Security Affairs newsletter Round 330

A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box.

If you want to also receive for free the international press subscribe here.

SEC warns of investment scams related to Hurricane Ida
Apple will delay the rollout of new child pornography protection tools
FIN7 group leverages Windows 11 Alpha-Themed docs to drop Javascript payloads
Source code for the Babuk is available on a hacking forum
USCYBERCOM and CISA warn organizations to fix CVE-2021-26084 Confluence flaw
Conti ransomware gang targets Microsoft Exchange servers with ProxyShell exploits
PRIVATELOG, a new malware that leverages Common Log File System (CLFS) to avoid detection
FBI warns of ransomware attacks targeting the food and agriculture sector
Attacks against SolarWinds Serv-U SW were possible due to the lack of ASLR mitigation
WhatsApp CVE-2020-1910 bug could have led to user data exposure
New BrakTooth flaws potentially impact millions of Bluetooth-enabled devices
Attackers are attempting to exploit recently patched Atlassian Confluence CVE-2021-26084 RCE
Cyber Defense Magazine – September 2021 has arrived. Enjoy it!
Cisco fixes a critical flaw in Enterprise NFVIS for which PoC exploit exists
Google paid over $130K in bounty rewards for the issues addressed with the release of Chrome 93
Mozi infections will slightly decrease but it will stay alive for some time to come
QNAP will patche OpenSSL flaws in its NAS devices
SEC announces sanctions against entities over email account hacking
Watch out, ransomware attack risk increases on holidays and weekends, FBI and CISA
LockBit ransomware operators leak 200GB of data belonging to Bangkok Airways
LockFile Ransomware uses a new intermittent encryption technique
Threat actors can remotely disable Fortress S03 Wi-Fi Home Security System
HPE wars customers of Sudo flaw in Aruba AirWave Management Platform
Threat actors stole $29 million worth of crypto assets from Cream Finance
Microsoft Exchange ProxyToken flaw can allow attackers to read your emails
US DoJ announces the creation of Cyber Fellowship Program
ISRAELI FIRM ‘BRIGHT DATA’ (LUMINATI NETWORKS) ENABLED THE ATTACKS AGAINST KARAPATAN
CISA urges enterprises to fix Microsoft Azure Cosmos DB flaw
Boston Public Library discloses cyberattack
New variant of Konni RAT used in a campaign that targeted Russia
1 GB of data belonging to Puma available on Marketo
DDoS attacks target the Philippine human rights alliance Karapatan
Some Synology products impacted by recently disclosed OpenSSL flaws

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)

If you want to also receive for free the international press subscribe here.

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)

If you want to also receive for free the international press subscribe here.

Follow me on Twitter: @securityaffairs and Facebook

The post Security Affairs newsletter Round 330 appeared first on Security Affairs.

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Discord

Original Source