A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Clorox estimates the costs of the August cyberattack will exceed $49 Million Mastodon fixed a flaw […

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Clorox estimates the costs of the August cyberattack will exceed $49 Million

Mastodon fixed a flaw that can allow the takeover of any account

Iranian hackers breached Albania’s Institute of Statistics (INSTAT)

Operation Synergia led to the arrest of 31 individuals

Ex CIA employee Joshua Adam Schulte sentenced to 40 years in prison

Cloudflare breached on Thanksgiving Day, but the attack was promptly contained

PurpleFox malware infected at least 2,000 computers in Ukraine

Multiple malware used in attacks exploiting Ivanti VPN flaws

Police seized 50,000 Bitcoin from operator of the now-defunct piracy site movie2k

Crooks stole around $112 million worth of XRP from Ripple’s co-founder

CISA adds Apple improper authentication bug to its Known Exploited Vulnerabilities catalog

Ivanti warns of a new actively exploited zero-day

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

Data leak at fintech giant Direct Trading Technologies

Root access vulnerability in GNU Library C (glibc) impacts many Linux distros

Italian data protection authority said that ChatGPT violated EU privacy laws

Juniper Networks released out-of-band updates to fix high-severity flaws

Hundreds of network operators’ credentials found circulating in Dark Web

Cactus ransomware gang claims the Schneider Electric hack

Mercedes-Benz accidentally exposed sensitive data, including source code

Experts detailed Microsoft Outlook flaw that can leak NTLM v2 hashed passwords

NSA buys internet browsing records from data brokers without a warrant

Ukraine’s SBU arrested a member of Pro-Russia hackers group ‘Cyber Army of Russia’

Multiple PoC exploits released for Jenkins flaw CVE-2024-23897

Medusa ransomware attack hit Kansas City Area Transportation Authority

Cybercrime

Who is Alleged Medibank Hacker Aleksandr Ermakov?

Ransomware Revenue Down As More Victims Refuse to Pay  

Energy giant Schneider Electric hit by Cactus ransomware attack

Hundreds Of Network Operators’ Credentials Found Circulating In Dark Web  

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Data of 750 Million Indian Mobile Subscribers Sold on Hacker Forums     

Hackers steal $112 million of XRP Ripple cryptocurrency  

movie2k.to: Ex-operator hands over BTC worth 2 billion euros 

Portland Man Sentenced to Federal Prison for Role in SIM Swapping Identity Theft and Fraud Scheme  

INTERPOL-led operation targets growing cyber threats  

Malware

New Ransomware Reporting Requirements Kick in as Victims Increasingly Avoid Paying  

KRUSTYLOADER – RUST MALWARE LINKED TO COMPROMISED IVANTI CONNECTSECURE  

Evolution of UNC4990: Uncovering USB Malware’s Hidden Depths  

China’s Hackers Have Entire Nation in Their Crosshairs, FBI Director Warns  

Outsmarting Ransomware’s New Playbook

UAC-0027: DIRTYMOE (PURPLEFOX) affected more than 2000 computers in Ukraine  

Hacking

Outlook Vulnerability Discovery and New Ways to Leak NTLM Hashes 

Thanksgiving 2023 security incident

Exclusive: US disabled Chinese hacking network targeting critical infrastructure   

Iran-linked hackers claim attack on Albania’s Institute of Statistics     

Intelligence and Information Warfare 

Ukraine’s security service detains member of Russian ‘Cyber Army’  

Wyden Releases Documents Confirming the NSA Buys Americans’ Internet Browsing Records

The Bear and The Shell: New Campaign Against Russian Opposition   

Spying From Space 

Wikileaks source and former CIA worker Joshua Schulte sentenced to 40 years jail

Former Cia Officer Joshua Adam Schulte Sentenced To 40 Years In Prison For Espionage And Child Pornography Crimes  

Cybersecurity

How a mistakenly published password exposed Mercedes-Benz source code

Zero-day, supply-chain attacks drove data breach high for 2023      

ChatGPT violated European privacy laws, Italy tells chatbot maker OpenAI

ENISA Single Programming Document 2024 – 2026

Qualys TRU Discovers Important Vulnerabilities in GNU C Library’s syslog()   

Supplemental Direction V1: ED 24-01: Mitigate Ivanti Connect Secure and Ivanti Policy Secure Vulnerabilities         

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)

Source: SecurityAffairs
Source Link: https://securityaffairs.com/158588/breaking-news/security-affairs-newsletter-round-457-by-pierluigi-paganini-international-edition.html