Security Affairs newsletter Round 308

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box.

If you want to receive the complete weekly Security Affairs Newsletter for free, including the international press, subscribe here.

Experts found two flaws in Facebook for WordPress Plugin
Hackers disrupted live broadcasts at Channel Nine. Is it a Russian retaliation?
QNAP urges users to take action to protect devices against Brute-Force attacks
US Gov Executive Order would oblige to disclose security breach impacting gov users
China-linked RedEcho APT took down part of its C2 domains
Hackers breached the PHP ‘s Git Server and inserted a backdoor in the source code
London-based academies Harris Federation hit by ransomware attack
New Purple Fox version includes Rootkit and implements wormable propagation
Ziggy ransomware admin announced it will refund victims who paid the ransom
30 Docker images downloaded 20M times in cryptojacking attacks
Experts found 2 Linux Kernel flaws that can allow bypassing Spectre mitigations
Hundreds of thousands of projects affected by a flaw in netmask npm package
Reflected XSS Vulnerability In Ivory Search WP Plugin Impact Over 60K sites
VMware addresses SSRF flaw in vRealize Operations that allows stealing admin credentials
Chinese experts earned $20,000 for reporting a Chrome Sandbox Escape
Email accounts of DHS members were compromised in the SolarWinds hack
IETF deprecates TLS 1.0 and TLS 1.1, update to latest versions
North Korea-linked hackers target security experts again
President Biden extended Executive Order 13694 regarding cyberattack sanctions
Akamai dealt with an 800Gbps ransom DDoS against a gambling company
DeepDotWeb admin pleads guilty to money laundering conspiracy
Ubiquiti security breach may be a catastrophe
US CISA warns of DoS flaws in Citrix Hypervisor
VMware fixed flaws in vROps that can be chained to compromise organizations
VMware fixes authentication bypass in Carbon Black Cloud Workload appliance
Airlift Express Fixes Vulnerabilities in Its E-commerce Store
Conti Ransomware gang demanded $40 million ransom to Broward County Public Schools
DHS CISA requires federal agencies to assess their Microsoft Exchange servers by April 5
FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers
Man indicted for tampering with public water system in Kansas
Tens of thousands of QNAP SOHO NAS devices affected by unpatched RCEs
TIMs Red Team Research (RTR) team found 5 zero-day flaws in the CA eHealth Performance Manager product
Activision warns of Call of Duty Cheat tool used to deliver RAT
Attackers are abusing GitHub infrastructure to mine cryptocurrency
Capital One discovered more customers SSNs exposed in 2019 hack
Evolution and rise of the Avaddon Ransomware-as-a-Service

If you want to receive the complete weekly Security Affairs Newsletter for free, including the international press, subscribe here.

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)

The post Security Affairs newsletter Round 308 appeared first on Security Affairs.

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Discord

Original Source