Threat Intel Solutions

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box.—————————————————————————————————————————————————–Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.[U.S. CISA adds Draytek VigorConnect and Kingsoft WPS Office bugs to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/168153/security/cisa-draytek-vigorconnect-kingsoft-wps-office-bugs-known-exploited-vulnerabilities-catalog.html) [A flaw in WordPress LiteSpeed Cache Plugin allows account takeover](https://securityaffairs.com/168145/security/litespeed-cache-plugin-wordpress-flaw.html) [Car rental company Avis discloses a data breach](https://securityaffairs.com/168119/data-breach/car-rental-giant-avis-discloses-data-breach.html) [SonicWall warns that SonicOS bug exploited in attacks](https://securityaffairs.com/168112/hacking/sonicwall-sonicos-bug-exploited.html) [Apache fixed a new remote code execution flaw in Apache OFBiz](https://securityaffairs.com/168106/security/apache-ofbiz-rce-cve-2024-45195.html) [Russia-linked GRU Unit 29155 targeted critical infrastructure globally](https://securityaffairs.com/168095/cyber-warfare-2/russia-gru-unit-29155-critical-infrastructure.html) [Veeam fixed a critical flaw in Veeam Backup -& Replication software](https://securityaffairs.com/168088/security/veeam-backup-replication-cve-2024-40711.html) [Earth Lusca adds multiplatform malware KTLVdoor to its arsenal](https://securityaffairs.com/168078/malware/earth-lusca-malware-ktlvdoor.html) [Is Russian group APT28 behind the cyber attack on the German air traffic control agency (DFS)?](https://securityaffairs.com/168070/apt/apt28-cyber-attack-german-air-traffic-control-agency-dfs.html) [Quishing, an insidious threat to electric car owners](https://securityaffairs.com/168059/hacking/quishing-electric-car-owners.html) [Google fixed actively exploited Android flaw CVE-2024-32896](https://securityaffairs.com/168047/mobile-2/google-fixed-actively-exploited-android-flaw-cve-2024-32896.html) [Discontinued D-Link DIR-846 routers are affected by code execution flaws. Replace them!](https://securityaffairs.com/168041/security/d-link-dir-846-routers-code-execution-flaws.html) [Head Mare hacktivist group targets Russia and Belarus](https://securityaffairs.com/168030/hacktivism/head-mare-hacktivist-group-winrar.html) [Zyxel fixed critical OS command injection flaw in multiple routers](https://securityaffairs.com/168020/security/zyxel-os-command-injection-flaw-cve-2024-7261.html) [VMware fixed a code execution flaw in Fusion hypervisor](https://securityaffairs.com/168009/security/vmware-fusion-cve-2024-38811.html) [U.S. oil giant Halliburton disclosed a data breach](https://securityaffairs.com/168002/data-breach/halliburton-data-breach.html) [Vulnerabilities in Microsoft apps for macOS allow stealing permissions](https://securityaffairs.com/167973/hacking/microsoft-apps-for-macos-flaws.html) [Three men plead guilty to running MFA bypass service OTP.Agency](https://securityaffairs.com/167958/cyber-crime/otp-agency-operators-pleaded-guilty.html) [Transport for London (TfL) is dealing with an ongoing cyberattack](https://securityaffairs.com/167946/hacking/transport-for-london-tfl-ongoing-cyberattack.html) [Lockbit gang claims the attack on the Toronto District School Board (TDSB)](https://securityaffairs.com/167934/cyber-crime/lockbit-ransomware-toronto-district-school-board.html) [A new variant of Cicada ransomware targets VMware ESXi systems](https://securityaffairs.com/167897/cyber-crime/a-new-variant-of-cicada-ransomware-targets-vmware-esxi-systems.html) [An air transport security system flaw allowed to bypass airport security screenings](https://securityaffairs.com/167862/hacking/air-transport-security-systems-critical-flaw.html)**International Press — Newsletter****Cybercrime**[Cambodian scam giant handled $49 billion in crypto transactions since 2021, researchers say](https://therecord.media/cambodian-scam-giant-handled-billions-in-transactions)[Toronto school board confirms students’ info stolen as LockBit claims breach](https://therecord.media/toronto-school-district-board-ransomware)[Owners of 1-Time Passcode Theft Service Plead Guilty](https://krebsonsecurity.com/2024/09/owners-of-1-time-passcode-theft-service-plead-guilty/)[Spoofed GlobalProtect Used to Deliver Unique WikiLoader Variant](https://unit42.paloaltonetworks.com/global-protect-vpn-spoof-distributes-wikiloader/)[Exclusive: LockBit 3.0 appears to be duplicating old listings as Design Intoto named a second time](https://www.cyberdaily.au/security/11051-exclusive-lockbit-3-0-appears-to-be-duplicating-old-listings-as-design-intoto-named-a-second-time)[Malla: Demystifying Real-world Large Language Model Integrated Malicious Services](https://arxiv.org/abs/2401.03315)[EXPOSED: OnlyFans Hack Gone Wrong — How Cyber Criminals Turn into Victims Overnight](https://veriti.ai/blog/exposed-onlyfans-hack-gone-wrong-how-cyber-criminals-turn-into-victims-overnight/)[Planned Parenthood confirms cyberattack as RansomHub claims breach](https://www.bleepingcomputer.com/news/security/planned-parenthood-confirms-cyberattack-as-ransomhub-claims-breach/)[Russian authorities able to identify train saboteur from anonymous Telegram account](https://therecord.media/telegram-russia-train-sabotage-investigation)**Malware**[BlackSuit Ransomware](https://thedfirreport.com/2024/08/26/blacksuit-ransomware/)[Year-Long Campaign of Malicious npm Packages Targeting Roblox Users](https://checkmarx.com/blog/year-long-campaign-of-malicious-npm-packages-targeting-roblox-users/)[Rocinante: The trojan horse that wanted to fly](https://www.threatfabric.com/blogs/the-trojan-horse-that-wanted-to-fly-rocinante)[Earth Lusca Uses KTLVdoor Backdoor for Multiplatform Intrusion](https://www.trendmicro.com/en_us/research/24/i/earth-lusca-ktlvdoor.html)[FBI: Play ransomware gang has attacked 300 orgs since 2022](https://therecord.media/play-ransomware-targets-hundreds)[New Android SpyAgent Campaign Steals Crypto Credentials via Image Recognition](https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-android-spyagent-campaign-steals-crypto-credentials-via-image-recognition/)**Hacking**[Bypassing airport security via SQL injection](https://ian.sh/tsa)[Dragon Hactivists on Prowl](https://deccancouncil.in/2024/08/malicious-hactivists-of-china-and-its-allies-are-on-prowl/)[Hiding in plain sight: Techniques and defenses against -`/proc-` filesystem manipulation in Linux](https://www.group-ib.com/blog/linux-pro-manipulation/)[How multiple vulnerabilities in Microsoft apps for macOS pave the way to stealing permissions](https://blog.talosintelligence.com/how-multiple-vulnerabilities-in-microsoft-apps-for-macos-pave-the-way-to-stealing-permissions/)[Learning Rust for fun and backdoo-rs](https://security.humanativaspa.it/learning-rust-for-fun-and-backdoo-rs/)[Head Mare: adventures of a unicorn in Russia and Belarus](https://securelist.com/head-mare-hacktivists/113555/)[Earth Lusca Uses KTLVdoor Backdoor for Multiplatform Intrusion](https://www.trendmicro.com/en_us/research/24/i/earth-lusca-ktlvdoor.html)[Windows Wi-Fi Driver RCE Vulnerability — CVE-2024-30078](https://www.crowdfense.com/windows-wi-fi-driver-rce-vulnerability-cve-2024-30078/)[Advanced forensic techniques for recovering hidden data in wearable devices](https://www.pentestpartners.com/security-blog/advanced-forensic-techniques-for-recovering-hidden-data-in-wearable-devices/)[Recent SonicWall Firewall Vulnerability Potentially Exploited in the Wild](https://www.securityweek.com/recent-sonicwall-firewall-vulnerability-potentially-exploited-in-the-wild/)[Threat Actors Exploit GeoServer Vulnerability CVE-2024-36401](https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401)**Intelligence and Information Warfare**[The Geopolitics of Cyber Espionage Goes Far Beyond Sensitive Information Theft](https://www.oodaloop.com/archive/2024/08/22/the-geopolitics-of-cyber-espionage-goes-far-beyond-sensitive-information-theft/)[Social Media as an Intelligence Tool for Information Warfare](https://www.linkedin.com/pulse/social-media-intelligence-tool-information-warfare-dr-paul-de-souza-iuzce/)[NATO Wants to Boost Its Undersea Defenses](https://foreignpolicy.com/2024/06/24/nato-undersea-cable-network-russia-infrastructure-defense/)[German air traffic control was attacked by pro-Russian hackers](https://www.eurointegration.com.ua/news/2024/09/1/7193303/)[Russian Military Cyber Actors Target US and Global Critical Infrastructure](https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-249a)[NSA’s China-focused ‘innovation pipeline’ targets economic imbalances](https://www.defenseone.com/defense-systems/2024/08/nsas-china-focused-innovation-pipeline-targets-economic-imbalances/399226/)[US cracks down on Russian disinformation before 2024 election](https://www.bleepingcomputer.com/news/security/us-cracks-down-on-russian-disinformation-before-2024-election/)[BlindEagle Targets Colombian Insurance Sector with BlotchyQuasar](https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar)[Chinese APT Abuses VSCode to Target Government in Asia](https://unit42.paloaltonetworks.com/stately-taurus-abuses-vscode-southeast-asian-espionage/)[With charges and sanctions, US takes aim at Russian disinformation ahead of November election](https://apnews.com/article/russia-justice-department-election-foreign-influence-4888f4bfc61e46173101060ad0321d2f)[North Korea Aggressively Targeting Crypto Industry with Well-Disguised Social Engineering Attacks](https://www.ic3.gov/Media/Y2024/PSA240903)**Cybersecurity**[A concrete example of ES-|QL and SOC detection rules](https://www.neteye-blog.com/2024/08/a-concrete-example-of-esql-and-soc-detection-rules/)[TfL faces ‘ongoing cyber security incident’](https://www.bbc.com/news/articles/cd9dpek1883o)[What is the future of cross-border data flows?](https://www.chathamhouse.org/events/all/research-event/what-future-cross-border-data-flows)[Managing Cybersecurity in the Age of Artificial Intelligence](https://iveybusinessjournal.com/managing-cybersecurity-in-the-age-of-artificial-intelligence/) [](https://thehackernews.com/2024/09/clearview-ai-faces-305m-fine-for.html)[Clearview AI Faces €30.5M Fine for Building Illegal Facial Recognition Database](https://thehackernews.com/2024/09/clearview-ai-faces-305m-fine-for.html)[X is hiring staff for security and safety after two years of layoffs](https://techcrunch.com/2024/09/04/x-is-hiring-staff-for-security-and-safety-after-two-years-of-layoffs/)[Critical Account Takeover Vulnerability Patched in LiteSpeed Cache Plugin](https://patchstack.com/articles/critical-account-takeover-vulnerability-patched-in-litespeed-cache-plugin/)[A scientific approach to eavesdropping via HDMI](https://www.kaspersky.com/blog/deep-tempest-side-channel-hdmi/52058/)Follow me on Twitter: [**@securityaffairs**](https://twitter.com/securityaffairs) and [**Facebook**](https://www.facebook.com/sec.affairs) and [Mastodon](https://infosec.exchange/@securityaffairs)[**Pierluigi Paganini**](http://www.linkedin.com/pub/pierluigi-paganini/b/742/559)**(** [**SecurityAffairs**](http://securityaffairs.co/wordpress/)**–** **hacking, newsletter)**

Related Tags:
ControlX

CHROMIUM

Charcoal Typhoon

FROZENLAKE

Forest Blizzard

CVE-2024-36401

CVE-2024-32896

CVE-2024-30078

NAICS: 485 – Transit And Ground Passenger Transportation

Associated Indicators: