Security Affairs newsletter Round 412 by Pierluigi Paganini – International edition

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box.

If you want to also receive for free the newsletter with the international press subscribe here.

NCA infiltrates the cybercriminal underground with fake DDoS-for-hire sitesPwn2Own Vancouver 2023 awarded $1,035,000 and a Tesla for 27 0-daysCISA announced the Pre-Ransomware Notifications initiativeChina-linked hackers target telecommunication providers in the Middle EastCity of Toronto is one of the victims hacked by Clop gang using GoAnywhere zero-dayCritical flaw in WooCommerce Payments plugin allows site takeoverPwn2Own Vancouver 2023 Day 2: Microsoft Teams, Oracle VirtualBox, and Tesla hackedExperts published PoC exploit code for Veeam Backup & Replication bugCisco fixed multiple severe vulnerabilities in its IOS and IOS XE softwareNexus, an emerging Android banking Trojan targets 450 financial appsDole discloses data breach after February ransomware attackPwn2Own Vancouver 2023 Day 1: Windows 11 and Tesla hackedLionsgate streaming platform with 37m subscribers leaks user dataRogue ChatGPT extension FakeGPT hijacked Facebook accountsExperts released PoC exploits for severe flaws in Netgear Orbi routersENISA: Ransomware became a prominent threat against the transport sector in 2022BreachForums current Admin Baphomet shuts down BreachForumsIndependent Living Systems data breach impacts more than 4M individualsNew Bad Magic APT used CommonMagic framework in the area of Russo-Ukrainian conflictNew ShellBot bot targets poorly managed Linux SSH Servers2022 Zero-Day exploitation continues at a worrisome paceFerrari confirms data breach after receiving a ransom demand from an unnamed extortion groupCrooks stole more than $1.5M worth of Bitcoin from General Bytes ATMsAcropalypse flaw in Google Pixel’s Markup tool allowed the recovery of edited imagesThreat actors abuse Adobe Acrobat Sign to distribute RedLine info-stealerEmotet is back after a three-month hiatusPlay ransomware gang hit Dutch shipping firm Royal DirkzwagerLowe’s Market chain leaves client data up for grabsNBA is warning fans of a data breach after a third-party newsletter service hackInternational Press


[Developing] BreachForums’ Alleged Admin Pompompurin Arrested, Dark Web Reacts

Largest telecom in Guam starts restoring services after cyberattack

Dole Says Employee Information Compromised in Ransomware Attack    

NCA infiltrates cyber crime market with disguised DDoS sites   

DOJ says ‘millions’ of US citizens victimized by BreachForums administrator

FBI, CISA investigating cyberattack on Puerto Rico’s water authority  


(Ab)using Adobe Acrobat Sign to distribute malware   

Exploiting aCropalypse: Recovering Truncated PNGs

External Trusts Are Evil   

Vulnerability Spotlight: Netgear Orbi router vulnerable to arbitrary command execution 

MojoBox: Yet-Another Not-So-SmartLock



Emotet adopts Microsoft OneNote attachments

ShellBot Malware Being Distributed to Linux SSH Servers  

“FakeGPT” #2: Open-Source Turned Malicious in Another Variant of the Facebook Account-Stealer Chrome Extension   

Nexus: a new Android botnet?  

Building a Custom Mach-O Memory Loader for macOS – Part 1

Intelligence and Information Warfare

Bad magic: new APT found in the area of Russo-Ukrainian conflict   

German and South Korean Agencies Warn of Kimsuky’s Expanding Cyber Attack Tactics

Notorious SideCopy APT group sets sights on India’s DRDO  

Operation Tainted Love | Chinese APTs Target Telcos in New Attacks   


Move, Patch, Get Out the Way: 2022 Zero-Day Exploitation Continues at an Elevated Pace  

UK issues strategy to protect National Health Service from cyberattacks 

Understanding Cyber Threats in Transport

Lineup set for House talks on Section 702 surveillance law

Veeam Backup and Replication CVE-2023-27532 Deep Dive  

Critical Vulnerability Discovered in WooCommerce Payments

Getting Ahead of the Ransomware Epidemic: CISA’s Pre-Ransomware Notifications Help Organizations Stop Attacks Before Damage Occurs   

Russia’s Rostec allegedly can de-anonymize Telegram users

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Moshen Dragon)

The post Security Affairs newsletter Round 412 by Pierluigi Paganini – International edition appeared first on Security Affairs.