A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box.—————————————————————————————————————————————————–Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.[Pro-Russia group NoName targeted the websites of Italian airports](https://securityaffairs.com/172395/security/pro-russia-group-noname057-targets-italian-airports.html) [North Korea actors use OtterCookie malware in Contagious Interview campaign](https://securityaffairs.com/172382/malware/north-korea-linked-actors-using-ottercookie-backdoor.html) [Experts warn of a surge in activity associated FICORA and Kaiten botnets](https://securityaffairs.com/172373/uncategorized/surge-ficora-kaiten-botnets.html) [Palo Alto Networks fixed a high-severity PAN-OS flaw](https://securityaffairs.com/172370/security/palo-alto-networks-high-severity-pan-os-flaw.html) [Brazilian citizen charged for threatening to release data stolen from a company in 2020](https://securityaffairs.com/172362/hacking/brazilian-citizen-extortion-attempt.html) [A new Mirai botnet variant targets DigiEver DS-2105 Pro DVRs](https://securityaffairs.com/172345/malware/mirai-botnet-targets-digiever-ds-2105-pro-dvrs.html) [A ransomware attack disrupted services at Pittsburgh Regional Transit](https://securityaffairs.com/172333/cyber-crime/pittsburgh-regional-transit-ransomware-attack.html) [A cyber attack hit Japan Airlines delaying ticket sales for flights](https://securityaffairs.com/172319/hacking/japan-airlines-hit-cyberattack.html) [Apache fixed a critical SQL Injection in Apache Traffic Control](https://securityaffairs.com/172307/security/apache-traffic-control-critical-flaw.html) [BellaCPP, Charming Kitten’s BellaCiao variant written in C++](https://securityaffairs.com/172299/malware/bellacpp-charming-kittens-bellaciao-variant-written-in-c.html) [DMM Bitcoin $308M Bitcoin heist linked to North Korea](https://securityaffairs.com/172290/hacking/dmm-bitcoin-308m-theft-linked-north-korea.html) [Adobe is aware that ColdFusion bug CVE-2024-53961 has a known PoC exploit code](https://securityaffairs.com/172281/security/adobe-coldfusion-flaw-poc.html) [Apache Foundation fixed a severe Tomcat vulnerability](https://securityaffairs.com/172273/security/apache-foundation-fixed-tomcat-flaw.html) [Italy’s data protection watchdog fined OpenAI €15 million over ChatGPT’s data management violations](https://securityaffairs.com/172264/laws-and-regulations/italys-data-protection-watchdog-fined-openai-e15-million.html) [U.S. CISA adds Acclaim Systems USAHERDS flaw to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/172255/hacking/u-s-cisa-acclaim-systems-usaherds-flaw-known-exploited-vulnerabilities-catalog.html) [U.S. Court rules against NSO Group in WhatsApp spyware Lawsuit](https://securityaffairs.com/172247/laws-and-regulations/u-s-court-rules-against-nso-group-whatsapp-lawsuit.html) [Lazarus APT targeted employees at an unnamed nuclear-related organization](https://securityaffairs.com/172221/apt/lazarus-apt-targeted-employees-unnamed-nuclear-related-org.html) [US charged Dual Russian and Israeli National as LockBit Ransomware developer](https://securityaffairs.com/172201/uncategorized/us-authorities-charged-lockbit-ransomware-developer.html)**International Press — Newsletter****Cybercrime**[Phishing platform Rockstar 2FA trips, and ‘FlowerStorm’ picks up the pieces](https://news.sophos.com/en-us/2024/12/19/phishing-platform-rockstar-2fa-trips-and-flowerstorm-picks-up-the-pieces/)[Pittsburgh Regional Transit attributes recent service disruptions to ransomware attack](https://therecord.media/pittsburgh-regional-transit-attributes-disruptions-to-ransomware-attack)[Brazilian Man Charged With Making Extortionate Threats To Publicize Stolen Data Obtained By Unlawful Computer Intrusion](https://www.justice.gov/usao-nj/pr/brazilian-man-charged-making-extortionate-threats-publicize-stolen-data-obtained)**Malware**[Now You See Me, Now You Don’t: Using LLMs to Obfuscate Malicious JavaScript](https://unit42.paloaltonetworks.com/using-llms-obfuscate-malicious-javascript/)[Analyzing Malicious Intent in Python Code: A Case Study](https://www.fortinet.com/blog/threat-research/analyzing-malicious-intent-in-python-code)[DigiEver Fix That IoT Thing!](https://www.akamai.com/blog/security-research/digiever-fix-that-iot-thing)**Hacking**[The Insecure IoT Cloud Strikes Again: RCE on Ruijie Cloud-Connected Devices](https://claroty.com/team82/research/the-insecure-iot-cloud-strikes-again-rce-on-ruijie-cloud-connected-devices)[Cybersecurity firm’s Chrome extension hijacked to steal users’ data](https://www.bleepingcomputer.com/news/security/cybersecurity-firms-chrome-extension-hijacked-to-steal-users-data/)[Japan Airlines was hit by a cyberattack, delaying flights during the year-end holiday season](https://apnews.com/article/japan-jal-cyberattack-flights-travel-04fbd4848f3015a77057339a5c90ca32)[Hackers exploit DoS flaw to disable Palo Alto Networks firewalls](https://www.bleepingcomputer.com/news/security/hackers-exploit-dos-flaw-to-disable-palo-alto-networks-firewalls/)**Intelligence and Information Warfare**[Ukraine’s state registers hit with one of Russia’s largest cyberattacks, officials say](https://therecord.media/ukraine-government-cyberattack-state-registers-russia)[Lazarus group evolves its infection chain with old and new malware](https://securelist.com/lazarus-new-malware/115059/)[FBI, DC3, and NPA Identification of North Korean Cyber Actors, Tracked as TraderTraitor, Responsible for Theft of $308 Million USD from Bitcoin.DMM.com](https://www.fbi.gov/news/press-releases/fbi-dc3-and-npa-identification-of-north-korean-cyber-actors-tracked-as-tradertraitor-responsible-for-theft-of-308-million-from-bitcoindmmcom)[BellaCPP: Discovering a new BellaCiao variant written in C++](https://securelist.com/bellacpp-cpp-version-of-bellaciao/115087/)[OtterCookie, a new malware used by Contagious Interview](https://jp.security.ntt/tech_blog/contagious-interview-ottercookie)[Recent Cases of Watering Hole Attacks, Part 2](https://blogs.jpcert.or.jp/en/2024/12/watering_hole_attack_part2.html)**Cybersecurity**[U.S. Judge Rules Against NSO Group in WhatsApp Pegasus Spyware Case](https://thehackernews.com/2024/12/us-judge-rules-against-nso-group-in.html)[Italy fines OpenAI over ChatGPT privacy rules breach](https://www.reuters.com/technology/italy-fines-openai-15-million-euros-over-privacy-rules-breach-2024-12-20/)[Adobe Patches ColdFusion Flaw at High Risk of Exploitation](https://www.securityweek.com/adobe-patches-coldfusion-flaw-at-high-risk-of-exploitation/) [](https://www.securityweek.com/the-intersection-of-ai-and-osint-advanced-threats-on-the-horizon/)[The Intersection of AI and OSINT: Advanced Threats On The Horizon](https://www.securityweek.com/the-intersection-of-ai-and-osint-advanced-threats-on-the-horizon/)Follow me on Twitter: [**@securityaffairs**](https://twitter.com/securityaffairs) and [**Facebook**](https://www.facebook.com/sec.affairs) and [Mastodon](https://infosec.exchange/@securityaffairs)[**Pierluigi Paganini**](http://www.linkedin.com/pub/pierluigi-paganini/b/742/559)**(** [**SecurityAffairs**](http://securityaffairs.co/wordpress/)**–** **hacking, newsletter)**
Related Tags:
NAICS: 485 – Transit And Ground Passenger Transportation
NAICS: 48 – Transportation
NAICS: 921 – Executive
Legislative
Other General Government Support
NAICS: 54 – Professional
Scientific
Technical Services
NAICS: 481 – Air Transportation
NAICS: 335 – Electrical Equipment
Appliance
Component Manufacturing
NAICS: 923 – Administration Of Human Resource Programs
NAICS: 519 – Web Search Portals
Libraries
Archives
Other Information Services
NAICS: 541 – Professional
Scientific
Technical Services
Associated Indicators:
null