A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box.
If you want to also receive for free the newsletter with the international press subscribe here.
LockBit leaks data stolen from the South Korean National Tax ServiceItaly’s Data Protection Authority temporarily blocks ChatGPT over privacy concernsCISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalogHackers are actively exploiting a flaw in the Elementor Pro WordPress pluginCyber Police of Ukraine arrested members of a gang that defrauded EU citizens of $4.33MRussian APT group Winter Vivern targets email portals of NATO and diplomatsSuper FabriXss vulnerability in Microsoft Azure SFX could lead to RCENew AlienFox toolkit harvests credentials for tens of cloud services3CX voice and video conferencing software victim of a supply chain attackNew Mélofée Linux malware linked to Chinese APT groupsQNAP fixed Sudo privilege escalation bug in NAS devicesAustralia’s Casino Giant Crown Resorts disclosed data breach after Clop ransomware attackOpenAI quickly fixed account takeover bugs in ChatGPTGoogle TAG shares details about exploit chains used to install commercial spywareClipper attacks use Trojanized TOR Browser installersToyota Italy accidentally leaked sensitive dataBitter APT group targets China’s nuclear energy sector Latitude Data breach is worse than initially estimated. 14 million individuals impactedEuropol warns of criminal use of ChatGPTTelecom giant Lumen suffered a ransomware attack and disclose a second incidentApple fixes recently disclosed CVE-2023-23529 zero-day on older devicesNew MacStealer macOS malware appears in the cybercrime undergroundUpdates from the MaaS: new threats delivered through NullMixerTechnical analysis of China-linked Earth Preta APT’s infection chainMalicious Python Package uses Unicode support to evade detection OpenAI: A Redis bug caused a recent ChatGPT data exposure incidentMicrosoft shares guidance for investigating attacks exploiting CVE-2023-23397Vice Society claims attack on Puerto Rico Aqueduct and Sewer AuthorityInternational Press
Cybercrime
The criminal use of ChatGPT – a cautionary tale about large language models
Casino Giant Crown Resorts Investigating Ransomware Group’s Data Theft Claims
The cyber police exposed members of a criminal group that defrauded EU citizens of 160 million hryvnias with the help of phishing
Hacking
Spyware vendors use 0-days and n-days against popular platforms
Sudoedit bypass in Sudo <= 1.9.12p1 CVE-2023-22809
#SmoothOperator | Ongoing Campaign Trojanizes #3CXDesktopApp in Supply Chain Attack
Super FabriXss: From XSS to an RCE in Azure Service Fabric Explorer by Abusing an Event Tab Cluster Toggle (CVE-2023-23383) Lidor Ben Shitrit Reading time: 11 Minutes
Critical Elementor Pro Vulnerability Exploited
Malware
Malicious Actors Use Unicode Support in Python to Evade Detection
Updates from the MaaS: new threats delivered through NullMixer
MacStealer: New macOS-based Stealer Malware Identified
Copy-paste heist or clipboard-injector attacks on cryptousers
Mélofée: a new alien malware in the Panda’s toolset targeting Linux hosts
Ironing out (the macOS details) of a Smooth Operator
Dissecting AlienFox | The Cloud Spammer’s Swiss Army Knife
Intelligence and Information Warfare
Guidance for investigating attacks using CVE-2023-23397
Pack it Secretly: Earth Preta’s Updated Stealthy Strategies
Phishing Campaign Targets Chinese Nuclear Energy Industry
Exploitation is a Dish Best Served Cold: Winter Vivern Uses Known Zimbra Vulnerability to Target Webmail Portals of NATO-Aligned Governments in Europe
Cybersecurity
Lloyd’s of London says its controversial cyberwar exclusions could hit profits
Wearable Brain Devices Will Challenge Our Mental Privacy
President Biden Signs Executive Order Restricting Use of Commercial Spyware
UK Introduces Mass Surveillance With Online Safety Bill
Artificial intelligence: stop to ChatGPT by the Italian SAPersonal data is collected unlawfully, no age verification system is in place for children
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Please vote for Security Affairs (https://securityaffairs.com/) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERSVote for me in the sections:
The Teacher – Most Educational Blog
The Entertainer – Most Entertaining Blog
The Tech Whizz – Best Technical Blog
Best Social Media Account to Follow (@securityaffairs)
Please nominate Security Affairs as your favorite blog.
Nominate here: https://docs.google.com/forms/d/e/1FAIpQLSfaFMkrMlrLhOBsRPKdv56Y4HgC88Bcji4V7OCxCm_OmyPoLw/viewform
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, newsletter)
The post Security Affairs newsletter Round 413 by Pierluigi Paganini – International edition appeared first on Security Affairs.