Security Affairs Newsletter Round 521: A Global Threat Landscape Update

Security Affairs Newsletter Round 521: A Global Threat Landscape Update

The weekly SecurityAffairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Global Cybersecurity Threats on the Rise

Hackers have taken advantage of the passing of Pope Francis to spread scams and phishing emails. The number of damage caused by unauthorized access to and transactions on internet trading services is increasing sharply. Southeast Asian cyber fraud industry is at an "inflection point" as it expands globally.

British Retailer M&S Confirms Cyber Incident Amid Store Delays

British retailer Marks & Spencer (M&S) has confirmed being hit by a "cyber incident" amid store delays. The company has not disclosed the details of the breach, but has assured customers that it is working to resolve the issue.

Blue Shield of California Data Breach Impacts 4.7 Million People

The Blue Shield of California health insurance plan has confirmed a data breach that impacted 4.7 million people. The breach occurred in July and affected both active and inactive records.

NFC Fraud Wave: Evolution of Ghost Tap on the Dark Web

A new wave of NFC fraud is sweeping the globe, with hackers using sophisticated techniques to steal sensitive information from unsuspecting victims. The "Ghost Tap" scam uses stolen data to create fake NFC cards that can be used to make unauthorized transactions.

Online Scams Raked in $16.6 Billion Last Year

The FBI has reported that online scams raked in $16.6 billion last year, with cybercrime becoming an increasingly significant threat to individuals and businesses worldwide.

DaVita Attack: Leaks Stolen Data Online

A recent ransomware attack on the healthcare company DaVita has resulted in stolen data being leaked online. The attack highlights the growing concern of medical records being compromised by cyber threats.

Cyber Firm CEO Accused of Placing Malware on Hospital Device

The CEO of a cybersecurity firm has been accused of placing malware on a hospital device, highlighting the potential for insiders to compromise security.

New Rust Botnet "RustoBot" Routed via Routers

A new botnet called "RustoBot" has been discovered that is routed via routers. The botnet uses sophisticated techniques to evade detection and has already infected thousands of devices worldwide.

DslogdRAT Malware Installed in Ivanti Connect

A recent security breach has revealed that DslogdRAT malware has been installed in the Ivanti Connect software, which is used by organizations to manage IT assets. The attack highlights the importance of regular software updates and patch management.

Iran-Linked Hackers Target Israel with MURKYTOUR Malware via Fake Job Campaign

Iran-linked hackers have targeted Israel with a malware campaign called MURKYTOUR, which is disguised as a fake job posting. The attack highlights the growing concern of nation-state sponsored attacks.

Remote Exploitation of Nissan Leaf: Controlling Critical Body Elements from the Internet

A recent security breach has revealed that remote exploiters can control critical body elements on the Nissan Leaf electric vehicle using the internet. The attack highlights the potential for IoT devices to be compromised by cyber threats.

Obfuscation Overdrive: Next-Gen Cryptojacking with Layers

A new generation of cryptojacking attacks is emerging, which use layers of obfuscation to evade detection. These attacks highlight the growing concern of cryptocurrency theft and hacking.

CraftedComposer: A Privilege Escalation Vulnerability Impacting GCP Composer ReliaQuest

A recent security vulnerability has been discovered that can be exploited to gain elevated privileges on Google Cloud Platform (GCP) using the Composer tool. The vulnerability was identified by ReliaQuest.

Whistleblower: DOGE Siphoned NLRB Case Data

A whistleblower has come forward to reveal that sensitive data from a US Department of Labor case file was siphoned off, specifically targeting cryptocurrency transactions related to Dogecoin (DOGE).

Android Spyware Trojan Targets Russian Military Personnel

Android spyware trojan has been discovered that targets Russian military personnel who use Alpine Quest mapping software. The attack highlights the growing concern of mobile device hacking and espionage.

Phishing for Codes: Russian Threat Actors Target Microsoft 365 OAuth Workflows

Russian threat actors have targeted Microsoft 365 OAuth workflows with phishing campaigns, highlighting the growing concern of business email compromise (BEC) attacks.

Gamaredon's PteroLNK: Dead Drop Resolvers and Evasive Infrastructure

Research has revealed that Gamaredon, a sophisticated threat actor group, uses dead drop resolvers and evasive infrastructure to evade detection. The discovery highlights the growing concern of nation-state sponsored attacks.

DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack

North Korean hackers have stolen $137 million from users of the cryptocurrency exchange TRON in a single-day phishing attack. The attack highlights the growing concern of cryptocurrency theft and hacking.

Operation SyncHole: Lazarus APT Goes Back to the Well

The Lazarus APT group has launched Operation SyncHole, which is designed to steal sensitive data from organizations. The attack highlights the growing concern of nation-state sponsored attacks.

FBI Warns of Growing Concern of Election Interference

The FBI has warned of a growing concern of election interference and cyber threats aimed at disrupting democratic processes worldwide.

Google Chrome Vulnerability Allows Remote Code Execution

A recent security vulnerability has been discovered in Google Chrome that allows remote code execution. The vulnerability highlights the importance of regular software updates and patch management.

Cybersecurity Experts Warn of Growing Concern of AI-Powered Attacks

Cybersecurity experts are warning of a growing concern of AI-powered attacks, which use machine learning algorithms to evade detection. The attack highlights the potential for AI-powered hacking to become increasingly sophisticated and difficult to detect.

Top 10 Cybersecurity Trends of the Year

The following top 10 cybersecurity trends have been identified as critical for organizations in the coming year:

* Artificial Intelligence (AI) and Machine Learning (ML) * Cloud Security * Internet of Things (IoT) Security * Advanced Threat Protection * Data Breach Response * Cybersecurity Talent Acquisition * Zero-Trust Architecture * Incident Response Planning * Phishing and Social Engineering Attacks * Supply Chain Risk Management