A new round of the weekly SecurityAffairs newsletter arrived!

The best news of the week with Security Affairs.

Let me inform you that my new book, “Digging in the Deep Web” is online

Kindle Edition

Paper Copy

Digging The Deep Web

Once again thank you!

·      A new flaw in Electron poses a risk to apps based on the framework
·      Malicious package containing Bytecoin cryptocurrency miner found on the Ubuntu Snap Store
·      UK mobile operator EE left a critical code system exposed with a default password
·      Chilis restaurant chain is the last victim of a Payment Card Breach
·      Critical Flaws in PGP and S/MIME Tools – Immediately disable tools that automatically decrypt PGP-encrypted email
·      Nigelthorn malware infected over 100,000 systems abusing Chrome extensions
·      PANDA Banker malware used in several campaigns aimed at banks, cryptocurrency exchanges and social media
·      Researchers disclosed details of EFAIL attacks on in PGP and S/MIME tools. Experts believe claims are overblown
·      Adobe issued security updates for 47 vulnerabilities in Acrobat DC and Reader
·      Dutch Government plans to phase out the use of Kaspersky solutions
·      Hackers shared technical details of a Code Injection flaw in Signal App
·      Massive DDoS attack hit the Danish state rail operator DSB
·      Rail Europe North America hit by payment card data breach
·      Anonymous defaced Russia govt website against Telegram ban
·      Mysterious hackers ingenuously reveal two Zero-Days to security community
·      Operation Hotel – Ecuador spent millions on spy operation for Julian Assange
·      Red Hat Linux DHCP Client affected by a command injection flaw, patch it now!
·      Mexican central bank confirmed that SWIFT hackers stole millions of dollars from Mexican Banks
·      Nethammer – Exploiting Rowhammer attack through network without a single attacker-controlled line of code
·      Russian Telegrab malware harvesting Telegram Desktop credentials, cookies, desktop cache, and key files
·      A New Mexico man sentenced to 15 Years in jail for DDoS Attacks and possession of firearms
·      CISCO issued security updates to address three critical flaws in Cisco DNA Center
·      Satori Botnet is targeting exposed Ethereum mining pools running the Claymore mining software
·      The new Wicked Mirai botnet leverages at least three new exploits
·      A dataset of 200 million PII exfiltrated from several Japanese websites offered on underground market
·      Chrome evolves security indicators by marking with a red warning for HTTP content
·      More than 800,000 DrayTek routers at risks due to a mysterious zero-day exploit
·      Updated – The new Wicked Mirai botnet leverages at least three new exploits


Pierluigi Paganini

(Security Affairs – Newsletter)

The post Security Affairs newsletter Round 163 – News of the week appeared first on Security Affairs.