A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. More than 16,000 Ivanti VPN gateways still vulnerable to RCE CVE-2024-21894 Cisco warns of XSS flaw […

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

More than 16,000 Ivanti VPN gateways still vulnerable to RCE CVE-2024-21894

Cisco warns of XSS flaw in end-of-life small business routers

Magento flaw exploited to deploy persistent backdoor hidden in XML

Cyberattack disrupted services at Omni Hotels & Resorts

HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks

US cancer center City of Hope: data breach impacted 827149 individuals

Ivanti fixed for 4 new issues in Connect Secure and Policy Secure

Jackson County, Missouri, discloses a ransomware attack

Google addressed another Chrome zero-day exploited at Pwn2Own in March

The New Version of JsOutProx is Attacking Financial Institutions in APAC and MENA via Gitlab Abuse

Google fixed two actively exploited Pixel vulnerabilities

Highly sensitive files mysteriously disappeared from EUROPOL headquarters

XSS flaw in WordPress WP-Members Plugin can lead to script injection

Binarly released the free online scanner to detect the CVE-2024-3094 Backdoor

Google agreed to erase billions of browser records to settle a class action lawsuit

PandaBuy data breach allegedly impacted over 1.3 million customers

OWASP discloses a data breach

New Vultur malware version includes enhanced remote control and evasion capabilities

Pentagon established the Office of the Assistant Secretary of Defense for Cyber Policy

Info stealer attacks target macOS users

DinodasRAT Linux variant targets users worldwide

AT&T confirmed that a data breach impacted 73 million customers

Cybercrime    

Serious security breach hits EU police agency  
Jackson County in state of emergency after ransomware attack

‘The Manipulaters’ Improve Phishing, Still Fail at Opsec

US Cancer Center Data Breach Impacting 800,000  

Malware

DinodasRAT Linux implant targeting entities worldwide 

Infostealers continue to pose threat to macOS users

Android Malware Vultur Expands Its Wingspan 

The New Version Of JsOutProx Is Attacking Financial Institutions In APAC And MENA Via GitLab Abuse 

Persistent Magento backdoor hidden in XML 

Hacking 

Inside the failed attempt to backdoor SSH globally — that got caught by chance  

XZ Utils Supply Chain Puzzle: Binarly Ships Free Scanner for CVE-2024-3094 Backdoor  

Inside the failed attempt to backdoor SSH globally — that got caught by chance  

A stealth attack came close to compromising the world’s computers  

HTTP/2 CONTINUATION frames can be utilized for DoS attacks  

Command Injection and Backdoor Account in D-Link NAS Devices  

Intelligence and Information Warfare 

Establishment of the Office of the Assistant Secretary of Defense for Cyber Policy  

Government board pins China hack on Microsoft’s ‘inadequate’ cybersecurity strategies  

How Soccer’s 2022 World Cup in Qatar Was Nearly Hacked  

Wirecard fugitive helped run Russian spy operations across Europe

Ukraine gives award to foreign vigilantes for hacks on Russia     

Cybersecurity          

Skills shortage and unpatched systems soar to high-ranking 2030 cyber threats  

OWASP Data Breach Notification  

Google to delete billions of browser records to settle ‘Incognito’ lawsuit  

Unauthenticated Stored Cross-Site Scripting Vulnerability Patched in WP-Members Membership Plugin – $500 Bounty Awarded   

The Mystery of ‘Jia Tan,’ the XZ Backdoor Mastermind  

Ivanti-linked breach of CISA potentially affected more than 100,000 individuals  

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)

Source: SecurityAffairs
Source Link: https://securityaffairs.com/161558/breaking-news/security-affairs-newsletter-round-466-by-pierluigi-paganini-international-edition.html