Security Affairs newsletter Round 423 by Pierluigi Paganini – International edition

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Experts found new MOVEit Transfer SQL Injection flawsThe University of Manchester suffered a cyber attack and suspects a data breachRussians charged with hacking Mt. Gox exchange and operating BTC-eJapanese Pharmaceutical giant Eisai hit by a ransomware attackClop ransomware gang was testing MOVEit Transfer bug since 2021Stealth Soldier backdoor used is targeted espionage attacks in LibyaResearchers published PoC exploit code for actively exploited Windows elevation of privilege issueExperts detail a new Kimsuky social engineering campaignGerman recruiter Pflegia leaks sensitive job seeker infoCisco fixes privilege escalation bug in Cisco Secure ClientBarracuda ESG appliances impacted by CVE-2023-2868 must be immediately replacedVMware fixes a command injection flaw CVE-2023-20887 in VMware Aria Operations for NetworksClop ransomware gang claims the hack of hundreds of victims exploiting MOVEit Transfer bugJune 2023 Security Update for Android fixed Arm Mali GPU bug used by spywareNew PowerDrop malware targets U.S. aerospace defense industry+60,000 Android apps spotted hiding adware for past six monthsNASA website flaw jeopardizes astrobiology fansHackers stole around $35 million in Atomic Wallet security breachGoogle fixed the third Chrome zero-day of 2023Cyclops Ransomware group offers a multiplatform Info StealerBritish Airways, BBC and Boots were impacted the by Zellis data breachKeePass fixed the bug that allows the extraction of the cleartext master passwordMicrosoft blames Clop ransomware gang for ‘MOVEit Transfer’ attacksIdaho Hospitals hit by a cyberattack that impacted their operationsExperts warn of a surge of TrueBot activity in May 2023Magecart campaign abuses legitimate sites to host web skimmers and act as C2Spanish bank Globalcaja confirms Play ransomware attackSecurity Affairs newsletter Round 422 by Pierluigi Paganini – International editionXplain hack impacted the Swiss cantonal police and FedpolZyxel published guidance for protecting devices from ongoing attacksKimsuky APT poses as journalists and broadcast writers in its attacksNew Linux Ransomware BlackSuit is similar to Royal ransomwareInternational Press


New Magecart-Style Campaign Abusing Legitimate Websites to Attack Others  

Large Spanish bank confirms ransomware attack

$35 million stolen in attacks on Atomic Wallet cryptocurrency customers   

Pharmaceutical Giant Eisai Takes Systems Offline Following Ransomware Attack

Russian Nationals Charged With Hacking One Cryptocurrency Exchange and Illicitly Operating Another

How Global Information Sharing Can Help Stop Cybercrime    

University of Manchester says hackers ‘likely’ stole data in cyberattack


British Airways staff’s details stolen in cyber breach hitting firms around the world  

Analysis of CVE-2023-29336 Win32k Privilege Escalation Vulnerability (with POC)  

Clop Ransomware Likely Sitting on MOVEit Transfer Vulnerability (CVE-2023-34362) Since 2021


Carbon Black’s TrueBot Detection  

Cyclops Ransomware and Stealer Combo: Exploring a Dual Threat 

Tens of Thousands of Compromised Android Apps Found by Bitdefender Anomaly Detection Technology

PowerDrop: A New Insidious PowerShell Script for Command and Control Attacks Targets U.S. Aerospace Defense Industry  

Intelligence and Information Warfare

The Evolution of Cyber Operations in Armed Conflict  

Kimsuky Strikes Again | New Social Engineering Campaign Aims to Steal Credentials and Gather Strategic Intelligence  



4 Areas of Cyber Risk That Boards Need to Address

KeePass v2.54 fixes bug that leaked cleartext master password

NASA website flaw jeopardizes astrobiology fans  

Daily Mirror accused of hacking Diana’s phone during friendship with Michael BarrymoreOWASP’s 2023 API Security Top 10 Refines View of API Risks  

Barracuda says hacked ESG appliances must be replaced immediately  

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)

The post Security Affairs newsletter Round 423 by Pierluigi Paganini – International edition appeared first on Security Affairs.