A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.
| Abandoned Eval PHP WordPress plugin abused to backdoor websites |
| CISA adds MinIO, PaperCut, and Chrome bugs to its Known Exploited Vulnerabilities catalog |
| At least 2 critical infrastructure orgs breached by North Korea-linked hackers behind 3CX attack |
| American Bar Association (ABA) suffered a data breach,1.4 million members impacted |
| Pro-Russia hackers launched a massive attack against the EUROCONTROL agency |
| Cisco fixed critical flaws in the Industrial Network Director and Modeling Labs solutions |
| Intro to phishing: simulating attacks to build resiliency |
| Multinational ICICI Bank leaks passports and credit card numbers |
| VMware fixed a critical flaw in vRealize that allows executing arbitrary code as root |
| Lazarus APT group employed Linux Malware in recent attacks and was linked to 3CX supply chain attack |
| Experts disclosed two critical flaws in Alibaba cloud database services |
| Google TAG warns of Russia-linked APT groups targeting Ukraine |
| Trigona Ransomware targets Microsoft SQL servers |
| Russian national sentenced to time served for committing money laundering for the Ryuk ransomware operation |
| Google fixed the second actively exploited Chrome zero-day of 2023 |
| US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws |
| Iran-linked Mint Sandstorm APT targeted US critical infrastructure |
| PWNYOURHOME, FINDMYPWN, LATENTIMAGE: 3 iOS Zero-Click exploits used by NSO Group in 2022 |
| Experts temporarily disrupted the RedLine Stealer operations |
| CISA adds bugs in Chrome and macOS to its Known Exploited Vulnerabilities catalog The intricate relationships between the FIN7 group and members of the Conti ransomware gang |
| Israeli surveillance firm QuaDream is shutting down amidst spyware accusations |
| New QBot campaign delivered hijacking business correspondence |
| China-linked APT41 group spotted using open-source red teaming tool GC2 |
| Vice Society gang is using a custom PowerShell tool for data exfiltration |
| Experts warn of an emerging Python-based credential harvester named Legion |
| Experts found the first LockBit encryptor that targets macOS systems |
| NCR was the victim of BlackCat/ALPHV ransomware gang |
| Remcos RAT campaign targets US accounting and tax return preparation firms |
International Press
Cybercrime
NCR suffers Aloha POS outage after BlackCat ransomware attack
Capita IT breach gets worse as Black Basta claims it’s now selling off stolen data
Ex-Conti and FIN7 Actors Collaborate with New Domino Backdoor
Takedown of GitHub Repositories Disrupts RedLine Malware Operations
Hacking
Legion: an AWS Credential Harvester and SMTP Hijacker
Russian Man Who Laundered Money for Ryuk Ransomware Gang Sentenced
#BrokenSesame: Accidental ‘write’ permissions to private registry allowed potential RCE to Alibaba Cloud Database Services
European air traffic control agency’s website under cyber attack from pro-Russian hackers: Report
X_Trader Supply Chain Attack Affects Critical Infrastructure Organizations in U.S. and Europe
Massive Abuse of Abandoned Eval PHP WordPress Plugin
Malware
The LockBit ransomware (kinda) comes for macOS
Vice Society: A Tale of Victim Data Exfiltration via PowerShell, aka Stealing off the Land
QBot banker delivered through business correspondence
Trigona Ransomware Attacking MS-SQL Servers
Triple Threat NSO Group’s Pegasus Spyware Returns in 2022 with a Trio of iOS 15 and iOS 16 Zero-Click Exploit Chains
Intelligence and Information Warfare
Threat Horizons April 2023 Threat Horizons Report
Online Gaming Chats Have Long Been Spy Risk for US Military
DOJ charges 34 with operating Chinese gov’t troll farm that harassed dissidents
The NTC Vulkan Files: Implications for Cybersecurity and Businesses
Nation-state threat actor Mint Sandstorm refines tradecraft to attack high-value targets
State-sponsored campaigns target global network infrastructure
APT28 Exploits Known Vulnerability to Carry Out Reconnaissance and Deploy Malware on Cisco Routers
Ukraine remains Russia’s biggest cyber focus in 2023
Linux malware strengthens links between Lazarus and the 3CX supply‑chain attack
Cybersecurity
Offensive cyber company QuaDream shutting down amidst spyware accusations
Questions and Answers: Cyber: towards stronger EU capabilities for effective operational cooperation, solidarity and resilience
Google Chrome Hit by Second Zero-Day Attack – Urgent Patch Update Released
AI security concerns in a nutshell – Practical AI Security guide
WhatsApp and Signal unite against online safety bill amid privacy concerns
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Please vote for Security Affairs (https://securityaffairs.com/) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections:
- The Teacher – Most Educational Blog
- The Entertainer – Most Entertaining Blog
- The Tech Whizz – Best Technical Blog
- Best Social Media Account to Follow (@securityaffairs)
Please nominate Security Affairs as your favorite blog.
Nominate here: https://docs.google.com/forms/d/e/1FAIpQLSfaFMkrMlrLhOBsRPKdv56Y4HgC88Bcji4V7OCxCm_OmyPoLw/viewform
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, newsletter)
The post Security Affairs newsletter Round 416 by Pierluigi Paganini – International edition appeared first on Security Affairs.
