Your hacker Blog

Security Affairs newsletter Round 377

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box.

If you want to also receive for free the newsletter with the international press subscribe here.

Greek intelligence service used surveillance malware to spy on a journalist, Reuters reportsSlack resets passwords for about 0.5% of its users due to the exposure of salted password hashesTwitter confirms zero-day used to access data of 5.4 million accountsThe popularity of Dark Utilities ‘C2-as-a-Service’ rapidly increasesDHS warns of critical flaws in Emergency Alert System encoder/decoder devicesCISA adds Zimbra email bug to Known Exploited Vulnerabilities CatalogMysterious threat actor TAC-040 used previously undetected Ljl BackdoorNew Linux botnet RapperBot brute-forces SSH serversNew Woody RAT used in attacks aimed at Russian entitiesUnauthenticated RCE can allow hacking DrayTek Vigor routers without user interactionTaiwan Government websites suffered DDoS attacks during the Nancy Pelosi visitHackers stole $200 million from the Nomad crypto bridgeCisco addressed critical flaws in Small Business VPN routersPower semiconductor component manufacturer Semikron suffered a ransomware attackManjusaka, a new attack tool similar to Sliver and Cobalt StrikeGoogle fixed Critical Remote Code Execution flaw in AndroidBusting the Myths of Hardware Based SecurityVMware fixed critical authentication bypass vulnerabilityLockBit 3.0 affiliate sideloads Cobalt Strike through Windows DefenderGootkit AaaS malware is still active and uses updated tacticsAustria investigates DSIRF firm for allegedly developing Subzero spyware ALPHV/BlackCat ransomware gang claims to have stolen data from Creos Luxembourg S.A.Australian man charged with creating and selling the Imminent Monitor spywareA flaw in Dahua IP Cameras allows full take over of the devicesUS Federal Communications Commission (FCC) warns of the rise of smishing attacksThreat actor claims to have hacked European manufacturer of missiles MBDA17 Android Apps on Google Play Store, dubbed DawDropper, were serving banking malwareSecurity Affairs newsletter Round 376 by Pierluigi PaganiniNorth Korea-linked SharpTongue spies on email accounts with a malicious browser extension

try {
window._mNHandle.queue.push(function (){
window._mNDetails.loadTag(“816788371”, “300×250”, “816788371”);
});
}
catch (error) {}

try {
window._mNHandle.queue.push(function (){
window._mNDetails.loadTag(“816788371”, “300×250”, “816788371”);
});
}
catch (error) {}
Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)

The post Security Affairs newsletter Round 377 appeared first on Security Affairs.