A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box.—————————————————————————————————————————————————–Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.[North Korea-linked APT Citrine Sleet exploit Chrome zero-day to deliver FudModule rootkit](https://securityaffairs.com/167848/breaking-news/north-korea-linked-apt-exploited-chrome-zero-day-cve-2024-7971.html) [Fortra fixed two severe issues in FileCatalyst Workflow, including a critical flaw](https://securityaffairs.com/167838/security/fortra-filecatalyst-critical-workflow.html) [Threat actors exploit Atlassian Confluence bug in cryptomining campaigns](https://securityaffairs.com/167813/cyber-crime/atlassian-confluence-data-center-confluence-server-cryptocurrency-mining-campaigns.html) [Russia-linked APT29 reused iOS and Chrome exploits previously developed by NSO Group and Intellexa](https://securityaffairs.com/167797/apt/apt29-nso-group-and-intellexa-mobile-exploits.html) [Cisco addressed a high-severity flaw in NX-OS software](https://securityaffairs.com/167785/security/cisco-high-severity-flaw-nx-os.html) [Corona Mirai botnet spreads via AVTECH CCTV zero-day](https://securityaffairs.com/167764/malware/corona-mirai-botnet-avtech-cctv-zero-day.html) [Telegram CEO Pavel Durov charged in France for facilitating criminal activities](https://securityaffairs.com/167739/security/pavel-durov-charged-with-various-criminal-activities.html) [Iran-linked group APT33 adds new Tickler malware to its arsenal](https://securityaffairs.com/167730/apt/apt33-used-new-tickler-malware.html) [U.S. CISA adds Google Chromium V8 bug to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/167722/security/u-s-cisa-adds-google-chromium-v8-bug-known-exploited-vulnerabilities-catalog.html) [Young Consulting data breach impacts 954,177 individuals](https://securityaffairs.com/167714/data-breach/blacksuit-group-attack-young-consulting.html) [BlackByte Ransomware group targets recently patched VMware ESXi flaw CVE-2024-37085](https://securityaffairs.com/167695/malware/blackbyte-ransomware-vmware-esxi-flaw.html) [US offers $2.5M reward for Belarusian man involved in mass malware distribution](https://securityaffairs.com/167684/cyber-crime/belarusian-man-mass-malware-distribution.html) [U.S. CISA adds Apache OFBiz bug to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/167676/uncategorized/u-s-cisa-apache-ofbiz-known-exploited-vulnerabilities-catalog.html) [Critical flaw in WPML WordPress plugin impacts 1M websites](https://securityaffairs.com/167673/hacking/wpml-wordpress-plugin-rce-1m-websites.html) [China-linked APT Volt Typhoon exploited a zero-day in Versa Director](https://securityaffairs.com/167658/apt/volt-typhoon-versa-director-zero-day.html) [Researchers unmasked the notorious threat actor USDoD](https://securityaffairs.com/167646/cyber-crime/researchers-unmasked-usdod.html) [The Dutch Data Protection Authority (DPA) has fined Uber a record €290M](https://securityaffairs.com/167606/digital-id/dutch-dpa-fined-uber-e290m.html) [Google addressed the tenth actively exploited Chrome zero-day this year](https://securityaffairs.com/167631/hacking/10th-google-chrome-zero-day-this-year.html) [SonicWall addressed an improper access control issue in its firewalls](https://securityaffairs.com/167595/security/sonicwall-sonicos-cve-2024-40766.html) [A cyberattack impacted operations at the Port of Seattle and Sea-Tac Airport](https://securityaffairs.com/167581/hacking/port-of-seattle-sea-tac-airport-cyberattack.html) [Linux malware sedexp uses udev rules for persistence and evasion](https://securityaffairs.com/167567/malware/linux-malware-sedexp.html) [France police arrested Telegram CEO Pavel Durov](https://securityaffairs.com/167556/cyber-crime/police-arrested-telegram-ceo-pavel-durov.html) [U.S. CISA adds Versa Director bug to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/167534/hacking/cisa-adds-versa-director-bug-known-exploited-vulnerabilities-catalog.html)**International Press — Newsletter****Cybercrime**[Telegram messaging app CEO Durov arrested in France](https://www.reuters.com/world/europe/telegram-messaging-app-ceo-pavel-durov-arrested-france-tf1-tv-says-2024-08-24/)[Thousands of travelers, airport operations impacted by Port of Seattle cyberattack](https://komonews.com/news/local/port-of-seattle-hit-by-potential-cyberattack-still-impacting-airport-operations-cyber-attack-airport-flying-airplanes-seattle-tacoma-sea-travel-sunday-operations-urges-outage-airlines)[Hacker who stole 3 billion US data was discovered and is Brazilian](https://www.tecmundo.com.br/seguranca/288570-hacker-roubou-3-bilhoes-dados-eua-descoberto-brasileiro.htm)[Pressure Grows in Congress to Treat Crypto Investigator Tigran Gambaryan, Jailed in Nigeria, as a Hostage](https://www.wired.com/story/tigran-gambaryan-us-congress-resolution-hostage-nigeria/)[Reward for Information: Belarusian National Volodymyr Kadariya](https://www.state.gov/reward-for-information-volodymyr-kadariya/)[Phishing in Style: Microsoft Sway Abused to Deliver Quishing Attacks](https://www.netskope.com/blog/phishing-in-style-microsoft-sway-abused-to-deliver-quishing-attacks)[French Authorities Charge Telegram CEO with Facilitating Criminal Activities on Platform](https://thehackernews.com/2024/08/french-authorities-charge-telegram-ceo.html)[Scam Sites at Scale: LLMs Fueling a GenAI Criminal Revolution](https://www.netcraft.com/blog/llms-fueling-gen-ai-criminal-revolution/)[2 men from Europe charged with ‘swatting’ plot targeting former US president and members of Congress](https://apnews.com/article/swatting-indictment-serbia-romania-3529ad6b490d71df39a852a64be2fe36)**Malware**[Unveiling ‘sedexp’: A Stealthy Linux Malware Exploiting udev Rules](https://www.aon.com/en/insights/cyber-labs/unveiling-sedexp)[Malware infiltrates Pidgin messenger’s official plugin repository](https://www.bleepingcomputer.com/news/security/malware-infiltrates-pidgin-messengers-official-plugin-repository/)[RansomHub ransomware-as-a-service](https://www.group-ib.com/blog/ransomhub-raas/)[StopRansomware: RansomHub Ransomware](https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-242a)[The Malware That Must Not Be Named: Suspected Espionage Campaign Delivers ‘Voldemort’](https://www.proofpoint.com/us/blog/threat-insight/malware-must-not-be-named-suspected-espionage-campaign-delivers-voldemort)**Hacking**[WPML Multilingual CMS Authenticated Contributor+ Remote Code Execution (RCE) via Twig Server-Side Template Injection (SSTI)](https://sec.stealthcopter.com/wpml-rce-via-twig-ssti/)[Identify and Exploit Vulnerabilities in Routers: An Introductory Guide -& Technical Case Studies](https://medium.com/@odedvk/identify-and-exploit-vulnerabilities-in-routers-an-introductory-guide-technical-case-studies-fe5384fef792)[How to discover a major hacker’s identity with OSINT — Solution 1](https://predictalab.medium.com/how-to-discover-a-major-hackers-identity-with-osint-solution-1-625deff0f0ac)[May 2024 Cyber Attacks Statistics](https://www.hackmageddon.com/2024/08/29/may-2024-cyber-attacks-statistics/)[Beware the Unpatchable: Corona Mirai Botnet Spreads via Zero-Day](https://www.akamai.com/blog/security-research/2024-corona-mirai-botnet-infects-zero-day-sirt)[Linux Detection Engineering — A Sequel on Persistence Mechanism](https://www.elastic.co/security-labs/sequel-on-persistence-mechanisms)[How AitM Phishing Attacks Bypass MFA and EDR—and How to Fight Back](https://thehackernews.com/2024/08/how-to-stop-aitm-phishing-attack.html)[Analysis of two arbitrary code execution vulnerabilities affecting WPS Office](https://www.welivesecurity.com/en/eset-research/analysis-of-two-arbitrary-code-execution-vulnerabilities-affecting-wps-office/)[Threat Actors Target the Middle East Using Fake Palo Alto GlobalProtect Tool](https://www.trendmicro.com/en_us/research/24/h/threat-actors-target-middle-east-using-fake-tool.html)[When Get-Out-The-Vote Efforts Look Like Phishing](https://krebsonsecurity.com/2024/08/when-get-out-the-vote-efforts-look-like-phishing/)[Bypassing airport security via SQL injection](https://ian.sh/tsa)**Intelligence and Information Warfare**[New 0-Day Attacks Linked to China’s ‘Volt Typhoon’](https://krebsonsecurity.com/2024/08/new-0-day-attacks-linked-to-chinas-volt-typhoon/)[Taking the Crossroads: The Versa Director Zero-Day Exploitation](https://blog.lumen.com/taking-the-crossroads-the-versa-director-zero-day-exploitation/)[South Korea’s ‘Pseudo Hunter’ APT organization uses multiple domestic software vulnerabilities to attack China](https://mp.weixin.qq.com/s/F8hNyESBdKhwXkQPgtGpew)[Peach Sandstorm deploys new custom Tickler malware in long-running intelligence gathering operations](https://www.microsoft.com/en-us/security/blog/2024/08/28/peach-sandstorm-deploys-new-custom-tickler-malware-in-long-running-intelligence-gathering-operations/)[Telegram Founder Was Wooed and Targeted by Governments](https://www.wsj.com/world/who-is-pavel-durov-telegram-founder-9b43eb5a)[I Spy With My Little Eye: Uncovering an Iranian Counterintelligence Operation](https://cloud.google.com/blog/topics/threat-intelligence/uncovering-iranian-counterintelligence-operation)[Russian government hackers found using exploits made by spyware companies NSO and Intellexa](https://techcrunch.com/2024/08/29/russian-government-hackers-found-using-exploits-made-by-spyware-companies-nso-and-intellexa/)[State-backed attackers and commercial surveillance vendors repeatedly use the same exploits](https://blog.google/threat-analysis-group/state-backed-attackers-and-commercial-surveillance-vendors-repeatedly-use-the-same-exploits/)[CISA and Partners Release Advisory on Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations](https://www.cisa.gov/news-events/alerts/2024/08/28/cisa-and-partners-release-advisory-iran-based-cyber-actors-enabling-ransomware-attacks-us)[North Korean threat actor Citrine Sleet exploiting Chromium zero-day](https://www.microsoft.com/en-us/security/blog/2024/08/30/north-korean-threat-actor-citrine-sleet-exploiting-chromium-zero-day/)[North Korea Still Attacking Developers via npm](https://blog.phylum.io/north-korea-still-attacking-developers-via-npm/)**Cybersecurity**[FAA to issue cyber rule for newly built airplanes and equipment](https://cyberscoop.com/faa-rule-cyber-airplane/)[SonicWall Issues Critical Patch for Firewall Vulnerability Allowing Unauthorized Access](https://thehackernews.com/2024/08/sonicwall-issues-critical-patch-for.html)[Dutch DPA imposes a fine of 290 million euro on Uber because of transfers of drivers’ data to the US](https://www.autoriteitpersoonsgegevens.nl/en/current/dutch-dpa-imposes-a-fine-of-290-million-euro-on-uber-because-of-transfers-of-drivers-data-to-the-us)[Research AI model unexpectedly attempts to modify its own code to extend runtime](https://arstechnica.com/information-technology/2024/08/research-ai-model-unexpectedly-modified-its-own-code-to-extend-runtime/) [](https://www.theregister.com/2024/08/28/aspi_china_satellite_broadband_risk/)[Chinese broadband satellites may be Beijing’s flying spying censors, think tank warns](https://www.theregister.com/2024/08/28/aspi_china_satellite_broadband_risk/)[Signal Is More Than Encrypted Messaging. Under Meredith Whittaker, It’s Out to Prove Surveillance Capitalism Wrong](https://www.wired.com/story/meredith-whittaker-signal/)[EU investigating Telegram over user numbers](https://www.ft.com/content/1f96e66d-00fe-46ca-9cb8-73e526125922)[Cryptojacking via CVE-2023-22527: Dissecting a Full-Scale Cryptomining Ecosystem](https://www.trendmicro.com/en_us/research/24/h/cve-2023-22527-cryptomining.html)Follow me on Twitter: [**@securityaffairs**](https://twitter.com/securityaffairs) and [**Facebook**](https://www.facebook.com/sec.affairs) and [Mastodon](https://infosec.exchange/@securityaffairs)[**Pierluigi Paganini**](http://www.linkedin.com/pub/pierluigi-paganini/b/742/559)**(** [**SecurityAffairs**](http://securityaffairs.co/wordpress/)**–** **hacking, newsletter)**
Related Tags:
ControlX
CHROMIUM
Charcoal Typhoon
Midnight Blizzard
CVE-2024-37085
NAICS: 485 – Transit And Ground Passenger Transportation
NAICS: 48 – Transportation
NAICS: 921 – Executive
Legislative
Other General Government Support
NAICS: 54 – Professional
Scientific
Technical Services
Associated Indicators: