Security Affairs newsletter Round 354
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box.
If you want to also receive for free the newsletter with the international press subscribe here.
CISA compiled a list of free cybersecurity tools and servicesWhite House and UK Gov attribute DDoS attacks on Ukraine to Russia’s GRUUpdraftPlus WordPress plugin update forced for million sitesGoogle Privacy Sandbox promises to protect user privacy onlineIran-linked TunnelVision APT is actively exploiting the Log4j vulnerabilityCVE-2021-44731 Linux privilege escalation bug affects Canonical’s Snap Package ManagerResearchers created a PoC exploit for recently disclosed critical Magento CVE-2022-24086 bugThreat actors leverage Microsoft Teams to spread malwareSpecially crafted emails could crash Cisco ESA devicesEuropean Data Protection Supervisor call for bans on surveillance spyware like Pegasus
New Kraken botnet is allowing operators to earn USD 3,000 every monthNation-state actors hacked Red Cross exploiting a Zoho bugRussia-linked threat actors breached US cleared defense contractors (CDCs)Trickbot targets customers of 60 High-Profile companiesExperts disclose details of Apache Cassandra DB RCECISA added 9 new flaws to the Known Exploited Vulnerabilities Catalog, including Magento e Chrome bugsVMware fixes flaws demonstrated at Chinese Tianfu Cup hacking contestUkraine: Military defense agencies and banks hit by cyberattacksQNAP extends security Updates for some EOL devicesBlackCat gang claimed responsibility for Swissport ransomware attack
Google fixes a Chrome zero-day flaw actively exploited in attacksRemote sex toys might spice up your love life – but crooks could also get a kick out of themSSU: Russia-linked actors are targeting Ukraine with ‘massive wave of hybrid warfare’BlackByte ransomware breached at least 3 US critical infrastructure organizationsEuropean Central Bank tells banks to step up defences against nation-state attacksCritical Magento zero-day flaw CVE-2022-24086 actively exploitedAlleged ransomware attack disrupted operations at Slovenia’s Pop TV stationOrganizations paid at least $602 million to ransomware gangs in 2021San Francisco 49ers NFL team discloses BlackByte ransomware attackAnalyzing Phishing attacks that use malicious PDFs
(SecurityAffairs – hacking, newsletter)