Your hacker Blog

Security Affairs newsletter Round 390

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box.

If you want to also receive for free the newsletter with the international press subscribe here.

Daixin Team targets health organizations with ransomware, US agencies warnThreat actors exploit critical flaw in VMware Workspace ONE Access to drop ransomware, minersEnergyAustralia Electricity company discloses security breachExperts warn of CVE-2022-42889 Text4Shell exploit attemptsCISA adds Linux kernel flaw CVE-2021-3493 to its Known Exploited Vulnerabilities CatalogGUAC – A Google Open Source Project to secure software supply chainNews URSNIF variant doesn’t support banking featuresHealthcare system Advocate Aurora Health data breach potentially impacted 3M patientsExperts spotted a new undetectable PowerShell Backdoor posing as a Windows updateBlueBleed: Microsoft confirmed data leak exposing customers’ infoInternet disruptions observed as Russia targets critical infrastructure in UkraineBrazilian police arrested a man suspected of being a member of LAPSUS$ gangExperts discovered millions of .git folders exposed to publicText4Shell, a remote code execution bug in Apache Commons Text libraryResearchers share of FabriXss bug impacting Azure Fabric ExplorerThe missed link between Ransom Cartel and REvil ransomware gangsMicrosoft Office 365 Message Encryption (OME) doesn’t ensure confidentialityLaw enforcement arrested 31 suspects for stealing cars by hacking key fobsChina-linked APT41 group targets Hong Kong with Spyder LoaderCritical Remote Code Execution issue impacts popular post-exploitation toolkit Cobalt StrikeOver 17000 Fortinet devices exposed online are very likely vulnerable to CVE-2022-40684CVE-2022-28762: Zoom for macOS contains a debugging port misconfigurationRetail giant Woolworths discloses data breach of MyDeal online marketplaceNew UEFI rootkit Black Lotus offered for sale at $5,000Japanese tech firm Oomiya hit by LockBit 3.0. Multiple supply chains potentially impactedBulgaria hit by a cyber attack originating from RussiaInterpol arrested 75 members of the cybercrime ring Black Axe45,654 VMware ESXi servers reached End of Life on Oct. 15Mysterious Prestige ransomware targets organizations in Ukraine and PolandThreat actors hacked hundreds of servers by exploiting Zimbra CVE-2022-41352 bugFollow me on Twitter: @securityaffairs and Facebook

try {
window._mNHandle.queue.push(function (){
window._mNDetails.loadTag(“816788371”, “300×250”, “816788371”);
});
}
catch (error) {}

try {
window._mNHandle.queue.push(function (){
window._mNDetails.loadTag(“816788371”, “300×250”, “816788371”);
});
}
catch (error) {}
Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)

The post Security Affairs newsletter Round 390 appeared first on Security Affairs.