A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box.—————————————————————————————————————————————————–Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.[BadBox rapidly grows, 190,000 Android devices infected](https://securityaffairs.com/172191/malware/190000-android-devices-infected-by-badbox.html) [Romanian national was sentenced to 20 years in prison for his role in NetWalker ransomware attacks](https://securityaffairs.com/172182/cyber-crime/romanian-national-was-sentenced-to-20-years-netwalker-attacks.html)[Sophos fixed critical vulnerabilities in its Firewall product](https://securityaffairs.com/172179/security/sophos-firewall-critical-vulnerabilities.html) [U.S. CISA adds BeyondTrust software flaw to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/172170/security/us-cisa-beyondtrust-known-exploited-vulnerabilities-catalog.html) [Raccoon Infostealer operator sentenced to 60 months in prison](https://securityaffairs.com/172163/cyber-crime/raccoon-infostealer-operator-sentenced-to-60-months-prison.html) [Mirai botnet targets SSR devices, Juniper Networks warns](https://securityaffairs.com/172157/malware/juniper-networks-mirai-botnet.html) [Fortinet warns about Critical flaw in Wireless LAN Manager FortiWLM](https://securityaffairs.com/172144/hacking/fortinet-warns-of-a-patched-fortiwlm-vulnerability.html) [CERT-UA: Russia-linked UAC-0125 abuses Cloudflare Workers to target Ukrainian army](https://securityaffairs.com/172139/apt/cert-ua-warns-russia-uac-0125-abuses-cloudflare-workers.html) [US considers banning TP-Link routers over cybersecurity concerns](https://securityaffairs.com/172128/uncategorized/us-considers-banning-tp-link-routers.html) [APT](https://securityaffairs.com/172117/apt/russian-apt29-group-uses-rogue-rdp.html) [Russia-linked APT29 group used red team tools in rogue RDP attacks](https://securityaffairs.com/172117/apt/russian-apt29-group-uses-rogue-rdp.html) [Threat actors are attempting to exploit Apache Struts vulnerability CVE-2024-53677](https://securityaffairs.com/172109/hacking/apache-struts-vulnerability-cve-2024-53677-flaw.html) [Irish Data Protection Commission (DPC) fined Meta €251 million for a 2018 data breach](https://securityaffairs.com/172100/laws-and-regulations/dpc-fined-meta-e251-million.html) [The Mask APT is back after 10 years of silence](https://securityaffairs.com/172093/apt/the-mask-apt-is-back.html) [Texas Tech University data breach impacted 1.4 million individuals](https://securityaffairs.com/172085/data-breach/texas-tech-university-data-breach.html) [The FBI warns of HiatusRAT scanning campaigns against Chinese-branded web cameras and DVRs](https://securityaffairs.com/172074/malware/fbi-warns-of-hiatusrat-scanning-campaigns.html) [Russia FSB relies on Ukrainian minors for criminal activities disguised as ‘quest games’](https://securityaffairs.com/172052/intelligence/fsb-relies-on-ukrainian-minors-for-criminal-activities-disguised-as-quest-games.html) [U.S. CISA adds Microsoft Windows Kernel-Mode Driver and Adobe ColdFusion flaws to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/172059/security/u-s-cisa-adds-microsoft-windows-kernel-mode-driver-and-adobe-coldfusion-flaws-to-its-known-exploited-vulnerabilities-catalog.html) [ConnectOnCall data breach impacted over 900,000 individuals](https://securityaffairs.com/172053/data-breach/connectoncall-data-breach-impacted-over-900000-individuals.html) [Report claims that Serbian authorities abused Cellebrite tool to install NoviSpy spyware](https://securityaffairs.com/172039/malware/novispy-spyware-serbian-journalist.html) [Multiple flaws in Volkswagen Group’s infotainment unit allow for vehicle compromise](https://securityaffairs.com/172024/hacking/volkswagen-group-infotainment-unit-flaws.html) [PUMAKIT, a sophisticated rootkit that uses advanced stealth mechanisms](https://securityaffairs.com/172016/malware/pumakit-sophisticated-rootkit.html)**International Press — Newsletter****Cybercrime**[New Investment Scam Leverages AI, Social Media Ads to Target Victims Worldwide](https://thehackernews.com/2024/12/new-investment-scam-leverages-ai-social.html)[Texas Tech University Data Breach Impacts 1.4 Million People](https://www.securityweek.com/texas-tech-university-data-breach-impacts-1-4-million-people/)[Hacker Leaks Cisco Data](https://www.securityweek.com/hacker-leaks-cisco-data/)[New fake Ledger data breach emails try to steal crypto wallets](https://www.bleepingcomputer.com/news/security/new-fake-ledger-data-breach-emails-try-to-steal-crypto-wallets/)[How to Lose a Fortune with Just One Bad Click](https://krebsonsecurity.com/2024/12/how-to-lose-a-fortune-with-just-one-bad-click/)[Effective Phishing Campaign Targeting European Companies and Institutions](https://unit42.paloaltonetworks.com/european-phishing-campaign/)[Ukrainian National Sentenced to Federal Prison in ‘Raccoon Infostealer’ Cybercrime Case](https://www.justice.gov/usao-wdtx/pr/ukrainian-national-sentenced-federal-prison-raccoon-infostealer-cybercrime-case)[Romanian National Sentenced to 20 Years in Prison in Connection with NetWalker Ransomware Attacks Resulting in the Payment of Millions of Dollars in Ransoms](https://www.justice.gov/opa/pr/romanian-national-sentenced-20-years-prison-connection-netwalker-ransomware-attacks)[United States Charges Dual Russian and Israeli National as Developer of LockBit Ransomware Group](https://www.justice.gov/opa/pr/united-states-charges-dual-russian-and-israeli-national-developer-lockbit-ransomware-group)[ACE Shutters One of the Largest Live Sports Piracy Rings in the World](https://www.alliance4creativity.com/news/ace-shutters-one-of-the-largest-live-sports-piracy-rings-in-the-world/)**Malware**[Vishing via Microsoft Teams Facilitates DarkGate Malware Intrusion](https://www.trendmicro.com/en_us/research/24/l/darkgate-malware.html)[Spyware distributed through Amazon Appstore](https://www.mcafee.com/blogs/other-blogs/mcafee-labs/spyware-distributed-through-amazon-appstore/)[BADBOX Botnet Is Back](https://www.bitsight.com/blog/badbox-botnet-back)[Supply Chain Attack on Rspack npm Packages Injects Cryptojacking Malware](https://socket.dev/blog/rspack-supply-chain-attack)**Hacking**[Researchers find security flaws in Skoda cars that may let hackers remotely track them](https://techcrunch.com/2024/12/12/researchers-find-security-flaws-in-skoda-cars-that-may-let-hackers-remotely-track-them/)[Exploit attempts inspired by recent Struts2 File Upload Vulnerability (CVE-2024-53677, CVE-2023-50164)](https://isc.sans.edu/forums/diary/Exploit+attempts+inspired+by+recent+Struts2+File+Upload+Vulnerability+CVE202453677+CVE202350164/31520/)[Hackers Can Jailbreak Digital License Plates to Make Others Pay Their Tolls and Tickets](https://www.wired.com/story/digital-license-plate-jailbreak-hack/)[Not All Roads Lead to PWN2OWN: Firmware Reverse Engineering (Part 2)](https://www.hacktivesecurity.com/index.php/2024/12/18/not-all-roads-lead-to-pwn2own-firmware-reverse-engineering-part-2/)[Current State of SonicWall Exposure: Firmware Decryption Unlocks New Insights](https://bishopfox.com/blog/state-sonicwall-exposure-firmware-decryption-unlocks-insights)[Investigating Malicious Hardware with Industrial CT](https://www.lumafield.com/article/investigating-malicious-hardware-with-industrial-ct)[Fortinet FortiWLM Deep-Dive, IOCs, and the Almost Story of the ‘Forti Forty’](https://www.horizon3.ai/attack-research/disclosures/fortiwlm-the-almost-story-for-the-forti-forty)**Intelligence and Information Warfare**[Glutton: A New Zero-Detection PHP Backdoor from Winnti Targets Cybercrimals](https://blog.xlab.qianxin.com/glutton_stealthily_targets_mainstream_php_frameworks-en/)[‘A Digital Prison’: Surveillance and the suppression of civil society in Serbia](https://securitylab.amnesty.org/latest/2024/12/a-digital-prison-surveillance-and-the-suppression-of-civil-society-in-serbia/)[The SBU and the National Police detained minors in Kharkiv who were spying for the FSB under the guise of a quest game](https://ssu.gov.ua/novyny/sbu-ta-natspolitsiia-zatrymaly-u-kharkovi-nepovnolitnikh-yaki-shpyhuvaly-dlia-fsb-pid-vyhliadom-kvesthry)[Hidden in Plain Sight: TA397’s New Attack Chain Delivers Espionage RATs](https://www.proofpoint.com/us/blog/threat-insight/hidden-plain-sight-ta397s-new-attack-chain-delivers-espionage-rats)[Analyzing FLUX#CONSOLE: Using Tax-Themed Lures, Threat Actors Exploit Windows Management Console to Deliver Backdoor Payloads](https://www.securonix.com/blog/analyzing-fluxconsole-using-tax-themed-lures-threat-actors-exploit-windows-management-console-to-deliver-backdoor-payloads/) [](https://www.theregister.com/2024/12/16/trump_administration_china_offensive/)[Trump administration wants to go on cyber offensive against China](https://www.theregister.com/2024/12/16/trump_administration_china_offensive/)[Earth Koshchei Coopts Red Team Tools in Complex RDP Attacks](https://www.trendmicro.com/en_us/research/24/l/earth-koshchei.html)[Cyberattack UAC-0125 using the theme ‘Army+’ (CERT-UA#12559)](https://cert.gov.ua/article/6281701)**Cybersecurity**[ESET Threat Report H2 2024](https://www.welivesecurity.com/en/eset-research/eset-threat-report-h2-2024/)[OpenAI whistleblower found dead in San Francisco](https://www.salon.com/2024/12/14/openai-whistleblower-found-in-san-francisco/)[Irish Data Protection Commission fines Meta €251 Million](https://www.dataprotection.ie/en/news-media/press-releases/irish-data-protection-commission-fines-meta-eu251-million)[Foreign hackers need to face real consequences, Mike Waltz says](https://www.politico.com/news/2024/12/15/mike-waltz-hacking-foreign-penalties-00194415)[US considers ban on China’s TP-Link over security concerns, WSJ reports](https://www.reuters.com/technology/us-considers-ban-chinas-tp-link-wsj-reports-2024-12-18/)Follow me on Twitter: [**@securityaffairs**](https://twitter.com/securityaffairs) and [**Facebook**](https://www.facebook.com/sec.affairs) and [Mastodon](https://infosec.exchange/@securityaffairs)[**Pierluigi Paganini**](http://www.linkedin.com/pub/pierluigi-paganini/b/742/559)**(** [**SecurityAffairs**](http://securityaffairs.co/wordpress/)**–** **hacking, newsletter)**
Related Tags:
DarkGate
Midnight Blizzard
NAICS: 921 – Executive
Legislative
Other General Government Support
NAICS: 54 – Professional
Scientific
Technical Services
NAICS: 923 – Administration Of Human Resource Programs
NAICS: 541 – Professional
Scientific
Technical Services
NAICS: 52 – Finance And Insurance
NAICS: 518 – Computing Infrastructure Providers
Data Processing
Web Hosting
Related Services
NAICS: 92 – Public Administration
Associated Indicators: