Threat Intel Solutions

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box.—————————————————————————————————————————————————–Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.[A cyberattack on gambling giant IGT disrupted portions of its IT systems](https://securityaffairs.com/171311/hacking/cyberattack-on-gambling-giant-igt.html) [China-linked APT Gelsemium uses a new Linux backdoor dubbed WolfsBane](https://securityaffairs.com/171299/apt/china-linked-apt-gelsemium-linux-backdoor.html) [Microsoft seized 240 sites used by the ONNX phishing service](https://securityaffairs.com/171287/cyber-crime/microsoft-disrupted-the-onnx-phishing-service.html) [U.S. CISA adds Apple, Oracle Agile PLM bugs to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/171282/security/u-s-cisa-adds-apple-oracle-agile-plm-bugs-to-its-known-exploited-vulnerabilities-catalog.html) [More than 2,000 Palo Alto Networks firewalls hacked exploiting recently patched zero-days](https://securityaffairs.com/171268/hacking/palo-alto-networks-firewalls-hacked-zero-days.html) [Ransomhub ransomware gang claims the hack of Mexican government Legal Affairs Office](https://securityaffairs.com/171257/data-breach/mexico-suffers-ransomware-attack.html) [US DoJ charges five alleged members of the Scattered Spider cybercrime gang](https://securityaffairs.com/171249/cyber-crime/doj-charged-five-suspects-scattered-spider.html) [Threat actor sells data of over 750,000 patients from a French hospital](https://securityaffairs.com/171238/data-breach/sale-750000-patients-french-hospital.html) [Decade-old local privilege escalation bugs impacts Ubuntu needrestart package](https://securityaffairs.com/171228/security/privilege-escalation-bugs-ubuntu-needrestart-package.html) [Ford data breach involved a third-party supplier](https://securityaffairs.com/171217/breaking-news/ford-admits-data-breach-linked-third-party-supplier.html) [Hacker obtained documents tied to lawsuit over Matt Gaetz’s sexual misconduct allegations](https://securityaffairs.com/171207/security/matt-gaetzs-sexual-misconduct-allegations-doc-compromised.html) [Apple addressed two actively exploited zero-day vulnerabilities](https://securityaffairs.com/171202/security/apple-fixed-2-actively-exploited-zero-day-bugs.html) [Unsecured JupyterLab and Jupyter Notebooks servers abused for illegal streaming of Sports events](https://securityaffairs.com/171193/cyber-crime/misconfigured-jupyterlab-and-jupyter-notebooks-illegal-live-sports-streaming.html) [Russian Phobos ransomware operator faces cybercrime charges](https://securityaffairs.com/171184/cyber-crime/phobos-ransomware-operator-faces-cybercrime-charges.html) [China-linked actor’s malware DeepData exploits FortiClient VPN zero-day](https://securityaffairs.com/171173/security/china-linked-actors-malware-deepdata-exploits-forticlient-vpn-zero-day.html) [U.S. CISA adds Progress Kemp LoadMaster, Palo Alto Networks PAN-OS and Expedition bugs to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/171168/security/u-s-cisa-progress-kemp-loadmaster-palo-alto-networks-pan-os-and-expedition-bugs-known-exploited-vulnerabilities-catalog.html) [Great Plains Regional Medical Center ransomware attack impacted 133,000 individuals](https://securityaffairs.com/171156/data-breach/great-plains-regional-medical-center-data-breach.html) [Recently disclosed VMware vCenter Server bugs are actively exploited in attacks](https://securityaffairs.com/171147/security/vmware-vcenter-server-bugs-actively-exploited.html) [Foreign adversary hacked email communications of the Library of Congress says](https://securityaffairs.com/171138/data-breach/library-of-congress-email-communications-hacked.html) [T-Mobile is one of the victims of the massive Chinese breach of telecom firms](https://securityaffairs.com/171127/apt/t-mobile-victim-chinese-breach-of-telco-firms.html) [Increased GDPR Enforcement Highlights the Need for Data Security](https://securityaffairs.com/171114/security/increased-gdpr-highlights-need-data-security.html) [Critical Really Simple Security plugin flaw impacts 4M+ WordPress sites](https://securityaffairs.com/171100/hacking/really-simple-security-plugin-flaw-affects-4m-sites.html) [A botnet exploits e GeoVision zero-day to compromise EoL devices](https://securityaffairs.com/171067/malware/ddos-botnet-exploits-geovision-zero-day.html)**International Press — Newsletter****Cybercrime**[Ransomware Attack on Oklahoma Medical Center Impacts 133,000](https://www.securityweek.com/ransomware-attack-on-oklahoma-medical-center-impacts-133000/)[Inside Intelligence Center: Financially Motivated Chinese Threat Actor SilkSpecter Targeting Black Friday Shoppers](https://blog.eclecticiq.com/inside-intelligence-center-financially-motivated-chinese-threat-actor-silkspecter-targeting-black-friday-shoppers)[Phobos Ransomware Administrator Extradited from South Korea to Face Cybercrime Charges](https://www.justice.gov/opa/pr/phobos-ransomware-administrator-extradited-south-korea-face-cybercrime-charges)[Ransomware gang Akira leaks unprecedented number of victims’ data in one day](https://therecord.media/akira-ransomware-group-publishes-unprecedented-leak-data)[Ford investigates alleged breach following customer data leak](https://www.bleepingcomputer.com/news/security/ford-investigates-alleged-breach-following-customer-data-leak/)[5 Defendants Charged Federally with Running Scheme that Targeted Victim Companies via Phishing Text Messages](https://www.justice.gov/usao-cdca/pr/5-defendants-charged-federally-running-scheme-targeted-victim-companies-phishing-text)[Targeting the Cybercrime Supply Chain](https://blogs.microsoft.com/on-the-issues/2024/11/21/targeting-the-cybercrime-supply-chain/)[Cyberattack Disrupts Systems of Gambling Giant IGT](https://www.securityweek.com/cyberattack-disrupts-systems-of-gambling-giant-igt/)[Justice Department Seizes Cybercrime Website and Charges Its Administrators](https://www.justice.gov/opa/pr/justice-department-seizes-cybercrime-website-and-charges-its-administrators)**Malware**[Fake AI video generators infect Windows, macOS with infostealers](https://www.bleepingcomputer.com/news/security/fake-ai-video-generators-infect-windows-macos-with-infostealers/)[How Italy became an unexpected spyware hub](https://therecord.media/how-italy-became-an-unexpected-spyware-hub)[Babble Babble Babble Babble Babble Babble BabbleLoader](https://intezer.com/blog/research/babble-babble-babble-babble-babble-babble-babbleloader/)[One Sock Fits All: The use and abuse of the NSOCKS botnet](https://blog.lumen.com/one-sock-fits-all-the-use-and-abuse-of-the-nsocks-botnet/)[StopRansomware: BianLian Data Extortion Group](https://www.cisa.gov/news-events/alerts/2024/11/20/cisa-and-partners-release-update-bianlian-ransomware-cybersecurity-advisory)**Hacking**[4,000,000 WordPress Sites Using Really Simple Security Free and Pro Versions Affected by Critical Authentication Bypass Vulnerability](https://www.wordfence.com/blog/2024/11/really-simple-security-vulnerability/)[Threat Actors Hijack Misconfigured Servers for Live Sports Streaming](https://www.aquasec.com/blog/threat-actors-hijack-misconfigured-servers-for-live-sports-streaming/)[Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities](https://thehackernews.com/2024/11/apple-releases-urgent-updates-to-patch.html)[Hacker Is Said to Have Gained Access to File With Damaging Testimony About Gaetz](https://www.nytimes.com/2024/11/19/us/politics/matt-gaetz-hack-testimony.html)[Qualys TRU Uncovers Five Local Privilege Escalation Vulnerabilities in needrestart](https://blog.qualys.com/vulnerabilities-threat-research/2024/11/19/qualys-tru-uncovers-five-local-privilege-escalation-vulnerabilities-in-needrestart)[Threat Brief: Operation Lunar Peek, Activity Related to CVE-2024-0012 and CVE-2024-9474 (Updated Nov. 20)](https://unit42.paloaltonetworks.com/cve-2024-0012-cve-2024-9474/#post-137539-_ydqdbjg0dngh)[The Dark Side of Trust: Authority Citation-Driven Jailbreak Attacks on Large Language Models](https://arxiv.org/abs/2411.11407)**Intelligence and Information Warfare**[T-Mobile Hacked in Massive Chinese Breach of Telecom Networks](https://www.wsj.com/politics/national-security/t-mobile-hacked-in-massive-chinese-breach-of-telecom-networks-4b2d7f92)[Library of Congress emails hacked by ‘adversary’](https://www.nbcwashington.com/news/local/library-of-congress-emails-hacked-by-adversary/3771067/)[BrazenBamboo Weaponizes FortiClient Vulnerability to Steal VPN Credentials via DEEPDATA](https://www.volexity.com/blog/2024/11/15/brazenbamboo-weaponizes-forticlient-vulnerability-to-steal-vpn-credentials-via-deepdata/)[Unveiling WolfsBane: Gelsemium’s Linux counterpart to Gelsevirine](https://www.welivesecurity.com/en/eset-research/unveiling-wolfsbane-gelsemiums-linux-counterpart-to-gelsevirine/#Technical%20analysis)[DPRK IT Workers -| A Network of Active Front Companies and Their Links to China](https://www.sentinelone.com/labs/dprk-it-workers-a-network-of-active-front-companies-and-their-links-to-china/)[The Nearest Neighbor Attack: How A Russian APT Weaponized Nearby Wi-Fi Networks for Covert Access](https://www.volexity.com/blog/2024/11/22/the-nearest-neighbor-attack-how-a-russian-apt-weaponized-nearby-wi-fi-networks-for-covert-access/)**Cybersecurity**[CISA Director Jen Easterly to depart on Inauguration Day](https://www.nextgov.com/people/2024/11/cisa-director-jen-easterly-depart-inauguration-day/401036/)[The Silent AI Leader Nobody is Talking About](https://analyticsindiamag.com/ai-breakthroughs/the-silent-ai-leader-nobody-is-talking-about/)[The AI Illusion: Navigating the Reality of Machine Learning in Cybersecurity](https://www.linkedin.com/pulse/ai-illusion-navigating-reality-machine-learning-nasser-prakash-v2pxc/)[Roles and Responsibilities Framework for Artificial Intelligence in Critical Infrastructure](https://www.dhs.gov/publication/roles-and-responsibilities-framework-artificial-intelligence-critical-infrastructure)[CWE Top 25 Most Dangerous Software Weaknesses](https://cwe.mitre.org/top25/)[Navigating cybersecurity investments in the time of NIS 2](https://www.enisa.europa.eu/news/navigating-cybersecurity-investments-in-the-time-of-nis-2)[Vulnerabilities in VPNs Paper presented at the Privacy Enhancing Technologies Symposium 2024](https://citizenlab.ca/2024/07/vulnerabilities-in-vpns-paper-presented-at-the-privacy-enhancing-technologies-symposium-2024/)[China’s Surveillance State Is Selling Citizen Data as a Side Hustle](https://www.wired.com/story/chineses-surveillance-state-is-selling-citizens-data-as-a-side-hustle/)[Anyone Can Buy Data Tracking US Soldiers and Spies to Nuclear Vaults and Brothels in Germany](https://www.wired.com/story/phone-data-us-soldiers-spies-nuclear-germany/)Follow me on Twitter: [**@securityaffairs**](https://twitter.com/securityaffairs) and [**Facebook**](https://www.facebook.com/sec.affairs) and [Mastodon](https://infosec.exchange/@securityaffairs)[**Pierluigi Paganini**](http://www.linkedin.com/pub/pierluigi-paganini/b/742/559)**(** [**SecurityAffairs**](http://securityaffairs.co/wordpress/)**–** **hacking, newsletter)**

Related Tags:
CVE-2024-9474

Storm-0875

Octo Tempest

GOLD SAHARA

Akira

PUNK SPIDER

NAICS: 921 – Executive

Legislative

Other General Government Support

NAICS: 459 – Sporting Goods

Hobby

Musical Instrument

Book

Miscellaneous Retailers

NAICS: 54 – Professional

Scientific

Technical Services

Associated Indicators: