Security Affairs newsletter Round 351

A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box.

If you want to also receive for free the newsletter with the international press subscribe here.

QNAP force-installs update against the recent wave of DeadBolt ransomware infections
US FCC bans China Unicom Americas telecom over national security risks
NCSC warns UK entities of potential destructive cyberattacks from Russia
Finnish diplomats’ devices infected with Pegasus spyware
Zerodium offers $400,000 for Microsoft Outlook RCE zero-day exploits
Delta Electronics, a tech giants’ contractor, hit by Conti ransomware
Experts devise a technique to bypass Microsoft Outlook Security feature
Puerto Rico was hit by a major cyberattack
North Korea-linked Lazarus APT used Windows Update client and GitHub in recent attacks
Popular apps left biometric data, IDs of millions of users in danger
Microsoft mitigated a 3.47 Tbps DDoS attack, the largest one to date
Lockbit ransomware gang claims to have hacked Ministry of Justice of France
A new highly evasive technique used to deliver the AsyncRAT Malware
Experts analyze first LockBit ransomware for Linux and VMware ESXi
Apple fixed the first two zero-day vulnerabilities of 2022
German intelligence agency warns of China-linked APT27 targeting commercial organizations
New DeadBolt ransomware targets QNAP NAS devices
VMware urges customers to patch VMware Horizon servers against Log4j attacks
PwnKit: Local Privilege Escalation bug affects major Linux distros
PrinterLogic fixes high severity flaws in Printer Management Suite
Segway e-store compromised in a Magecart attack to steal credit cards
UK NCSC is going to release Nmap scripts to find unpatched vulnerabilities
Sophisticated attackers used DazzleSpy macOS backdoor in watering hole attacks
Attackers are actively targeting critical RCE bug in SonicWall Secure Mobile Access
Latest version of Android RAT BRATA wipes devices after stealing data
A flaw in Rust Programming language could allow to delete files and directories
Tens of AccessPress WordPress themes compromised as part of a supply chain attack
Russian authorities arrested the kingpin of cybercrime Infraud Organization
Emotet spam uses unconventional IP address formats to evade detection
Crooks tampering with QR Codes to steal victim money and info, FBI warns
F5 fixes 25 flaws in BIG-IP, BIG-IQ, and NGINX products
OpenSubtitles data breach impacted 7 million subscribers
US CISA added 17 flaws to its Known Exploited Vulnerabilities Catalog
Molerats cyberespionage group uses public cloud services as attack infrastructure

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)

The post Security Affairs newsletter Round 351 appeared first on Security Affairs.

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Discord

Original Source