Security Affairs newsletter Round 417 by Pierluigi Paganini – International edition

Pierluigi Paganini April 30, 2023

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

ViperSoftX uses more sophisticated encryption and anti-analysis techniques
Atomic macOS Stealer is advertised on Telegram for $1,000 per month
CISA warns of a critical flaw affecting Illumina medical devices
OpenAI reinstates ChatGPT service in Italy after meeting Garante Privacy’s demands
Cisco discloses a bug in the Prime Collaboration Deployment solution
Zyxel fixed a critical RCE flaw in its firewall devices and urges customers to install the patches
Ukraine cyber police arrested a man for selling data of 300M people
Google obtained a temporary court order against CryptBot distributors
Researchers found the first Linux variant of the RTM locker
Crooks use PaperCut exploits to deliver Cl0p and LockBit ransomware
CryptoRom: OkCupid scam cost Florida man $480k – we followed the money to Binance
Iranian Charming Kitten APT used a new BellaCiao malware in recent wave of attacks
China-linked Alloy Taurus APT uses a Linux variant of PingPull malware
A component in Huawei network appliances could be used to take down Germany’s telecoms networks
Thousands of publicly-exposed Apache Superset installs exposed to RCE attacks
Pro-Russia hacking group executed a disruptive attack against a Canadian gas pipeline
SLP flaw allows DDoS attacks with an amplification factor as high as 2200 times
VMware addressed two zero-day flaws demonstrated at Pwn2Own Vancouver 2023
A new Mirai botnet variant targets TP-Link Archer A21
Google researchers found multiple security issues in Intel TDX
Google Authenticator App now supports Google Account synchronization
Peugeot leaks access to user information in South America
North Korea-linked BlueNoroff APT is behind the new RustBucket Mac Malware
AuKill tool uses BYOVD attack to disable EDR software
Experts released PoC Exploit code for actively exploited PaperCut flaw
EvilExtractor, a new All-in-One info stealer appeared on the Dark Web
Russian cybercrime group likely behind ongoing exploitation of PaperCut flaws
Hackers can hack organizations using data found on their discarded enterprise network equipment
Health insurer Point32Health suffered a ransomware attack
Experts spotted first-ever crypto mining campaign leveraging Kubernetes RBAC

International Press


Continuing our work to hold cybercriminal ecosystems accountable  

First draft of controversial UN Cybercrime Treaty slated for June

The cyber police exposed an attacker in the sale of databases with personal data of citizens of Ukraine and the EU   


First-Ever Attack Leveraging Kubernetes RBAC to Backdoor Clusters   

Hacker Group Names Are Now Absurdly Out of Control

Critical vulnerabilities in papercut print management software

PaperCut CVE-2023-27350 Deep Dive and Indicators of Compromise 

Compromising Garmin’s Sport Watches: A Deep Dive into GarminOS and its MonkeyC Virtual Machine

Cyberattacks on Canada’s gas infrastructure left ‘no physical damage,’ Trudeau says      

CVE-2023-27524: Insecure Default Configuration in Apache Superset Leads to Remote Code Execution   


EvilExtractor – All-in-One Stealer

‘AuKill’ EDR killer malware abuses Process Explorer driver   

Chinese Alloy Taurus Updates PingPull Malware   

RTM Locker Ransomware as a Service (RaaS) Now Suits Up for Linux Architecture

Threat Actor Selling New Atomic macOS (AMOS) Stealer on Telegram

Citrix Users at Risk: AresLoader Spreading Through Disguised GitLab Repo       

Intelligence and Information Warfare

BlueNoroff APT group targets macOS with ‘RustBucket’ Malware


Leaked Pentagon Documents Reveal Secrets About Friends and Foes

How China’s Huawei spooked Germany into launching a probe      

Unpacking BellaCiao: A Closer Look at Iran’s Latest Malware   


Discarded, not destroyed: Old routers reveal corporate secrets

Google Authenticator now supports Google Account synchronization

Intel Trust Domain Extensions (TDX) Security Review  

New high-severity vulnerability (CVE-2023-29552) discovered in the Service Location Protocol (SLP)

South Korea, US agree to cooperate on cybersecurity and combating North Korean digital heists  

ChatGPT: OpenAI reinstates service in Italy with enhanced transparency and rights for european users and non-users

Illumina Cybersecurity Vulnerability Affecting the Universal Copy Service Software May Present Risks for Patient Results and Customer Networks: Letter to Health Care Providers  

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Please vote for Security Affairs ( as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections:

  • The Teacher – Most Educational Blog
  • The Entertainer – Most Entertaining Blog
  • The Tech Whizz – Best Technical Blog
  • Best Social Media Account to Follow (@securityaffairs)

Please nominate Security Affairs as your favorite blog.

Nominate here:

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)

you might also like

leave a comment