A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Russia-linked APT29 targeted German political parties with WINELOADER backdoor Mozilla fixed Firefox zero-days exploited at Pwn2Own […

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Russia-linked APT29 targeted German political parties with WINELOADER backdoor

Mozilla fixed Firefox zero-days exploited at Pwn2Own Vancouver 2024

Large-scale Sign1 malware campaign already infected 39,000+ WordPress sites

German police seized the darknet marketplace Nemesis Market

Unsaflok flaws allow to open millions of doors using Dormakaba Saflok electronic locks

Pwn2Own Vancouver 2024: participants earned $1,132,500 for 29 unique 0-days

Critical Fortinet’s FortiClient EMS flaw actively exploited in the wild

Pwn2Own Vancouver 2024 Day 1 – team Synacktiv hacked a Tesla

Ivanti urges customers to fix critical RCE flaw in Standalone Sentry solution

New Loop DoS attack may target 300,000 vulnerable hosts

Critical flaw in Atlassian Bamboo Data Center and Server must be fixed immediately

Threat actors actively exploit JetBrains TeamCity flaws to deliver malware

BunnyLoader 3.0 surfaces in the threat landscape

Pokemon Company resets some users’ passwords

Ukraine cyber police arrested crooks selling 100 million compromised accounts

New AcidPour wiper targets Linux x86 devices. Is it a Russia’s weapon?

Players hacked during the matches of Apex Legends Global Series. Tournament suspended

Earth Krahang APT breached tens of government organizations worldwide

PoC exploit for critical RCE flaw in Fortra FileCatalyst transfer tool released

Fujitsu suffered a malware attack and probably a data breach

Remove WordPress miniOrange plugins, a critical flaw can allow site takeover

The Aviation and Aerospace Sectors Face Skyrocketing Cyber Threats

Email accounts of the International Monetary Fund compromised

Threat actors leaked 70,000,000+ records allegedly stolen from AT&T

“gitgub” malware campaign targets Github users with RisePro info-stealer

Cybercrime

The Aviation And Aerospace Sectors Face Skyrocketing Cyber Threats   

Accounts of Internet users were appropriated: cyber police of the Kharkiv region exposed members of a criminal group 

AI adoption by hackers pushed financial scams in 2023      

Illegal darknet marketplace “Nemesis Market” shut down

Malware

RisePro stealer targets Github users in “gitgub” campaign  

Inside the Rabbit Hole: BunnyLoader 3.0 Unveiled  

Sign1 Malware: Analysis, Campaign History & Indicators of Compromise  

APT29 Uses WINELOADER to Target German Political Parties  

Hacking  

Red Teaming: A Proactive Approach to AI Safety

IMF Investigates Cyber-Security Incident  

Critical Vulnerability Remains Unpatched in Two Permanently Closed MiniOrange WordPress Plugins – $1,250 Bounty Awarded 

CVE-2024-25153: Remote Code Execution in Fortra FileCatalyst  

Esports league postponed after players hacked midgame 

New Attack Shows Risks of Browsers Giving Websites Access to GPU 
Identity Providers for RedTeamers

Pokemon resets some users passwords after hacking attempts   

TeamCity Vulnerability Exploits Lead to Jasmin Ransomware, Other Malware Types 

Loop DoS: New Denial-of-Service Attack targets Application-Layer Protocols

CVE-2023-48788: Fortinet FortiClient EMS SQL Injection Deep Dive       

PWN2OWN VANCOUVER 2024 – DAY TWO RESULTS  

Unsaflok

Intelligence and Information Warfare 

Brussels’ spy problem is the tip of the iceberg, says Belgian justice minister  

Russia says cyberattacks had no impact on presidential election  

Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks 

The CNI warns about growing security threats in Spain: Russian espionage and cybercrimes, at the forefront

Gen Z Spies: Are Gamers a Bigger Threat Than Foreign Operatives?     

Cybersecurity          

US holds conference on military AI use with dozens of allies to determine ‘responsible’ use  

DFSA’s Cyber Risk Management Guidelines: A Blueprint for Cyber Resilience?  

From Deepfakes to Malware: AI’s Expanding Role in Cyber Attacks

Preparing Society for AI-Driven Disinformation in the 2024 Election Cycle  

House Passes Bill Barring Sale of Personal Information to Foreign Adversaries

 If SpaceX’s Secret Constellation Is What We Think It Is, It’s Game Changing (Updated)  

Meta’s AI Watermarking Plan Is Flimsy, at Best – Watermarks are too easy to remove to offer any protection against disinformation

Insider threats are AI developers next hurdle  

Investors’ pledge to fight spyware undercut by past investments in US malware maker

Here’s the U.S. Government’s Antitrust Case Against Apple

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Ramadan)

Source: SecurityAffairs
Source Link: https://securityaffairs.com/161016/breaking-news/security-affairs-newsletter-round-464-by-pierluigi-paganini-international-edition.html