A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.
| Experts found new MOVEit Transfer SQL Injection flaws |
| The University of Manchester suffered a cyber attack and suspects a data breach |
| Russians charged with hacking Mt. Gox exchange and operating BTC-e |
| Japanese Pharmaceutical giant Eisai hit by a ransomware attack |
| Clop ransomware gang was testing MOVEit Transfer bug since 2021 |
| Stealth Soldier backdoor used is targeted espionage attacks in Libya |
| Researchers published PoC exploit code for actively exploited Windows elevation of privilege issue |
| Experts detail a new Kimsuky social engineering campaign |
| German recruiter Pflegia leaks sensitive job seeker info |
| Cisco fixes privilege escalation bug in Cisco Secure Client |
| Barracuda ESG appliances impacted by CVE-2023-2868 must be immediately replaced |
| VMware fixes a command injection flaw CVE-2023-20887 in VMware Aria Operations for Networks |
| Clop ransomware gang claims the hack of hundreds of victims exploiting MOVEit Transfer bug |
| June 2023 Security Update for Android fixed Arm Mali GPU bug used by spyware |
| New PowerDrop malware targets U.S. aerospace defense industry |
| +60,000 Android apps spotted hiding adware for past six months |
| NASA website flaw jeopardizes astrobiology fans |
| Hackers stole around $35 million in Atomic Wallet security breach |
| Google fixed the third Chrome zero-day of 2023 |
| Cyclops Ransomware group offers a multiplatform Info Stealer |
| British Airways, BBC and Boots were impacted the by Zellis data breach |
| KeePass fixed the bug that allows the extraction of the cleartext master password |
| Microsoft blames Clop ransomware gang for ‘MOVEit Transfer’ attacks |
| Idaho Hospitals hit by a cyberattack that impacted their operations |
| Experts warn of a surge of TrueBot activity in May 2023 |
| Magecart campaign abuses legitimate sites to host web skimmers and act as C2 |
| Spanish bank Globalcaja confirms Play ransomware attack |
| Security Affairs newsletter Round 422 by Pierluigi Paganini – International edition |
| Xplain hack impacted the Swiss cantonal police and Fedpol |
| Zyxel published guidance for protecting devices from ongoing attacks |
| Kimsuky APT poses as journalists and broadcast writers in its attacks |
| New Linux Ransomware BlackSuit is similar to Royal ransomware |
International Press
Cybercrime
New Magecart-Style Campaign Abusing Legitimate Websites to Attack Others
Large Spanish bank confirms ransomware attack
$35 million stolen in attacks on Atomic Wallet cryptocurrency customers
Pharmaceutical Giant Eisai Takes Systems Offline Following Ransomware Attack
Russian Nationals Charged With Hacking One Cryptocurrency Exchange and Illicitly Operating Another
How Global Information Sharing Can Help Stop Cybercrime
University of Manchester says hackers ‘likely’ stole data in cyberattack
Hacking
British Airways staff’s details stolen in cyber breach hitting firms around the world
Analysis of CVE-2023-29336 Win32k Privilege Escalation Vulnerability (with POC)
Clop Ransomware Likely Sitting on MOVEit Transfer Vulnerability (CVE-2023-34362) Since 2021
Malware
Carbon Black’s TrueBot Detection
Cyclops Ransomware and Stealer Combo: Exploring a Dual Threat
Tens of Thousands of Compromised Android Apps Found by Bitdefender Anomaly Detection Technology
PowerDrop: A New Insidious PowerShell Script for Command and Control Attacks Targets U.S. Aerospace Defense Industry
Intelligence and Information Warfare
The Evolution of Cyber Operations in Armed Conflict
Kimsuky Strikes Again | New Social Engineering Campaign Aims to Steal Credentials and Gather Strategic Intelligence
STEALTH SOLDIER BACKDOOR USED IN TARGETED ESPIONAGE ATTACKS IN NORTH AFRICA
Cybersecurity
4 Areas of Cyber Risk That Boards Need to Address
KeePass v2.54 fixes bug that leaked cleartext master password
NASA website flaw jeopardizes astrobiology fans
Daily Mirror accused of hacking Diana’s phone during friendship with Michael Barrymore
OWASP’s 2023 API Security Top 10 Refines View of API Risks
Barracuda says hacked ESG appliances must be replaced immediately
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, newsletter)
The post Security Affairs newsletter Round 423 by Pierluigi Paganini – International edition appeared first on Security Affairs.