65K followers23 articles per week#security#tech

20

MOST POPULAR

Security Affairs newsletter Round 481 by Pierluigi Paganini – INTERNATIONAL EDITION

by Pierluigi Paganini / 9h

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Threat actors attempted to capitalize CrowdStrike incident Russian nationals plead guilty to participating in the LockBit ransomware group MediSecure data

Security Affairs Malware Newsletter – Round 3

by Pierluigi Paganini / 8h

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Hardening of HardBit 10,000 Victims a Day: Infostealer Garden of Low-Hanging Fruit This Meeting Should Have Been an Email Ransomware Detection Model Based on Adaptive Graph Neural Network Learning SEXi ransomware rebrands to APT INC, continues VMware ESXi attacks

CrowdStrike update epic fail crashed Windows systems worldwide

Global technology outage disrupts services

•

29by Pierluigi Paganini / 2d

Windows machines worldwide displayed BSoD screen following a faulty update pushed out by cybersecurity firm CrowdStrike. A faulty update released by CrowdStrike Falcon is causing Windows systems to display a BSoD screen. The incident is causing widespread global disruptions, impacting critical infrastructure such as airports, hospitals, and TV stations. The company confirmed that the incident was

YESTERDAY

U.S. CISA adds Adobe Commerce and Magento, SolarWinds Serv-U, and VMware vCenter Server bugs to its Known Exploited Vulnerabilities catalog

2 TTPs

•

by Pierluigi Paganini / 13h

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Adobe Commerce and Magento, SolarWinds Serv-U, and VMware vCenter Server bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog : CVE-2024-34102 Adobe Commerce and Magento Open Sour

Threat actors attempted to capitalize CrowdStrike incident

9 TTPs

•

by Pierluigi Paganini / 1d

CrowdStrike warns that threat actors are exploiting the recent IT outage caused by their faulty update to distribute Remcos RAT malware. CrowdStrike spotted threat actors attempting to benefit from the recent IT outage caused by the faulty update of the cybersecurity firm to distribute Remcos RAT malware. The threat actors attempted to distribute the Remcos RAT to the customers of the cybersecuri

JUL 19, 2024

Russian nationals plead guilty to participating in the LockBit ransomware group

4 TTPs

•

by Pierluigi Paganini / 1d

•

Two Russian and foreign nationals plead guilty in

Two Russian nationals pleaded guilty to participating in the LockBit ransomware group and carrying out attacks against victims worldwide. Two foreign nationals, Ruslan Magomedovich Astamirov and Mikhail Vasiliev, pleaded guilty in Newark federal court for their roles in the LockBit ransomware operation. The LockBit ransomware operation has been active since January 2020, the group hit over 2,500

MediSecure data breach impacted 12.9 million individuals

by Pierluigi Paganini / 2d

Personal and health information of 12.9 million individuals was exposed in a ransomware attack on Australian digital prescription services provider MediSecure. MediSecure is a company that provides digital health solutions, particularly focusing on secure electronic prescription delivery services in Australia. In May, the company was forced to shut down its website and phone lines following a cyb

JUL 18, 2024

Cisco fixed a critical flaw in Security Email Gateway that could allow attackers to add root users

4 TTPs

•

by Pierluigi Paganini / 2d

Cisco has addressed a critical vulnerability that could allow attackers to add new root users to Security Email Gateway (SEG) appliances. Cisco fixed a critical vulnerability, tracked as CVE-2024-20401 (CVSS score 9.8), that could allow unauthenticated, remote attackers to add new users with root privileges and permanently crash Security Email Gateway (SEG) appliances. The flaw resides in the con

SAPwned flaws in SAP AI core could expose customers’ data

3 TTPs

•

by Pierluigi Paganini / 3d

Researchers discovered security flaws in SAP AI Core cloud-based platform that could expose customers’ data. Cybersecurity researchers at Wiz uncovered five security flaws, collectively tracked as SAPwned, in the SAP AI Core cloud-based platform. An attacker can exploit the flaws to obtain access tokens and customer data. SAP AI Core, developed by SAP, is a cloud-based platform providing the esse

Cybercrime group FIN7 advertises new EDR bypass tool on hacking forums

IoC > 1 domain

•

21by Pierluigi Paganini / 3d

•

8 TTPs

The cybercrime group FIN7 is advertising a security evasion tool in multiple underground forums, cybersecurity company SentinelOne warns. SentinelOne researchers warn that the financially motivated group FIN7 is using multiple pseudonyms to advertise a security evasion tool in several criminal underground forums. FIN7 developed a tool called AvNeutralizer (also known as AuKill) that can bypass se

JUL 17, 2024

How to Protect Privacy and Build Secure AI Products

by Pierluigi Paganini / 3d

AI systems are transforming technology and driving innovation across industries. How to protect privacy and build secure AI products? AI systems are transforming technology and driving innovation across industries. However, their unpredictability raises significant concerns about data security and privacy. Developers struggle to ensure the integrity and reliability of AI models amid these uncert

A critical flaw in Cisco SSM On-Prem allows attackers to change any user’s password

Account Manipulation (Enterprise T1098)

•

20by Pierluigi Paganini / 3d

•

CVE-2024-20419

A vulnerability in Cisco Smart Software Manager On-Prem (Cisco SSM On-Prem) license servers allows threat actors to change any user’s password. Cisco has addressed a critical vulnerability, tracked as CVE-2024-20419 (CVSS score of 10.0), in Cisco Smart Software Manager On-Prem (Cisco SSM On-Prem) license servers that allows attackers to change any user’s password. The issue is due to an improper

MarineMax data breach impacted over 123,000 individuals

MarineMax data breach affects 123

•

20by Pierluigi Paganini / 4d

The world’s largest recreational boat and yacht retailer MarineMax, disclosed a data breach following a cyber attack. The world’s largest recreational boat and yacht retailer MarineMax disclosed a data breach that impacted over 123,000 individuals. In March, the company suffered a cyber attack, and the Rhysida ransomware gang claimed to have stolen company sensitive data. The company sells new an

Void Banshee exploits CVE-2024-38112 zero-day to spread malware

10 TTPs

•

by Pierluigi Paganini / 4d

•

CVE-2024-38112

Void Banshee APT group exploited the Windows zero-day CVE-2024-38112 to execute code via the disabled Internet Explorer. An APT group tracked as Void Banshee was spotted exploiting the Windows zero-day CVE-2024-38112 (CVSS score of 7.5) to execute code through the disabled Internet Explorer. The vulnerability is a Windows MSHTML Platform Spoofing Vulnerability. Successful exploitation of this vul

JUL 16, 2024

The Octo Tempest group adds RansomHub and Qilin ransomware to its arsenal

Persistence (Enterprise TA0003)

•

by Pierluigi Paganini / 4d

•

Microsoft links Scattered Spider hackers

Microsoft said that in Q2 2024, the Octo Tempest cybercrime gang added RansomHub and Qilin ransomware to its arsenal. In the second quarter of 2024, financially motivated threat actor Octo Tempest (aka Scattered Spider , UNC3944 , and 0ktapus ), added RansomHub and Qilin ransomware to its arsenal and used them in its campaigns. Octo Tempest has been active since early 2022, it made the headlines

CISA adds OSGeo GeoServer GeoTools bug to its Known Exploited Vulnerabilities catalog

Execution (Enterprise TA0002)

•

21by Pierluigi Paganini / 5d

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds an OSGeo GeoServer GeoTools bug to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an OSGeo GeoServer GeoTools eval injection vulnerability, tracked as CVE-2024-36401 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog . GeoServer is an open-s

JUL 15, 2024

Kaspersky leaves U.S. market following the ban on the sale of its software in the country

by Pierluigi Paganini / 5d

Kaspersky is leaving the U.S. market following the recent ban on the sales of its software imposed by the Commerce Department. Russian cybersecurity firm Kaspersky announced its exit from the U.S. market following the ban on the sale of its software in the country by the Commerce Department. In June, the Biden administration announced it will ban the sale of Kaspersky antivirus software due to th

FBI unlocked the phone of the suspect in the assassination attempt on Donald Trump

by Pierluigi Paganini / 5d

The FBI gained access to the password-protected phone of the suspect in the assassination attempt on Donald Trump. The independent website 404 Media first reported that the FBI had successfully accessed the password-protected phone of Thomas Matthew Crooks , the deceased suspect in the assassination attempt on Donald Trump. “FBI technical specialists successfully gained access to Thomas Matthew C

Ransomware groups target Veeam Backup & Replication bug

7 TTPs

•

28by Pierluigi Paganini / 6d

Multiple ransomware groups were spotted exploiting a vulnerability, tracked as CVE-2023-27532, in Veeam Backup & Replication. The vulnerability CVE-2023-275327 (CVSS score of 7.5) impacts the Veeam Backup & Replication component. An attacker can exploit the issue to obtain encrypted credentials stored in the configuration database, potentially leading to gaining access to the backup infrastructur

AT&T paid a $370,000 ransom to prevent stolen data from being leaked

AT&T paid hacker $370

•

by Pierluigi Paganini / 6d

Wired attributes the recently disclosed AT&T data breach to a hacker living in Turkey and reported the company paid a $370,000 ransom. An American hacker who lives in Turkey claimed responsibility for the recently disclosed AT&T data breach . The man also said the company paid a ransom to ensure that stolen data would be deleted, reported Wired . On Friday, the telco giant disclosed a new data br

END OF FEED