Security Affairs newsletter Round 290

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box.

Chilean-based retail giant Cencosud hit by Egregor RansomwareShinyHunters hacked Pluto TV service, 3.2M accounts exposedThe North Face website suffered a credential stuffing attackCrooks use software skimmer that pretends to be a security firmLazarus malware delivered to South Korean users via supply chain attacksNew Jupyter information stealer appeared in the threat landscapeNew skimmer attack uses WebSockets to evade detectionUnprotected database exposed a scam targeting 100K+ Facebook accounts246869 Windows systems are still vulnerable to the BlueKeep flawAt-Risk Meeting Notifier Zoom feature alerts meeting organizers of Zoombombing riskChinese APT FunnyDream targets a South East Asian governmentExpert publicly discloses PoC code for critical RCE issues in Cisco Security ManagerHappy birthday, Security Affairs celebrates its ninth Anniversary todayUnixfreaxjp at #R2CON2020 presented shellcode basics for radare2VoltPillager: Hardware-based fault injection attacks against Intel SGX enclavesChina-linked APT10 leverages ZeroLogon exploits in recent attacksCisco fixed flaws in WebEx that allow ghost participants in meetingsLarge-scale campaign targets vulnerable Epsilon Framework WordPress themesOffice 365 phishing campaign uses redirector URLs and detects sandboxes to evade detectionPhishing campaign targets LATAM e-commerce users with Chaes MalwareThe Defeated President Trump fired CISA chief Chris KrebsA flaw in GO SMS Pro App allows accessing media messagesDrupal addressed CVE-2020-13671 Remote Code Execution flawNation-state actors from Russia, China, Iran, and North Korea target CanadaNew Grelos skimmer variant reveals murkiness in tracking Magecart operationsREvil ransomware demands 500K ransom to hosting providerWe infiltrated an IRC botnet. Heres what we foundA flaw in Facebook Messenger could have allowed spying on usersMitsubishi Electric Corp. was hit by a new cyberattackOctober Mumbai power outage may have been caused by a cyber attackQakBot Big Game Hunting continues: the operators drop ProLock ransomware for EgregorVMware addresses flaws exploited at recent Tianfu CupDutch tech reporter gatecrashes EU defence secret video conferenceExperts warn of mass-scanning for ENV files left unsecured onlineManchester United hit by ‘sophisticated cyber attackUK reveals new National Cyber Force to improve offensive cyber capabilities

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)

The post Security Affairs newsletter Round 290 appeared first on Security Affairs.