Security Affairs newsletter Round 412 by Pierluigi Paganini – International edition

March 26, 2023  By Pierluigi Paganini


A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box.

If you want to also receive for free the newsletter with the international press subscribe here.

NCA infiltrates the cybercriminal underground with fake DDoS-for-hire sites
Pwn2Own Vancouver 2023 awarded $1,035,000 and a Tesla for 27 0-days
CISA announced the Pre-Ransomware Notifications initiative
China-linked hackers target telecommunication providers in the Middle East
City of Toronto is one of the victims hacked by Clop gang using GoAnywhere zero-day
Critical flaw in WooCommerce Payments plugin allows site takeover
Pwn2Own Vancouver 2023 Day 2: Microsoft Teams, Oracle VirtualBox, and Tesla hacked
Experts published PoC exploit code for Veeam Backup & Replication bug
Cisco fixed multiple severe vulnerabilities in its IOS and IOS XE software
Nexus, an emerging Android banking Trojan targets 450 financial apps
Dole discloses data breach after February ransomware attack
Pwn2Own Vancouver 2023 Day 1: Windows 11 and Tesla hacked
Lionsgate streaming platform with 37m subscribers leaks user data
Rogue ChatGPT extension FakeGPT hijacked Facebook accounts
Experts released PoC exploits for severe flaws in Netgear Orbi routers
ENISA: Ransomware became a prominent threat against the transport sector in 2022
BreachForums current Admin Baphomet shuts down BreachForums
Independent Living Systems data breach impacts more than 4M individuals
New Bad Magic APT used CommonMagic framework in the area of Russo-Ukrainian conflict
New ShellBot bot targets poorly managed Linux SSH Servers
2022 Zero-Day exploitation continues at a worrisome pace
Ferrari confirms data breach after receiving a ransom demand from an unnamed extortion group
Crooks stole more than $1.5M worth of Bitcoin from General Bytes ATMs
Acropalypse flaw in Google Pixel’s Markup tool allowed the recovery of edited images
Threat actors abuse Adobe Acrobat Sign to distribute RedLine info-stealer
Emotet is back after a three-month hiatus
Play ransomware gang hit Dutch shipping firm Royal Dirkzwager
Lowe’s Market chain leaves client data up for grabs
NBA is warning fans of a data breach after a third-party newsletter service hack

International Press

Cybercrime

[Developing] BreachForums’ Alleged Admin Pompompurin Arrested, Dark Web Reacts

Largest telecom in Guam starts restoring services after cyberattack

Dole Says Employee Information Compromised in Ransomware Attack    

NCA infiltrates cyber crime market with disguised DDoS sites   

DOJ says ‘millions’ of US citizens victimized by BreachForums administrator

FBI, CISA investigating cyberattack on Puerto Rico’s water authority  

Hacking

(Ab)using Adobe Acrobat Sign to distribute malware   

Exploiting aCropalypse: Recovering Truncated PNGs

External Trusts Are Evil   

Vulnerability Spotlight: Netgear Orbi router vulnerable to arbitrary command execution 

MojoBox: Yet-Another Not-So-SmartLock

PWN2OWN VANCOUVER 2023 – DAY THREE RESULTS  

Malware

Emotet adopts Microsoft OneNote attachments

ShellBot Malware Being Distributed to Linux SSH Servers  

“FakeGPT” #2: Open-Source Turned Malicious in Another Variant of the Facebook Account-Stealer Chrome Extension   

Nexus: a new Android botnet?  

Building a Custom Mach-O Memory Loader for macOS – Part 1

Intelligence and Information Warfare

Bad magic: new APT found in the area of Russo-Ukrainian conflict   

German and South Korean Agencies Warn of Kimsuky’s Expanding Cyber Attack Tactics

Notorious SideCopy APT group sets sights on India’s DRDO  

Operation Tainted Love | Chinese APTs Target Telcos in New Attacks   

Cybersecurity

Move, Patch, Get Out the Way: 2022 Zero-Day Exploitation Continues at an Elevated Pace  

UK issues strategy to protect National Health Service from cyberattacks 

Understanding Cyber Threats in Transport

Lineup set for House talks on Section 702 surveillance law

Veeam Backup and Replication CVE-2023-27532 Deep Dive  

Critical Vulnerability Discovered in WooCommerce Payments

Getting Ahead of the Ransomware Epidemic: CISA’s Pre-Ransomware Notifications Help Organizations Stop Attacks Before Damage Occurs   

Russia’s Rostec allegedly can de-anonymize Telegram users

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Moshen Dragon)



Pierluigi Paganini
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.





You might also like





  • Digging the Deep Web: Exploring the dark side of the web

    Digging The Deep Web

  • Center for Cyber Security and International Relations Studies

  • Subscribe Security Affairs Newsletter

    newsletter

  • SecurityAffairs awarded as Best European Cybersecurity Tech Blog at European Cybersecurity Blogger Awards

    EU Sec Bloggers Awards 22


More Story

Microsoft shares guidance for investigating attacks exploiting CVE-2023-23397

 Microsoft is warning of cyber attacks exploiting a recently patched Outlook vulnerability tracked as CVE-2023-23397 (CVSS...