Threat Intel Solutions

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box.—————————————————————————————————————————————————–Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.[U.S. CISA adds Ivanti Cloud Services Appliance Vulnerability to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/168398/hacking/u-s-cisa-adds-ivanti-csa-vulnerability-to-its-known-exploited-vulnerabilities-catalog.html) [Ivanti Cloud Service Appliance flaw is being actively exploited in the wild](https://securityaffairs.com/168388/hacking/ivanti-csa-cve-2024-8190.html) [GitLab fixed a critical flaw in GitLab CE and GitLab EE](https://securityaffairs.com/168375/security/gitlab-ce-ee-critical-issue.html) [New Linux malware called Hadooken targets Oracle WebLogic servers](https://securityaffairs.com/168364/malware/hadooken-targets-oracle-weblogic-servers.html) [Lehigh Valley Health Network hospital network has agreed to a $65 million settlement after data breach](https://securityaffairs.com/168356/data-breach/lehigh-valley-health-network-settlement-data-breach.html) [Vo1d malware infected 1.3 Million Android-based TV Boxes in 197 countries](https://securityaffairs.com/168342/malware/vo1d-android-malware-tv-boxes.html) [Cybersecurity giant Fortinet discloses a data breach](https://securityaffairs.com/168332/data-breach/fortinet-disclosed-a-data-breach.html) [UK NCA arrested a teenager linked to the attack on Transport for London](https://securityaffairs.com/168327/cyber-crime/uk-nca-arrested-teenager-transport-for-london-attack.html) [Singapore Police arrest six men allegedly involved in a cybercrime syndicate](https://securityaffairs.com/168320/cyber-crime/singapore-police-arrested-6-men-cybercrime-ring.html) [Adobe Patch Tuesday security updates fixed multiple critical issues in the company’s products](https://securityaffairs.com/168313/security/adobe-patch-tuesday-sept-2024.html) [Highline Public Schools school district suspended its activities following a cyberattack](https://securityaffairs.com/168305/cyber-crime/highline-public-schools-school-district-cyberattack.html) [RansomHub ransomware gang relies on Kaspersky TDSKiller tool to disable EDR](https://securityaffairs.com/168296/malware/ransomhub-ransomware-tdskiller-disable-edr.html) [Ivanti fixed a maximum severity flaw in its Endpoint Management software (EPM)](https://securityaffairs.com/168286/security/ivanti-epm-critical-flaws.html) [Microsoft Patch Tuesday security updates for September 2024 addressed four actively exploited zero-days](https://securityaffairs.com/168279/security/microsoft-patch-tuesday-sept-2024.html) [Quad7 botnet evolves to more stealthy tactics to evade detection](https://securityaffairs.com/168250/malware/quad7-botnet-evolves.html) [Poland thwarted cyberattacks that were carried out by Russia and Belarus](https://securityaffairs.com/168258/cyber-warfare-2/poland-thwarted-cyberattacks-russia-and-belarus.html) [U.S. CISA adds SonicWall SonicOS, ImageMagick and Linux Kernel bugs to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/168251/security/u-s-cisa-adds-sonicwall-sonicos-imagemagick-and-linux-kernel-bugs-to-its-known-exploited-vulnerabilities-catalog.html) [Electronic payment gateway Slim CD disclosed a data breach impacting 1.7M individuals](https://securityaffairs.com/168229/data-breach/slim-cd-disclosed-a-data-breach.html) [Experts demonstrated how to bypass WhatsApp View Once feature](https://securityaffairs.com/168242/hacking/whatsapp-view-once-privacy-feature.html) [Predator spyware operation is back with a new infrastructure](https://securityaffairs.com/168222/intelligence/predator-spyware-new-infrastructure.html) [TIDRONE APT targets drone manufacturers in Taiwan](https://securityaffairs.com/168210/apt/tidrone-targets-organizations-taiwan.html) [Multiple malware families delivered exploiting GeoServer GeoTools flaw CVE-2024-36401](https://securityaffairs.com/168197/malware/geoserver-geotools-flaw-cve-2024-36401-malware.html) [Progress Software fixed a maximum severity flaw in LoadMaster](https://securityaffairs.com/168192/security/progress-software-emergency-loadmaster-flaw.html) [Feds indicted two alleged administrators of WWH Club dark web marketplace](https://securityaffairs.com/168177/cyber-crime/feds-indicted-admins-wwh-club-marketplace.html)**International Press — Newsletter****Cybercrime**[Russian And Kazakhstani Men Indicted For Running Dark Web Criminal Marketplaces, Forums, And Trainings](https://www.justice.gov/usao-mdfl/pr/russian-and-kazakhstani-men-indicted-running-dark-web-criminal-marketplaces-forums-and)[Sextortion scam now use your ‘cheating’ spouse’s name as a lure](https://www.bleepingcomputer.com/news/security/sextortion-scam-now-use-your-cheating-spouses-name-as-a-lure/)[Researchers trace massive data leak to US data broker: why should you care](https://cybernews.com/security/people-data-labs-data-leak/)[Cyber-Attack on Payment Gateway Exposes 1.7 Million Credit Card Details](https://www.infosecurity-magazine.com/news/cyber-attack-exposes-credit-card/)[Highline Public Schools closes schools following cyberattack](https://www.bleepingcomputer.com/news/security/highline-public-schools-closes-schools-following-cyberattack/)[In Wake of Durov Arrest, Some Cybercriminals Ditch Telegram](https://www.404media.co/in-wake-of-durov-arrest-some-cybercriminals-ditch-telegram/)[Six Persons To Be Charged For Offences In Relation To Illegal Cyber Activities](https://www.police.gov.sg/Media-Room/News/20240910_six_persons_to_be_charged_for_offences_in_relation_to_illegal_cyber_activities)[UK arrests teen linked to Transport for London cyber attack](https://www.bleepingcomputer.com/news/security/uk-arrests-teen-linked-to-transport-for-london-cyber-attack/)[Fortinet suffers third-party data breach affecting Asia-Pacific customers](https://www.cyberdaily.au/security/11098-fortinet-suffers-third-party-data-breach-affecting-asia-pacific-customers)**Malware**[Mythical Beasts and Where to Find Them: Mapping the Global Spyware Market and its Threats to National Security and Human Rights](https://dfrlab.org/2024/09/04/mythical-beasts-and-where-to-find-them-report/)[Malware’s Shared Secrets: Code Similarity Insights for Ransomware Gangs Activities Tracking](https://www.emanueledelucia.net/malwares-shared-secrets-code-similarity-insights-for-ransomware-gangs-activities-tracking/)[Mallox ransomware: in-depth analysis and evolution](https://securelist.com/mallox-ransomware/113529/)[A glimpse into the Quad7 operators’ next moves and associated botnets](https://blog.sekoia.io/a-glimpse-into-the-quad7-operators-next-moves-and-associated-botnets/)[Ajina attacks Central Asia: Story of an Uzbek Android Pandemic](https://www.group-ib.com/blog/ajina-malware/)[Void captures over a million Android TV boxes](https://news.drweb.com/show/?i=14900&lng=en)**Hacking**[Watch the Typo: Our PoC Exploit for Typosquatting in GitHub Actions](https://orca.security/resources/blog/typosquatting-in-github-actions/)[Threat Actors Exploit GeoServer Vulnerability CVE-2024-36401](https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401)[YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel](https://arstechnica.com/security/2024/09/yubikeys-are-vulnerable-to-cloning-attacks-thanks-to-newly-discovered-side-channel/)[Once and Forever: WhatsApp’s View Once Functionality is Broken](https://medium.com/@TalBeerySec/once-and-forever-whatsapps-view-once-functionality-is-broken-302a508390b0)[PIXHELL Attack: Leaking Sensitive Information from Air-Gap Computers via -`Singing Pixels’](https://arxiv.org/abs/2409.04930)[Critical SonicWall SSLVPN bug exploited in ransomware attacks](https://www.bleepingcomputer.com/news/security/critical-sonicwall-sslvpn-bug-exploited-in-ransomware-attacks/)[Flipper Zero releases Firmware 1.0 after three years of development](https://www.bleepingcomputer.com/news/hardware/flipper-zero-releases-firmware-10-after-three-years-of-development/)[DragonRank, a Chinese-speaking SEO manipulator service provider](https://blog.talosintelligence.com/dragon-rank-seo-poisoning/)[CVE-2024-29847 Deep Dive: Ivanti Endpoint Manager AgentPortal Deserialization of Untrusted Data Remote Code Execution Vulnerability](https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29847-deep-dive-ivanti-endpoint-manager-agentportal-deserialization-of-untrusted-data-remote-code-execution-vulnerability/)[Living off the land, GPO style](https://www.pentestpartners.com/security-blog/living-off-the-land-gpo-style/)**Intelligence and Information Warfare**[DeFied Expectations — Examining Web3 Heists](https://cloud.google.com/blog/topics/threat-intelligence/examining-web3-heists/)[Australian links revealed in global defence company scandal involving China, Russia and Iran](https://amp-abc-net-au.cdn.ampproject.org/c/s/amp.abc.net.au/article/104324088)[TIDRONE Targets Military and Satellite Industries in Taiwan](https://www.trendmicro.com/en_us/research/24/i/tidrone-targets-military-and-satellite-industries-in-taiwan.html)[MI6 and CIA warn of ‘reckless campaign of sabotage across Europe’ being waged by Russia](https://news-sky-com.cdn.ampproject.org/c/s/news.sky.com/story/amp/mi6-and-cia-warn-of-reckless-campaign-of-sabotage-across-europe-being-waged-by-russia-13210838)[Earth Preta Evolves its Attacks with New Malware and Strategies](https://www.trendmicro.com/en_us/research/24/i/earth-preta-new-malware-and-strategies.html)[Chinese APT Abuses VSCode to Target Government in Asia](https://unit42.paloaltonetworks.com/stately-taurus-abuses-vscode-southeast-asian-espionage/)[Poland neutralises sabotage group linked to Belarus and Russia](https://www.reuters.com/world/europe/poland-neutralises-sabotage-group-linked-belarus-russia-2024-09-09/)[Fake recruiter coding tests target devs with malicious Python packages](https://www.reversinglabs.com/blog/fake-recruiter-coding-tests-target-devs-with-malicious-python-packages)**Cybersecurity**[25 Ways to Make the SOC More Efficient and Avoid Team Burnout](https://cisoseries.com/25-ways-to-make-the-soc-more-efficient-and-avoid-team-burnout/)[An Open door](https://web-assets.claroty.com/team82-secure-access-report.pdf)[The September 2024 Security Update Review](https://www.zerodayinitiative.com/blog/2024/9/10/the-september-2024-security-update-review)[The rise of fake influencers](https://www.axios.com/2024/09/07/fake-ai-influencers-lil-miquela)[Bug Left Some Windows PCs Dangerously Unpatched](https://krebsonsecurity.com/2024/09/bug-left-some-windows-pcs-dangerously-unpatched/)[YARA Rule Crafting: A Deep Dive into Signature-Based Threat Hunting Strategies](https://cyberthreatintelligencenetwork.com/index.php/2024/09/11/yara-rule-crafting-a-deep-dive-into-signature-based-threat-hunting-strategies/)[WordPress.org to require 2FA for plugin developers by October](https://www.bleepingcomputer.com/news/security/wordpressorg-to-require-2fa-for-plugin-developers-by-october/)[Data Protection Commission launches inquiry into Google AI model](https://www.dataprotection.ie/en/news-media/press-releases/data-protection-commission-launches-inquiry-google-ai-model)[Building a Cybersecurity and Privacy Learning Program](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-50r1.pdf)[UK Data Centers Gain Critical Infrastructure Status, Raising Green Belt Controversy](https://www.securityweek.com/uk-data-centers-gain-critical-infrastructure-status-raising-green-belt-controversy/)[Record $65 Million Settlement Reached Between Saltz Mongeluzzi Bendesky and LVHN on Behalf of Cancer Patients Whose Nude Photos Were Hacked](https://www.smbb.com/news-article/record-65-million-settlement-reached-between-saltz-mongeluzzi-bendesky-and-lvhn-on-behalf-of-cancer-patients-whose-nude-photos-were-hacked/)[Facebook scrapes photos of kids from Australian user profiles to train its AI](https://www.malwarebytes.com/blog/news/2024/09/facebook-scrapes-photos-of-kids-from-australian-user-profiles-to-train-its-ai)[Global Cybersecurity Index](https://www.itu.int/en/ITU-D/Cybersecurity/Pages/global-cybersecurity-index.aspx)Follow me on Twitter: [**@securityaffairs**](https://twitter.com/securityaffairs) and [**Facebook**](https://www.facebook.com/sec.affairs) and [Mastodon](https://infosec.exchange/@securityaffairs)[**Pierluigi Paganini**](http://www.linkedin.com/pub/pierluigi-paganini/b/742/559)**(** [**SecurityAffairs**](http://securityaffairs.co/wordpress/)**–** **hacking, newsletter)**

Related Tags:
CVE-2024-36401

NAICS: 485 – Transit And Ground Passenger Transportation

NAICS: 48 – Transportation

NAICS: 921 – Executive

Legislative

Other General Government Support

NAICS: 61 – Educational Services

NAICS: 611 – Educational Services

NAICS: 54 – Professional

Scientific

Technical Services

NAICS: 335 – Electrical Equipment

Appliance

Component Manufacturing

NAICS: 62 – Health Care And Social Assistance

Associated Indicators: