Security Affairs newsletter Round 463 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

France Travail data breach impacted 43 Million people
Scranton School District in Pennsylvania suffered a ransomware attack
Lazarus APT group returned to Tornado Cash to launder stolen funds
Moldovan citizen sentenced in connection with the E-Root cybercrime marketplace case
UK Defence Secretary jet hit by an electronic warfare attack in Poland
Cisco fixed high-severity elevation of privilege and DoS bugs
Recent DarkGate campaign exploited Microsoft Windows zero-day
Nissan Oceania data breach impacted roughly 100,000 people
Researchers found multiple flaws in ChatGPT plugins
Fortinet fixes critical bugs in FortiOS, FortiProxy, and FortiClientEMS
Acer Philippines disclosed a data breach after a third-party vendor hack
Stanford University announced that 27,000 individuals were impacted in the 2023 ransomware attack
Microsoft Patch Tuesday security updates for March 2024 fixed 59 flaws
Russia’s Foreign Intelligence Service (SVR) alleges US is plotting to interfere in presidential election
First-ever South Korean national detained for espionage in Russia
Insurance scams via QR codes: how to recognise and defend yourself
BianLian group exploits JetBrains TeamCity bugs in ransomware attacks
Experts released PoC exploit for critical Progress Software OpenEdge bug
Magnet Goblin group used a new Linux variant of NerbianRAT malware
Hackers exploited WordPress Popup Builder plugin flaw to compromise 3,300 sites
Lithuania security services warn of China’s espionage against the country

Cybercrime

Data breaches caused by insiders can cost you over $15 million  

Stanford says data from 27,000 people leaked in September ransomware attack

A Close Up Look at the Consumer Data Broker Radaris

Binance’s Top Crypto Crime Investigator Is Being Detained in Nigeria 

FBI’s LockBit Takedown Postponed a Ticking Time Bomb in Fulton County, Ga.  

Moldovan National Sentenced To Federal Prison For Operating Websites Involved In The Illicit Sale Of Compromised Computer Credentials     

CEO of Data Privacy Company Onerep.com Founded Dozens of People-Search Firms 

Pennsylvania’s Scranton School District dealing with ransomware attack 

Cybercriminals Evolve Tooling For Remote Access Compromise  

France Travail: the CNIL investigates the data leak and gives advice on how to protect yourself  

Malware

MAGNET GOBLIN TARGETS PUBLICLY FACING SERVERS USING 1-DAY VULNERABILITIES 

New Malware Campaign Found Exploiting Stored XSS in Popup Builder < 4.2.3

BianLian GOs for PowerShell After TeamCity Exploitation  

CVE-2024-21412: DarkGate Operators Exploit Microsoft Windows SmartScreen Bypass in Zero-Day Campaign  

Hacking  

AUTOATTACKER: A Large Language Model Guided System to Implement Automatic Cyber-attacks

CVE-2024-1403: Progress OpenEdge Authentication Bypass Deep-Dive  

French state services hit by ‘intense’ cyberattack, PM’s office says  

Security Flaws within ChatGPT Ecosystem Allowed Access to Accounts On Third-Party Websites and Sensitive Data  

Intelligence and Information Warfare 

China intensifies intelligence activities against Lithuania from its territory      

First-ever South Korean citizen arrested for espionage in Russia  

Russia’s spy service accuses US of trying to meddle in presidential election

THE MARCH 2024 SECURITY UPDATE REVIEW     

Rubio warns Chinese cyberattack ‘will be 100 times worse’ than AT&T outage: ‘Your power, your water’  

North Korean Hackers Return to Tornado Cash Despite Sanctions  

Safeguarding EU elections amidst cybersecurity challenges 

Nation-state threat actors using LLMs to boost cyber operations 

Cybersecurity          

Nissan to let 100,000 Aussies and Kiwis know their data was stolen in cyberattack

China could use TikTok to influence US elections, spy chief says 

Stealing Part of a Production Language Model  

US Senator Urges Microsoft to Pull Bing Out of China 

How to verify a data breach

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)

文 » A