Security Affairs newsletter Round 416 by Pierluigi Paganini – International edition

April 23, 2023  By Pierluigi Paganini


A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Abandoned Eval PHP WordPress plugin abused to backdoor websites
CISA adds MinIO, PaperCut, and Chrome bugs to its Known Exploited Vulnerabilities catalog
At least 2 critical infrastructure orgs breached by North Korea-linked hackers behind 3CX attack
American Bar Association (ABA) suffered a data breach,1.4 million members impacted
Pro-Russia hackers launched a massive attack against the EUROCONTROL agency
Cisco fixed critical flaws in the Industrial Network Director and Modeling Labs solutions
Intro to phishing: simulating attacks to build resiliency
Multinational ICICI Bank leaks passports and credit card numbers
VMware fixed a critical flaw in vRealize that allows executing arbitrary code as root
Lazarus APT group employed Linux Malware in recent attacks and was linked to 3CX supply chain attack
Experts disclosed two critical flaws in Alibaba cloud database services
Google TAG warns of Russia-linked APT groups targeting Ukraine
Trigona Ransomware targets Microsoft SQL servers
Russian national sentenced to time served for committing money laundering for the Ryuk ransomware operation
Google fixed the second actively exploited Chrome zero-day of 2023
US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws
Iran-linked Mint Sandstorm APT targeted US critical infrastructure
PWNYOURHOME, FINDMYPWN, LATENTIMAGE: 3 iOS Zero-Click exploits used by NSO Group in 2022
Experts temporarily disrupted the RedLine Stealer operations
CISA adds bugs in Chrome and macOS to its Known Exploited Vulnerabilities catalog
The intricate relationships between the FIN7 group and members of the Conti ransomware gang
Israeli surveillance firm QuaDream is shutting down amidst spyware accusations
New QBot campaign delivered hijacking business correspondence
China-linked APT41 group spotted using open-source red teaming tool GC2
Vice Society gang is using a custom PowerShell tool for data exfiltration
Experts warn of an emerging Python-based credential harvester named Legion
Experts found the first LockBit encryptor that targets macOS systems
NCR was the victim of BlackCat/ALPHV ransomware gang
Remcos RAT campaign targets US accounting and tax return preparation firms

International Press

Cybercrime

NCR suffers Aloha POS outage after BlackCat ransomware attack

Capita IT breach gets worse as Black Basta claims it’s now selling off stolen data

Ex-Conti and FIN7 Actors Collaborate with New Domino Backdoor  

Takedown of GitHub Repositories Disrupts RedLine Malware Operations  

Hacking

Legion: an AWS Credential Harvester and SMTP Hijacker    

Russian Man Who Laundered Money for Ryuk Ransomware Gang Sentenced   

#BrokenSesame: Accidental ‘write’ permissions to private registry allowed potential RCE to Alibaba Cloud Database Services  

European air traffic control agency’s website under cyber attack from pro-Russian hackers: Report

X_Trader Supply Chain Attack Affects Critical Infrastructure Organizations in U.S. and Europe  

Massive Abuse of Abandoned Eval PHP WordPress Plugin   

Malware

The LockBit ransomware (kinda) comes for macOS  

Vice Society: A Tale of Victim Data Exfiltration via PowerShell, aka Stealing off the Land  

QBot banker delivered through business correspondence

Trigona Ransomware Attacking MS-SQL Servers   

Triple Threat NSO Group’s Pegasus Spyware Returns in 2022 with a Trio of iOS 15 and iOS 16 Zero-Click Exploit Chains 

Intelligence and Information Warfare

Threat Horizons April 2023 Threat Horizons Report

Online Gaming Chats Have Long Been Spy Risk for US Military

DOJ charges 34 with operating Chinese gov’t troll farm that harassed dissidents 

The NTC Vulkan Files: Implications for Cybersecurity and Businesses  

Nation-state threat actor Mint Sandstorm refines tradecraft to attack high-value targets  

State-sponsored campaigns target global network infrastructure

APT28 Exploits Known Vulnerability to Carry Out Reconnaissance and Deploy Malware on Cisco Routers

Ukraine remains Russia’s biggest cyber focus in 2023  

Linux malware strengthens links between Lazarus and the 3CX supply‑chain attack    

Cybersecurity

Offensive cyber company QuaDream shutting down amidst spyware accusations  

Questions and Answers: Cyber: towards stronger EU capabilities for effective operational cooperation, solidarity and resilience   

Google Chrome Hit by Second Zero-Day Attack – Urgent Patch Update Released

AI security concerns in a nutshell – Practical AI Security guide

WhatsApp and Signal unite against online safety bill amid privacy concerns    

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Please vote for Security Affairs (https://securityaffairs.com/) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections:

  • The Teacher – Most Educational Blog
  • The Entertainer – Most Entertaining Blog
  • The Tech Whizz – Best Technical Blog
  • Best Social Media Account to Follow (@securityaffairs)

Please nominate Security Affairs as your favorite blog.

Nominate here: https://docs.google.com/forms/d/e/1FAIpQLSfaFMkrMlrLhOBsRPKdv56Y4HgC88Bcji4V7OCxCm_OmyPoLw/viewform

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)



Pierluigi Paganini
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.





You might also like





  • Digging the Deep Web: Exploring the dark side of the web

    Digging The Deep Web

  • Center for Cyber Security and International Relations Studies

  • Subscribe Security Affairs Newsletter

    newsletter

  • SecurityAffairs awarded as Best European Cybersecurity Tech Blog at European Cybersecurity Blogger Awards

    EU Sec Bloggers Awards 22


More Story

Abandoned Eval PHP WordPress plugin abused to backdoor websites

 Threat actors were observed installing the abandoned Eval PHP plugin on compromised WordPress sites for backdoor deployment. Researchers...