A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.
Over 3,000 Android Malware spotted using unsupported/unknown compression methods to avoid detectionWinRAR flaw enables remote code execution of arbitrary code#OpFukushima: Anonymous group protests against the plan to dump Fukushima RADIOACTIVE wastewater into PacificMassive phishing campaign targets users of the Zimbra Collaboration email serverAfrica Cyber Surge II law enforcement operation has led to the arrest of 14 suspectsBronze Starlight targets the Southeast Asian gambling sectorAPT29 is targeting Ministries of Foreign Affairs of NATO-aligned countriesA massive campaign delivered a proxy server application to 400,000 Windows systemsAlarming lack of cybersecurity practices on world’s most popular websitesExperts devise an exploit for Apple iOS 16 that relies on fake Airplane ModeCleaning Products manufacturer Clorox Company took some systems offline after a cyberattackCISA adds flaw in Citrix ShareFile to its Known Exploited Vulnerabilities catalogA massive phishing campaign using QR codes targets the energy sectorTwo unauthenticated stack buffer overflows found in Ivanti Avalanche EMMApproximately 2000 Citrix NetScaler servers were backdoored in a massive campaignCredentials for cybercrime forums found on roughly 120K computers infected with info stealersMonti Ransomware gang launched a new Linux encryptorHacking ATMs by exploiting flaws in ScrutisWeb ATM fleet softwareQwixxRAT, a new Windows RAT appears in the threat landscapeOngoing Xurum attacks target Magento 2 e-storesColorado HCPF Department notifies 4 million individuals after IBM MOVEit breachExperts found multiple flaws in AudioCodes desk phones and Zoom’s Zero Touch Provisioning (ZTP)Nine flaws in CyberPower and Dataprobe solutions expose data centers to hackingMultiple flaws in CODESYS V3 SDK could lead to RCE or DoSThe DHS’s CSRB to review cloud security practices following the hack of Microsoft Exchange govt email accountsCybercrime
100,000 Hackers Exposed from Top Cybercrime Forums
Major Energy Company Targeted in Large QR Code Campaign
Cybercrime: 14 arrests, thousands of illicit cyber networks disrupted in Africa operation
Mass-spreading campaign targeting Zimbra users
Cyber security researchers become target of criminal hackers
Diligere, Equity-Invest Are New Firms of U.K. Con Man
Malware
Unwanted Guests: Mitigating Remote Access Trojan Infection Risk
Monti Ransomware Unleashes a New Encryptor for Linux
Approximately 2000 Citrix NetScalers backdoored in mass-exploitation campaign
ProxyNation: The dark nexus between proxy apps and malware
Over 3,000 Android Malware Samples Using Multiple Techniques to Bypass Detection
Hacking
Multiple high severity vulnerabilities in CODESYS V3 SDK could lead to RCE or DoS
The Threat Lurking in Data Centers – Hack Power Management Systems, Take All the Power
Zero Touch Pwn: Abusing Zoom’s Zero Touch Provisioning for Remote Attacks on Desk Phones
Xurum: New Magento Campaign Discovered
Exploits Explained: Finding Flaws in an ATM Software Tool
Hackers attack Japan nuclear websites over Fukushima water plan
RARLAB WinRAR Recovery Volume Improper Validation of Array Index Remote Code Execution Vulnerability
This $70 device can spoof an Apple device and trick you into sharing your password
Intelligence and Information Warfare
North Korean Hackers Suspected in New Wave of Malicious npm Packages
German Embassy Lure: Likely Part of Campaign Against NATO Aligned Ministries of Foreign Affairs
Chinese Entanglement | DLL Hijacking in the Asian Gambling Sector
Cybersecurity
Navigating rising storm of maritime cyber threats, as cyber adversaries strike port systems and networks
India Passes New Digital Personal Data Protection Bill (DPDPB), Putting Users’ Privacy First
Indicators of Compromise Scanner for Citrix ADC Zero-Day (CVE-2023-3519)
LinkedIn hack: You need to check your LinkedIn account
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, newsletter)
The post Security Affairs newsletter Round 433 by Pierluigi Paganini – International edition appeared first on Security Affairs.