Security Affairs newsletter Round 367 by Pierluigi Paganini

A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs for free in your email box.

If you want to also receive for free the newsletter with the international press subscribe here.

Experts believe that Russian Gamaredon APT could fuel a new round of DDoS attacksThe strange link between Industrial Spy and the Cuba ransomware operationReuters: Russia-linked APT behind Brexit leak websiteGitHub: Nearly 100,000 NPM Users’ credentials stolen in the April OAuth token attackAndroid pre-installed apps are affected by high-severity vulnerabilitiesGhostTouch: how to remotely control touchscreens with EMIFBI: Compromised US academic credentials available on various cybercrime forumsERMAC 2.0 Android Banking Trojan targets over 400 appsExperts released PoC exploit code for critical VMware CVE-2022-22972 flawExposed: the threat actors who are poisoning FacebookZyxel addresses four flaws affecting APs, AP controllers, and firewallsExperts warn of a new malvertising campaign spreading the ChromeLoaderDo not use Tails OS until a flaw in the bundled Tor Browser will be fixedItaly announced its National Cybersecurity Strategy 2022/26Unknown APT group is targeting Russian government entitiesInternationa police operation led to the arrest of the SilverTerrier gang leaderChaining Zoom bugs is possible to hack users in a chat by sending them a messageCISA adds 41 flaws to its Known Exploited Vulnerabilities CatalogTrend Micro addressed a flaw exploited by China-linked Moshen Dragon APTMicrosoft warns of new highly evasive web skimming campaignsNation-state malware could become a commodity on dark web soon, Interpol warnsRussia-linked Turla APT targets Austria, Estonia, and NATO platformRussia-linked Fronton botnet could run disinformation campaignsA flaw in PayPal can allow attackers to steal money from users’ accountCytrox’s Predator spyware used zero-day exploits in 3 campaignsThreat actors target the infoSec community with fake PoC exploitsSecurity Affairs newsletter Round 366 by Pierluigi PaganiniNorth Korea-linked Lazarus APT uses Log4J to target VMware serversThe Pwn2Own Vancouver 2022: Trend Micro and ZDI awarded $1,155,000Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. I ask you to vote for me again (even if you have already done it), because this vote is for the final.

Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”)

To nominate, please visit: 

https://docs.google.com/forms/d/e/1FAIpQLSdNDzjvToMSq36YkIHQWwhma90SR0E9rLndflZ3Cu_gVI2Axw/viewform
Follow me on Twitter: @securityaffairs and Facebook

try {
window._mNHandle.queue.push(function (){
window._mNDetails.loadTag(“816788371”, “300×250”, “816788371”);
});
}
catch (error) {}

try {
window._mNHandle.queue.push(function (){
window._mNDetails.loadTag(“816788371”, “300×250”, “816788371”);
});
}
catch (error) {}
Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)

The post Security Affairs newsletter Round 367 by Pierluigi Paganini appeared first on Security Affairs.