Security Affairs newsletter Round 412 by Pierluigi Paganini – International edition

Pierluigi Paganini March 26, 2023

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box.

If you want to also receive for free the newsletter with the international press subscribe here.

NCA infiltrates the cybercriminal underground with fake DDoS-for-hire sites
Pwn2Own Vancouver 2023 awarded $1,035,000 and a Tesla for 27 0-days
CISA announced the Pre-Ransomware Notifications initiative
China-linked hackers target telecommunication providers in the Middle East
City of Toronto is one of the victims hacked by Clop gang using GoAnywhere zero-day
Critical flaw in WooCommerce Payments plugin allows site takeover
Pwn2Own Vancouver 2023 Day 2: Microsoft Teams, Oracle VirtualBox, and Tesla hacked
Experts published PoC exploit code for Veeam Backup & Replication bug
Cisco fixed multiple severe vulnerabilities in its IOS and IOS XE software
Nexus, an emerging Android banking Trojan targets 450 financial apps
Dole discloses data breach after February ransomware attack
Pwn2Own Vancouver 2023 Day 1: Windows 11 and Tesla hacked
Lionsgate streaming platform with 37m subscribers leaks user data
Rogue ChatGPT extension FakeGPT hijacked Facebook accounts
Experts released PoC exploits for severe flaws in Netgear Orbi routers
ENISA: Ransomware became a prominent threat against the transport sector in 2022
BreachForums current Admin Baphomet shuts down BreachForums
Independent Living Systems data breach impacts more than 4M individuals
New Bad Magic APT used CommonMagic framework in the area of Russo-Ukrainian conflict
New ShellBot bot targets poorly managed Linux SSH Servers
2022 Zero-Day exploitation continues at a worrisome pace
Ferrari confirms data breach after receiving a ransom demand from an unnamed extortion group
Crooks stole more than $1.5M worth of Bitcoin from General Bytes ATMs
Acropalypse flaw in Google Pixel’s Markup tool allowed the recovery of edited images
Threat actors abuse Adobe Acrobat Sign to distribute RedLine info-stealer
Emotet is back after a three-month hiatus
Play ransomware gang hit Dutch shipping firm Royal Dirkzwager
Lowe’s Market chain leaves client data up for grabs
NBA is warning fans of a data breach after a third-party newsletter service hack

International Press


[Developing] BreachForums’ Alleged Admin Pompompurin Arrested, Dark Web Reacts

Largest telecom in Guam starts restoring services after cyberattack

Dole Says Employee Information Compromised in Ransomware Attack    

NCA infiltrates cyber crime market with disguised DDoS sites   

DOJ says ‘millions’ of US citizens victimized by BreachForums administrator

FBI, CISA investigating cyberattack on Puerto Rico’s water authority  


(Ab)using Adobe Acrobat Sign to distribute malware   

Exploiting aCropalypse: Recovering Truncated PNGs

External Trusts Are Evil   

Vulnerability Spotlight: Netgear Orbi router vulnerable to arbitrary command execution 

MojoBox: Yet-Another Not-So-SmartLock



Emotet adopts Microsoft OneNote attachments

ShellBot Malware Being Distributed to Linux SSH Servers  

“FakeGPT” #2: Open-Source Turned Malicious in Another Variant of the Facebook Account-Stealer Chrome Extension   

Nexus: a new Android botnet?  

Building a Custom Mach-O Memory Loader for macOS – Part 1

Intelligence and Information Warfare

Bad magic: new APT found in the area of Russo-Ukrainian conflict   

German and South Korean Agencies Warn of Kimsuky’s Expanding Cyber Attack Tactics

Notorious SideCopy APT group sets sights on India’s DRDO  

Operation Tainted Love | Chinese APTs Target Telcos in New Attacks   


Move, Patch, Get Out the Way: 2022 Zero-Day Exploitation Continues at an Elevated Pace  

UK issues strategy to protect National Health Service from cyberattacks 

Understanding Cyber Threats in Transport

Lineup set for House talks on Section 702 surveillance law

Veeam Backup and Replication CVE-2023-27532 Deep Dive  

Critical Vulnerability Discovered in WooCommerce Payments

Getting Ahead of the Ransomware Epidemic: CISA’s Pre-Ransomware Notifications Help Organizations Stop Attacks Before Damage Occurs   

Russia’s Rostec allegedly can de-anonymize Telegram users

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Moshen Dragon)

you might also like

leave a comment