Security Affairs newsletter Round 419 by Pierluigi Paganini – International edition
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box.
Please vote for Security Affairs (https://securityaffairs.com/) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections where is reported Securityaffairs or my name Pierluigi Paganini
Please nominate Security Affairs as your favorite blog.
Nominate Pierluigi Paganini and Security Affairs here here: https://docs.google.com/forms/d/e/1FAIpQLSepvnj8b7QzMdLh7vWEDQDqohjBUsHyn3x3xRdYGCetwVy2DA/viewform
Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.
Personal info of 90k hikers leaked by French tourism company La Malle PostaleData of more than 2M Toyota customers exposed in ten years-long data breachDiscord suffered a data after third-party support agent was hackedRussia-affiliated CheckMate ransomware quietly targets popular file-sharing protocolBl00dy Ransomware Gang actively targets the education sector exploiting PaperCut RCELeaked source code of Babuk ransomware used by 10 different ransomware families targeting VMware ESXiWhat the Email Security Landscape Looks Like in 2023The Black Basta ransomware gang hit multinational company ABBA flaw in the Essential ‘Addons for Elementor’ WordPress plugin poses 1M sites at risk of hackingExperts share details of five flaws that can be chained to hack Netgear RAX30 Routers
We are in the final! Please vote for Security Affairs and Pierluigi PaganiniGoogle will provide dark web monitoring to all US Gmail users and moreNorth Korea-linked APT breached the Seoul National University HospitalTwitter now supports Encrypted Direct Messages, with some limitationsA zero-click vulnerability in Windows allows stealing NTLM credentialsCybersecurity firm Dragos shared details about a failed extortion attempt it sufferedDownEx cyberespionage operation targets Central AsiaSmashing Pumpkins frontman paid ransom to a hacker who threatened to leak the band’s songsUS disrupts Russia-linked Snake implant’s networkMicrosoft Patch Tuesday for May 2023 fixed 2 actively exploited zero-day flaws
The global food distribution giant Sysco discloses a data breachA Linux NetFilter kernel flaw allows escalating privileges to ‘root’Fortinet warns of a spike of the activity linked to AndoryuBot DDoS botnetFBI seized 13 domains linked to DDoS-for-hire platformsNew CACTUS ransomware appeared in the threat landscapeIran-linked APT groups started exploiting Papercut flawMoney Message gang leaked private code signing keys from MSI data breachNextGen Healthcare suffered a data breach that impacted +1 Million individualsWestern Digital notifies customers of data breach after March cyberattackCERT-UA warns of an ongoing SmokeLoader campaign
SEC issued a record award of $279 million to a whistleblowerSan Bernardino County Sheriff’s Department paid a $1.1M ransomDragon Breath APT uses double-dip DLL sideloading strategy
International Press
San Bernardino County pays $1.1-million ransom over Sheriff’s Department hack
Reverting UAC-0006: Mass distribution of SmokeLoader using the “accounts” theme (CERT-UA#6613)
Western Digital to bring services back online soon after security breach
MSI’s leaked firmware keys endanger hundreds of devices
$10M Is Yours If You Can Get This Guy to Leave Russia
Dragos – Deconstructing a Cybersecurity Event
Malicious Actors Exploit CVE-2023-27350 in PaperCut MF and NG
Silk Road scammer charged with narcotics trafficking and money laundering
Hacking
A doubled “Dragon Breath” adds new air to DLL sideloading attacks
CVE-2023-32233 – Linux Kernel Privilege Escalation: A Critical Security Vulnerability Uncovered
From One Vulnerability to Another: Outlook Patch Analysis Reveals Important Flaw in Windows API
Cracked password analytics with Kraken
Chaining Five Vulnerabilities to Exploit Netgear Nighthawk RAX30 Routers at Pwn2Own Toronto 2022
BlackBit Ransomware: A Threat from the Shadows of LokiLocker
Hunting Russian Intelligence “Snake” Malware
AndoryuBot – New Botnet Campaign Targets Ruckus Wireless Admin Remote Code Execution Vulnerability
Hypervisor Ransomware | Multiple Threat Actor Groups Hop on Leaked Babuk Code to Build ESXi Lockers
Intelligence and Information Warfare
Attack on Security Titans: Earth Longzhi Returns With New Tricks
Deep Dive Into DownEx Espionage Operation in Central Asia
Cybersecurity
SEC Issues Largest-Ever Whistleblower Award
The MAY 2023 security update review
TikTok Tracked Users Who Watched Gay Content, Prompting Employee Complaints
About Encrypted Direct Messages
New features and updates to improve online safety
Critical Privilege Escalation in Essential Addons for Elementor Plugin Affecting 1+ Million Sites
Toyota: Data on more than 2 million vehicles in Japan were at risk in decade-long breach
Global Surveillance: The Secretive Swiss Dealer Enabling Israeli Spy Firms
Henry Kissinger on a potential artificial intelligence arms race tive Fired From TikTok’s Chinese Owner Says Beijing Australia remains most hacked nation globally despite pleas to lift security standardscess to App Data in Termination Suit
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
The post Security Affairs newsletter Round 419 by Pierluigi Paganini – International edition appeared first on Security Affairs.
About The Author
