Security Affairs newsletter Round 348
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box.
If you want to also receive for free the newsletter with the international press subscribe here.
Unauthenticated RCE in H2 Database Console is similar to Log4ShellFluBot malware continues to evolve. What’s new in Version 5.0 and beyond?Alfer Microsoft, also SonicWall confirmed that its products were affected by Y2K22 bugFIN7 group continues to target US companies with BadUSB devicesHow to secure QNAP NAS devices? The vendor’s instructionsThreat actor targets VMware Horizon servers using Log4Shell exploits, UK NHS warnsNorton Crypto, the controversial cryptomining feature of Norton 360Over 3.7 million accounts were compromised in the FlexBooker data breachNight Sky, a new ransomware operation in the threat landscapeNorth Korea-linked Konni APT targets Russian diplomatic bodiesThreat actors stole 1.1 million customer accounts from 17 well-known companiesGoogle Docs comment feature abused in phishing campaignFrance hits Google, Facebook with fines over ‘Cookies’ managementNoReboot persistence technique fakes iPhone shutdownVMware fixed CVE-2021-22045 heap-overflow in Workstation, Fusion and ESXiFTC warns legal action against businesses who fail to mitigate Log4J attacksThreat actors continue to exploit Log4j flaws in their attacks, Microsoft WarnsResearchers used electromagnetic signals to classify malware infecting IoT devicesUScellular discloses the second data breach in a yearAttackers abused cloud video platform to inject an e-skimmer into 100 Real Estate sites
Purple Fox backdoor spreads through fake Telegram App installerHospitality Chain McMenamins discloses data breach after ransomware attackBroward Health suffered a data breach that impacted +1.3 million people‘doorLock’ – A persistent denial of service flaw affecting iOS 15.2 – iOS 14.7 Israeli Media Outlets hacked on the anniversary of Soleimani killingSEGA Europe left AWS S3 bucket unsecured exposing data and infrastructure to attackThe worst cyber attacks of 2021Microsoft rolled out emergency fix for Y2k22 bug in Exchange serversExclusive: NASA Director Twitter account hacked by Powerful Greek ArmyLapsus$ ransomware gang hits Impresa, Portugal’s largest media conglomerate
North Korea-linked threat actors stole $1.7 billion from cryptocurrency exchangesCrypto security breaches cause $4.25 billion losses worth of cryptos in 2021
(SecurityAffairs – hacking, newsletter)