Security Affairs newsletter Round 416 by Pierluigi Paganini – International edition

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Abandoned Eval PHP WordPress plugin abused to backdoor websitesCISA adds MinIO, PaperCut, and Chrome bugs to its Known Exploited Vulnerabilities catalogAt least 2 critical infrastructure orgs breached by North Korea-linked hackers behind 3CX attackAmerican Bar Association (ABA) suffered a data breach,1.4 million members impactedPro-Russia hackers launched a massive attack against the EUROCONTROL agencyCisco fixed critical flaws in the Industrial Network Director and Modeling Labs solutionsIntro to phishing: simulating attacks to build resiliencyMultinational ICICI Bank leaks passports and credit card numbersVMware fixed a critical flaw in vRealize that allows executing arbitrary code as rootLazarus APT group employed Linux Malware in recent attacks and was linked to 3CX supply chain attackExperts disclosed two critical flaws in Alibaba cloud database servicesGoogle TAG warns of Russia-linked APT groups targeting UkraineTrigona Ransomware targets Microsoft SQL serversRussian national sentenced to time served for committing money laundering for the Ryuk ransomware operationGoogle fixed the second actively exploited Chrome zero-day of 2023US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flawsIran-linked Mint Sandstorm APT targeted US critical infrastructurePWNYOURHOME, FINDMYPWN, LATENTIMAGE: 3 iOS Zero-Click exploits used by NSO Group in 2022Experts temporarily disrupted the RedLine Stealer operationsCISA adds bugs in Chrome and macOS to its Known Exploited Vulnerabilities catalog
The intricate relationships between the FIN7 group and members of the Conti ransomware gang
Israeli surveillance firm QuaDream is shutting down amidst spyware accusationsNew QBot campaign delivered hijacking business correspondenceChina-linked APT41 group spotted using open-source red teaming tool GC2Vice Society gang is using a custom PowerShell tool for data exfiltrationExperts warn of an emerging Python-based credential harvester named LegionExperts found the first LockBit encryptor that targets macOS systemsNCR was the victim of BlackCat/ALPHV ransomware gangRemcos RAT campaign targets US accounting and tax return preparation firms

International Press


NCR suffers Aloha POS outage after BlackCat ransomware attack

Capita IT breach gets worse as Black Basta claims it’s now selling off stolen data

Ex-Conti and FIN7 Actors Collaborate with New Domino Backdoor  

Takedown of GitHub Repositories Disrupts RedLine Malware Operations  


Legion: an AWS Credential Harvester and SMTP Hijacker    

Russian Man Who Laundered Money for Ryuk Ransomware Gang Sentenced   

#BrokenSesame: Accidental ‘write’ permissions to private registry allowed potential RCE to Alibaba Cloud Database Services  

European air traffic control agency’s website under cyber attack from pro-Russian hackers: Report

X_Trader Supply Chain Attack Affects Critical Infrastructure Organizations in U.S. and Europe  

Massive Abuse of Abandoned Eval PHP WordPress Plugin   


The LockBit ransomware (kinda) comes for macOS  

Vice Society: A Tale of Victim Data Exfiltration via PowerShell, aka Stealing off the Land  

QBot banker delivered through business correspondence

Trigona Ransomware Attacking MS-SQL Servers   

Triple Threat NSO Group’s Pegasus Spyware Returns in 2022 with a Trio of iOS 15 and iOS 16 Zero-Click Exploit Chains 

Intelligence and Information Warfare

Threat Horizons April 2023 Threat Horizons Report

Online Gaming Chats Have Long Been Spy Risk for US Military

DOJ charges 34 with operating Chinese gov’t troll farm that harassed dissidents 

The NTC Vulkan Files: Implications for Cybersecurity and Businesses  

Nation-state threat actor Mint Sandstorm refines tradecraft to attack high-value targets  

State-sponsored campaigns target global network infrastructure

APT28 Exploits Known Vulnerability to Carry Out Reconnaissance and Deploy Malware on Cisco Routers

Ukraine remains Russia’s biggest cyber focus in 2023  

Linux malware strengthens links between Lazarus and the 3CX supply‑chain attack    


Offensive cyber company QuaDream shutting down amidst spyware accusations  

Questions and Answers: Cyber: towards stronger EU capabilities for effective operational cooperation, solidarity and resilience   

Google Chrome Hit by Second Zero-Day Attack – Urgent Patch Update Released

AI security concerns in a nutshell – Practical AI Security guide

WhatsApp and Signal unite against online safety bill amid privacy concerns    

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Please vote for Security Affairs ( as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections:

The Teacher – Most Educational Blog

The Entertainer – Most Entertaining Blog

The Tech Whizz – Best Technical Blog

Best Social Media Account to Follow (@securityaffairs)

Please nominate Security Affairs as your favorite blog.

Nominate here:

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)

The post Security Affairs newsletter Round 416 by Pierluigi Paganini – International edition appeared first on Security Affairs.

About The Author