A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Malicious npm packages target Ethereum developers US Treasury Department sanctioned Chinese cybersecurity firm linked to Flax Typhoon APT […

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Malicious npm packages target Ethereum developers

US Treasury Department sanctioned Chinese cybersecurity firm linked to Flax Typhoon APT

FireScam Android info-stealing malware supports spyware capabilities

Richmond University Medical Center data breach impacted 674,033 individuals

Apple will pay $95 Million to settle lawsuit over Siri’s alleged eavesdropping

LDAPNightmare, a PoC exploit targets Windows LDAP flaw CVE-2024-49113

Around 3.3 million POP3 and IMAP mail servers lack TLS encryption

A US soldier was arrested for leaking presidential call logs

DoubleClickjacking allows clickjacking on major websites

Russian media outlets Telegram channels blocked in European countries

Three Russian-German nationals charged with suspicion of secret service agent activity

Lumen reports that it has locked out the Salt Typhoon group from its network

Proposed updates to HIPAA Security Rule mandate to restore the loss of certain relevant electronic information systems and data within 72 hours

U.S. Treasury sanctions Russian and Iranian entities for interfering in the presidential election

Rhode Island ’s data from health benefits system leaked on the dark web

Hacking campaign compromised at least 16 Chrome browser extensions

China-linked actors hacked US Treasury Department

An X user claimed a 7-Zip zero-day vulnerability, but 7-Zip’s creator says is a fake

Cisco states that the second data leak is linked to the one from October

Threat actors attempt to exploit a flaw in Four-Faith routers

ZAGG disclosed a data breach that exposed its customers’ credit card data

China-linked APT Salt Typhoon breached a ninth U.S. telecommunications firm

International Press – Newsletter

Cybercrime  

Cyberhaven Chrome Extension Hack Linked to Widening Supply Chain Campaign

Rhode Islanders’ data was leaked from a cyberattack on state health benefits website  

US Army soldier who allegedly stole Trump’s AT&T call logs arrested  

Atos, contractor for French military and intelligence agencies, dismisses ransomware attack claims

Malware

Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts  

The Mac Malware of 2024 

Inside FireScam : An Information Stealer with Spyware Capabilities

Malicious npm Campaign Targets Ethereum Developers with Fake Hardhat Packages

Hacking

How to Hack a Drone

Four-Faith Industrial Router CVE-2024-12856 Exploited in the Wild

Former NSA cyberspy’s not-so-secret hobby: Hacking Christmas lights      

On the sixth day of Christmas, an X account gave to me: a fake 7-Zip ACE

Cyberhaven Extension Compromise

Cyberhaven’s preliminary analysis of the recent malicious Chrome extension

DoubleClickjacking: A New Era of UI Redressing          

LDAPNightmare: SafeBreach Labs Publishes First Proof-of-Concept Exploit for CVE-2024-49113  

Intelligence and Information Warfare 

US Plans More Actions Against China Over Telecom Hack  

China Hacked Treasury Dept. in ‘Major’ Breach, U.S. Says

US telco Lumen says its network is now clear of China’s Salt Typhoon hackers

Three Russian-German Nationals Charged with Espionage for Russian Secret Service

China claims ‘world’s first’ military 5G can connect 10,000 robots in any terrain  

Theory of Mind: US military to build AI that predicts adversaries’ next moves

Treasury Sanctions Technology Company for Support to Malicious Cyber Group  

Cybersecurity

AT&T and Verizon say networks secure after Salt Typhoon breach  

Dirty DAG: New Vulnerabilities in Azure Data Factory’s Apache Airflow Integration

Treasury Sanctions Entities in Iran and Russia That Attempted to Interfere in the U.S. 2024 Election      

HIPAA Security Rule Notice of Proposed Rulemaking to Strengthen Cybersecurity for Electronic Protected Health Information   

Telegram blocks Russian state-owned media channels in several EU countries  

Large language models can do jaw-dropping things. But nobody knows exactly why  

Apple to Pay $95 Million to Settle Lawsuit Accusing Siri of Snoopy Eavesdropping    

US sanctions China’s Integrity Technology over alleged hacking sweep  

Meta’s AI Profiles Are Indistinguishable From Terrible Spam That Took Over Facebook  

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)

Source: SecurityAffairs
Source Link: https://securityaffairs.com/172679/breaking-news/security-affairs-newsletter-round-505-by-pierluigi-paganini-international-edition.html