Security Affairs newsletter Round 421 by Pierluigi Paganini – International edition

Pierluigi Paganini May 27, 2023

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Is the BlackByte ransomware gang behind the City of Augusta attack?
New Buhti ransomware operation uses rebranded LockBit and Babuk payloads
New PowerExchange Backdoor linked to an Iranian APT group
Dark Frost Botnet targets the gaming sector with powerful DDoS
New CosmicEnergy ICS malware threatens energy grid assets
D-Link fixes two critical flaws in D-View 8 network management suite
Zyxel firewall and VPN devices affected by critical flaws
China-linked APT Volt Typhoon targets critical infrastructure organizations
North Korea-linked Lazarus APT targets Microsoft IIS servers to deploy malware
Iran-linked Tortoiseshell APT behind watering hole attacks on shipping and logistics Israeli websites
Barracuda Email Security Gateway (ESG) hacked via zero-day bug
The US government sanctioned four entities and one individual for supporting cyber operations conducted by North Korea
Ukraine’s CERT-UA warns of espionage activity conducted by UAC-0063
AhRat Android RAT was concealed in iRecorder app in Google Play
The previously undocumented GoldenJackal APT targets Middle East, South Asia entities
Google announced its Mobile VRP (vulnerability rewards program)
German arms manufacturer Rheinmetall suffered Black Basta ransomware attack
A deeper insight into the CloudWizard APT’s activity revealed a long-running activity
BlackCat Ransomware affiliate uses signed kernel driver to evade detection
CISA adds iPhone bugs to its Known Exploited Vulnerabilities catalog
EU hits Meta with $1.3 billion fine for transferring European user data to the US
Dish Network says the February ransomware attack impacted +300,000 individuals
China bans chip maker Micron from its key information infrastructure
BatLoader campaign impersonates ChatGPT and Midjourney to deliver Redline Stealer
PyPI Repository temporarily suspends user sign-ups and package uploads due to ongoing attacks

International Press



German arms company Rheinmetall confirms Black Basta ransomware group behind cyberattack 

Cryptomining group traced to Indonesia uses compromised AWS accounts  

Triple Threat: Insecure Economy, Cybercrime Recruitment and Insider Threats


PyPI Repository Under Attack: User Sign-Ups and Package Uploads Temporarily Halted

Android phones are vulnerable to fingerprint brute-force attacks

Flipper Zero Disconnecting Smart Meter Power to House  

Lazarus Group Targeting Windows IIS Web Servers   


BatLoader Impersonates Midjourney, ChatGPT in Drive-by Cyberattacks   

BlackCat Ransomware Deploys New Signed Kernel Driver  

COSMICENERGY: New OT Malware Possibly Related To Russian Emergency Response Exercises

The Dark Frost Enigma: An Unexpectedly Prevalent Botnet Author Profile

YouTube Pirated Software Videos Deliver Triple Threat: Vidar Stealer, Laplas Clipper, XMRig Miner

Buhti: New Ransomware Operation Relies on Repurposed Payloads           

Intelligence and Information Warfare

CloudWizard APT: the bad magic story goes on  

Meet the GoldenJackal APT group. Don’t expect any howls 

Espionage activity UAC-0063 in relation to Ukraine, Kazakhstan, Kyrgyzstan, Mongolia, Israel, India   

Fata Morgana: Watering hole attack on shipping and logistics websites   

Volt Typhoon targets US critical infrastructure with living-off-the-land techniques      

APT 29 Initial Access Killchain -MITRE ATT@CK Mapping  


China bans major chip maker Micron from key infrastructure projects

Data Protection Commission announces conclusion of inquiry into Meta Ireland

Treasury Targets DPRK Malicious Cyber and Illicit IT Worker Activities

Barracuda identified a vulnerability (CVE-2023-2868) in our Email Security Gateway appliance (ESG) on May 19, 2023      

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)

you might also like

leave a comment