A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box.

If you want to also receive for free the newsletter with the international press subscribe here.

T-Mobile confirms Lapsus$ had access its systemsAre you using Java 15/16/17 or 18 in production? Patch them now!Phishing attacks using the topic “Azovstal” targets entities in UkraineConti ransomware claims responsibility for the attack on Costa RicaCyber Insurance and the Changing Global Risk EnvironmentA stored XSS flaw in RainLoop allows stealing users’ emailsQNAP firmware updates fix Apache HTTP vulnerabilities in its NASPwn2Own Miami hacking contest awarded $400,000 for 26 unique ICS exploitsLemon_Duck cryptomining botnet targets Docker serversCritical bug in decoder used by popular chipsets exposes 2/3 of AndroidCybercriminals Deliver IRS Tax Scams & Phishing Campaigns By Mimicking Government VendorsStatic SSH host key in Cisco Umbrella allows stealing admin credentialsCVE-2022-20685 flaw in the Modbus preprocessor of the Snort makes it unusableUS, Australia, Canada, New Zealand, and the UK warn of Russia-linked threat actors’ attacksRussian Gamaredon APT continues to target UkraineAnonymous hacked other Russian organizations, some of the breaches could be severeCISA adds Windows Print Spooler to its Known Exploited Vulnerabilities CatalogNew BotenaGo variant specifically targets Lilin security camera DVR devicesQNAP users are recommended to disable UPnP port forwarding on routersESET warns of three flaws that affect over 100 Lenovo notebook modelsKaspersky releases a free decryptor for Yanluowang ransomwareNSO Group Pegasus spyware leverages new zero-click iPhone exploit in recent attacksNew SolarMarker variant upgrades evasion abilities to avoid detectionCrooks steal $182 million from Beanstalk DeFi platformExperts spotted Industrial Spy, a new stolen data marketplaceCISA adds VMware, Chrome flaws to its Known Exploited Vulnerabilities CatalogApr 10 – Apr 16 Ukraine – Russia the silent cyber conflictEnemybot, a new DDoS botnet appears in the threat landscapeStolen OAuth tokens used to download data from dozens of organizations, GitHub warnsPlease vote for Security Affairs as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERSVote for me in the sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog” and others of your choice.To nominate, please visit: https://docs.google.com/forms/d/e/1FAIpQLSfxxrxICiMZ9QM9iiPuMQIC-IoM-NpQMOsFZnJXrBQRYJGCOw/viewform  

Follow me on Twitter: @securityaffairs and Facebook

try {
window._mNHandle.queue.push(function (){
window._mNDetails.loadTag(“816788371”, “300×250”, “816788371”);
});
}
catch (error) {}

try {
window._mNHandle.queue.push(function (){
window._mNDetails.loadTag(“816788371”, “300×250”, “816788371”);
});
}
catch (error) {}
Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)

The post Security Affairs newsletter Round 362 by Pierluigi Paganini appeared first on Security Affairs.