Security Affairs newsletter Round 348

Pierluigi Paganini January 09, 2022

A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box.

If you want to also receive for free the newsletter with the international press subscribe here.

Unauthenticated RCE in H2 Database Console is similar to Log4Shell
FluBot malware continues to evolve. What’s new in Version 5.0 and beyond?
Alfer Microsoft, also SonicWall confirmed that its products were affected by Y2K22 bug
FIN7 group continues to target US companies with BadUSB devices
How to secure QNAP NAS devices? The vendor’s instructions
Threat actor targets VMware Horizon servers using Log4Shell exploits, UK NHS warns
Norton Crypto, the controversial cryptomining feature of Norton 360
Over 3.7 million accounts were compromised in the FlexBooker data breach
Night Sky, a new ransomware operation in the threat landscape
North Korea-linked Konni APT targets Russian diplomatic bodies
Threat actors stole 1.1 million customer accounts from 17 well-known companies
Google Docs comment feature abused in phishing campaign
France hits Google, Facebook with fines over ‘Cookies’ management
NoReboot persistence technique fakes iPhone shutdown
VMware fixed CVE-2021-22045 heap-overflow in Workstation, Fusion and ESXi
FTC warns legal action against businesses who fail to mitigate Log4J attacks
Threat actors continue to exploit Log4j flaws in their attacks, Microsoft Warns
Researchers used electromagnetic signals to classify malware infecting IoT devices
UScellular discloses the second data breach in a year
Attackers abused cloud video platform to inject an e-skimmer into 100 Real Estate sites
Purple Fox backdoor spreads through fake Telegram App installer
Hospitality Chain McMenamins discloses data breach after ransomware attack
Broward Health suffered a data breach that impacted +1.3 million people
‘doorLock’ – A persistent denial of service flaw affecting iOS 15.2 – iOS 14.7 
Israeli Media Outlets hacked on the anniversary of Soleimani killing
SEGA Europe left AWS S3 bucket unsecured exposing data and infrastructure to attack
The worst cyber attacks of 2021
Microsoft rolled out emergency fix for Y2k22 bug in Exchange servers
Exclusive: NASA Director Twitter account hacked by Powerful Greek Army
Lapsus$ ransomware gang hits Impresa, Portugal’s largest media conglomerate
North Korea-linked threat actors stole $1.7 billion from cryptocurrency exchanges
Crypto security breaches cause $4.25 billion losses worth of cryptos in 2021

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)

[adrotate banner=”5″]

[adrotate banner=”13″]



you might also like

leave a comment