A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.
| Is the BlackByte ransomware gang behind the City of Augusta attack? |
| New Buhti ransomware operation uses rebranded LockBit and Babuk payloads |
| New PowerExchange Backdoor linked to an Iranian APT group |
| Dark Frost Botnet targets the gaming sector with powerful DDoS |
| New CosmicEnergy ICS malware threatens energy grid assets |
| D-Link fixes two critical flaws in D-View 8 network management suite |
| Zyxel firewall and VPN devices affected by critical flaws |
| China-linked APT Volt Typhoon targets critical infrastructure organizations |
| North Korea-linked Lazarus APT targets Microsoft IIS servers to deploy malware |
| Iran-linked Tortoiseshell APT behind watering hole attacks on shipping and logistics Israeli websites Barracuda Email Security Gateway (ESG) hacked via zero-day bug |
| The US government sanctioned four entities and one individual for supporting cyber operations conducted by North Korea |
| Ukraine’s CERT-UA warns of espionage activity conducted by UAC-0063 |
| AhRat Android RAT was concealed in iRecorder app in Google Play |
| The previously undocumented GoldenJackal APT targets Middle East, South Asia entities |
| Google announced its Mobile VRP (vulnerability rewards program) |
| German arms manufacturer Rheinmetall suffered Black Basta ransomware attack |
| A deeper insight into the CloudWizard APT’s activity revealed a long-running activity |
| BlackCat Ransomware affiliate uses signed kernel driver to evade detection |
| CISA adds iPhone bugs to its Known Exploited Vulnerabilities catalog EU hits Meta with $1.3 billion fine for transferring European user data to the US |
| Dish Network says the February ransomware attack impacted +300,000 individuals |
| China bans chip maker Micron from its key information infrastructure |
| BatLoader campaign impersonates ChatGPT and Midjourney to deliver Redline Stealer |
| PyPI Repository temporarily suspends user sign-ups and package uploads due to ongoing attacks |
International Press
Cybercrime
The Hunt for VENOM SPIDER PART 2
German arms company Rheinmetall confirms Black Basta ransomware group behind cyberattack
Cryptomining group traced to Indonesia uses compromised AWS accounts
Triple Threat: Insecure Economy, Cybercrime Recruitment and Insider Threats
Hacking
PyPI Repository Under Attack: User Sign-Ups and Package Uploads Temporarily Halted
Android phones are vulnerable to fingerprint brute-force attacks
Flipper Zero Disconnecting Smart Meter Power to House
Lazarus Group Targeting Windows IIS Web Servers
Malware
BatLoader Impersonates Midjourney, ChatGPT in Drive-by Cyberattacks
BlackCat Ransomware Deploys New Signed Kernel Driver
COSMICENERGY: New OT Malware Possibly Related To Russian Emergency Response Exercises
The Dark Frost Enigma: An Unexpectedly Prevalent Botnet Author Profile
YouTube Pirated Software Videos Deliver Triple Threat: Vidar Stealer, Laplas Clipper, XMRig Miner
Buhti: New Ransomware Operation Relies on Repurposed Payloads
Intelligence and Information Warfare
CloudWizard APT: the bad magic story goes on
Meet the GoldenJackal APT group. Don’t expect any howls
Espionage activity UAC-0063 in relation to Ukraine, Kazakhstan, Kyrgyzstan, Mongolia, Israel, India
Fata Morgana: Watering hole attack on shipping and logistics websites
Volt Typhoon targets US critical infrastructure with living-off-the-land techniques
APT 29 Initial Access Killchain -MITRE ATT@CK Mapping
Cybersecurity
China bans major chip maker Micron from key infrastructure projects
Data Protection Commission announces conclusion of inquiry into Meta Ireland
Treasury Targets DPRK Malicious Cyber and Illicit IT Worker Activities
Barracuda identified a vulnerability (CVE-2023-2868) in our Email Security Gateway appliance (ESG) on May 19, 2023
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, newsletter)
The post Security Affairs newsletter Round 421 by Pierluigi Paganini – International edition appeared first on Security Affairs.
