Security Affairs newsletter Round 489 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

U.S. CISA adds Ivanti Cloud Services Appliance Vulnerability to its Known Exploited Vulnerabilities catalog

Ivanti Cloud Service Appliance flaw is being actively exploited in the wild

GitLab fixed a critical flaw in GitLab CE and GitLab EE

New Linux malware called Hadooken targets Oracle WebLogic servers

Lehigh Valley Health Network hospital network has agreed to a $65 million settlement after data breach

Vo1d malware infected 1.3 Million Android-based TV Boxes in 197 countries

Cybersecurity giant Fortinet discloses a data breach

UK NCA arrested a teenager linked to the attack on Transport for London

Singapore Police arrest six men allegedly involved in a cybercrime syndicate

Adobe Patch Tuesday security updates fixed multiple critical issues in the company’s products

Highline Public Schools school district suspended its activities following a cyberattack

RansomHub ransomware gang relies on Kaspersky TDSKiller tool to disable EDR

Ivanti fixed a maximum severity flaw in its Endpoint Management software (EPM)

Microsoft Patch Tuesday security updates for September 2024 addressed four actively exploited zero-days

Quad7 botnet evolves to more stealthy tactics to evade detection

Poland thwarted cyberattacks that were carried out by Russia and Belarus

U.S. CISA adds SonicWall SonicOS, ImageMagick and Linux Kernel bugs to its Known Exploited Vulnerabilities catalog

Electronic payment gateway Slim CD disclosed a data breach impacting 1.7M individuals

Experts demonstrated how to bypass WhatsApp View Once feature

Predator spyware operation is back with a new infrastructure

TIDRONE APT targets drone manufacturers in Taiwan

Multiple malware families delivered exploiting GeoServer GeoTools flaw CVE-2024-36401

Progress Software fixed a maximum severity flaw in LoadMaster

Feds indicted two alleged administrators of WWH Club dark web marketplace

International Press – Newsletter

Cybercrime  

Russian And Kazakhstani Men Indicted For Running Dark Web Criminal Marketplaces, Forums, And Trainings      

Sextortion scam now use your “cheating” spouse’s name as a lure

Researchers trace massive data leak to US data broker: why should you care

Cyber-Attack on Payment Gateway Exposes 1.7 Million Credit Card Details  

Highline Public Schools closes schools following cyberattack

In Wake of Durov Arrest, Some Cybercriminals Ditch Telegram  

Six Persons To Be Charged For Offences In Relation To Illegal Cyber Activities  

UK arrests teen linked to Transport for London cyber attack

Fortinet suffers third-party data breach affecting Asia-Pacific customers  

Malware

Mythical Beasts and Where to Find Them: Mapping the Global Spyware Market and its Threats to National Security and Human Rights  

Malware’s Shared Secrets: Code Similarity Insights for Ransomware Gangs Activities Tracking      

Mallox ransomware: in-depth analysis and evolution  

A glimpse into the Quad7 operators’ next moves and associated botnets  

Ajina attacks Central Asia: Story of an Uzbek Android Pandemic      

Void captures over a million Android TV boxes

Hacking

Watch the Typo: Our PoC Exploit for Typosquatting in GitHub Actions

Threat Actors Exploit GeoServer Vulnerability CVE-2024-36401      

YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel 

Once and Forever: WhatsApp’s View Once Functionality is Broken  

PIXHELL Attack: Leaking Sensitive Information from Air-Gap Computers via `Singing Pixels’

Critical SonicWall SSLVPN bug exploited in ransomware attacks

Flipper Zero releases Firmware 1.0 after three years of development

DragonRank, a Chinese-speaking SEO manipulator service provider 

CVE-2024-29847 Deep Dive: Ivanti Endpoint Manager AgentPortal Deserialization of Untrusted Data Remote Code Execution Vulnerability

Living off the land, GPO style      

Intelligence and Information Warfare 

DeFied Expectations — Examining Web3 Heists         

Australian links revealed in global defence company scandal involving China, Russia and Iran  

TIDRONE Targets Military and Satellite Industries in Taiwan  

MI6 and CIA warn of ‘reckless campaign of sabotage across Europe’ being waged by Russia

Earth Preta Evolves its Attacks with New Malware and Strategies

Chinese APT Abuses VSCode to Target Government in Asia  

Poland neutralises sabotage group linked to Belarus and Russia  

Fake recruiter coding tests target devs with malicious Python packages

Cybersecurity

25 Ways to Make the SOC More Efficient and Avoid Team Burnout  

An Open door

The September 2024 Security Update Review  

The rise of fake influencers  

Bug Left Some Windows PCs Dangerously Unpatched 

YARA Rule Crafting: A Deep Dive into Signature-Based Threat Hunting Strategies  

WordPress.org to require 2FA for plugin developers by October

Data Protection Commission launches inquiry into Google AI model

Building a Cybersecurity and Privacy Learning Program

UK Data Centers Gain Critical Infrastructure Status, Raising Green Belt Controversy

Record $65 Million Settlement Reached Between Saltz Mongeluzzi Bendesky and LVHN on Behalf of Cancer Patients Whose Nude Photos Were Hacked

Facebook scrapes photos of kids from Australian user profiles to train its AI      

Global Cybersecurity Index  

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)