Security Affairs newsletter Round 421 by Pierluigi Paganini – International edition

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Is the BlackByte ransomware gang behind the City of Augusta attack?New Buhti ransomware operation uses rebranded LockBit and Babuk payloadsNew PowerExchange Backdoor linked to an Iranian APT groupDark Frost Botnet targets the gaming sector with powerful DDoSNew CosmicEnergy ICS malware threatens energy grid assetsD-Link fixes two critical flaws in D-View 8 network management suiteZyxel firewall and VPN devices affected by critical flawsChina-linked APT Volt Typhoon targets critical infrastructure organizationsNorth Korea-linked Lazarus APT targets Microsoft IIS servers to deploy malwareIran-linked Tortoiseshell APT behind watering hole attacks on shipping and logistics Israeli websitesBarracuda Email Security Gateway (ESG) hacked via zero-day bugThe US government sanctioned four entities and one individual for supporting cyber operations conducted by North KoreaUkraine’s CERT-UA warns of espionage activity conducted by UAC-0063AhRat Android RAT was concealed in iRecorder app in Google PlayThe previously undocumented GoldenJackal APT targets Middle East, South Asia entitiesGoogle announced its Mobile VRP (vulnerability rewards program)German arms manufacturer Rheinmetall suffered Black Basta ransomware attackA deeper insight into the CloudWizard APT’s activity revealed a long-running activityBlackCat Ransomware affiliate uses signed kernel driver to evade detectionCISA adds iPhone bugs to its Known Exploited Vulnerabilities catalogEU hits Meta with $1.3 billion fine for transferring European user data to the USDish Network says the February ransomware attack impacted +300,000 individualsChina bans chip maker Micron from its key information infrastructureBatLoader campaign impersonates ChatGPT and Midjourney to deliver Redline StealerPyPI Repository temporarily suspends user sign-ups and package uploads due to ongoing attacksInternational Press



German arms company Rheinmetall confirms Black Basta ransomware group behind cyberattack 

Cryptomining group traced to Indonesia uses compromised AWS accounts  

Triple Threat: Insecure Economy, Cybercrime Recruitment and Insider Threats


PyPI Repository Under Attack: User Sign-Ups and Package Uploads Temporarily Halted

Android phones are vulnerable to fingerprint brute-force attacks

Flipper Zero Disconnecting Smart Meter Power to House  

Lazarus Group Targeting Windows IIS Web Servers   


BatLoader Impersonates Midjourney, ChatGPT in Drive-by Cyberattacks   

BlackCat Ransomware Deploys New Signed Kernel Driver  

COSMICENERGY: New OT Malware Possibly Related To Russian Emergency Response Exercises

The Dark Frost Enigma: An Unexpectedly Prevalent Botnet Author Profile

YouTube Pirated Software Videos Deliver Triple Threat: Vidar Stealer, Laplas Clipper, XMRig Miner

Buhti: New Ransomware Operation Relies on Repurposed Payloads           

Intelligence and Information Warfare

CloudWizard APT: the bad magic story goes on  

Meet the GoldenJackal APT group. Don’t expect any howls 

Espionage activity UAC-0063 in relation to Ukraine, Kazakhstan, Kyrgyzstan, Mongolia, Israel, India   

Fata Morgana: Watering hole attack on shipping and logistics websites   

Volt Typhoon targets US critical infrastructure with living-off-the-land techniques      

APT 29 Initial Access Killchain -MITRE ATT@CK Mapping  


China bans major chip maker Micron from key infrastructure projects

Data Protection Commission announces conclusion of inquiry into Meta Ireland

Treasury Targets DPRK Malicious Cyber and Illicit IT Worker Activities

Barracuda identified a vulnerability (CVE-2023-2868) in our Email Security Gateway appliance (ESG) on May 19, 2023      

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)
The post Security Affairs newsletter Round 421 by Pierluigi Paganini – International edition appeared first on Security Affairs.