Security Affairs newsletter Round 421 by Pierluigi Paganini – International edition

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.
Is the BlackByte ransomware gang behind the City of Augusta attack?New Buhti ransomware operation uses rebranded LockBit and Babuk payloadsNew PowerExchange Backdoor linked to an Iranian APT groupDark Frost Botnet targets the gaming sector with powerful DDoSNew CosmicEnergy ICS malware threatens energy grid assetsD-Link fixes two critical flaws in D-View 8 network management suiteZyxel firewall and VPN devices affected by critical flawsChina-linked APT Volt Typhoon targets critical infrastructure organizationsNorth Korea-linked Lazarus APT targets Microsoft IIS servers to deploy malwareIran-linked Tortoiseshell APT behind watering hole attacks on shipping and logistics Israeli websites
Barracuda Email Security Gateway (ESG) hacked via zero-day bugThe US government sanctioned four entities and one individual for supporting cyber operations conducted by North KoreaUkraine’s CERT-UA warns of espionage activity conducted by UAC-0063AhRat Android RAT was concealed in iRecorder app in Google PlayThe previously undocumented GoldenJackal APT targets Middle East, South Asia entitiesGoogle announced its Mobile VRP (vulnerability rewards program)German arms manufacturer Rheinmetall suffered Black Basta ransomware attackA deeper insight into the CloudWizard APT’s activity revealed a long-running activityBlackCat Ransomware affiliate uses signed kernel driver to evade detectionCISA adds iPhone bugs to its Known Exploited Vulnerabilities catalog
EU hits Meta with $1.3 billion fine for transferring European user data to the USDish Network says the February ransomware attack impacted +300,000 individualsChina bans chip maker Micron from its key information infrastructureBatLoader campaign impersonates ChatGPT and Midjourney to deliver Redline StealerPyPI Repository temporarily suspends user sign-ups and package uploads due to ongoing attacks
International Press
The Hunt for VENOM SPIDER PART 2
German arms company Rheinmetall confirms Black Basta ransomware group behind cyberattack
Cryptomining group traced to Indonesia uses compromised AWS accounts
Triple Threat: Insecure Economy, Cybercrime Recruitment and Insider Threats
Hacking
PyPI Repository Under Attack: User Sign-Ups and Package Uploads Temporarily Halted
Android phones are vulnerable to fingerprint brute-force attacks
Flipper Zero Disconnecting Smart Meter Power to House
Lazarus Group Targeting Windows IIS Web Servers
BatLoader Impersonates Midjourney, ChatGPT in Drive-by Cyberattacks
BlackCat Ransomware Deploys New Signed Kernel Driver
COSMICENERGY: New OT Malware Possibly Related To Russian Emergency Response Exercises
The Dark Frost Enigma: An Unexpectedly Prevalent Botnet Author Profile
YouTube Pirated Software Videos Deliver Triple Threat: Vidar Stealer, Laplas Clipper, XMRig Miner
Buhti: New Ransomware Operation Relies on Repurposed Payloads
Intelligence and Information Warfare
CloudWizard APT: the bad magic story goes on
Meet the GoldenJackal APT group. Don’t expect any howls
Espionage activity UAC-0063 in relation to Ukraine, Kazakhstan, Kyrgyzstan, Mongolia, Israel, India
Fata Morgana: Watering hole attack on shipping and logistics websites
Volt Typhoon targets US critical infrastructure with living-off-the-land techniques
APT 29 Initial Access Killchain -MITRE ATT@CK Mapping
Cybersecurity
China bans major chip maker Micron from key infrastructure projects
Data Protection Commission announces conclusion of inquiry into Meta Ireland
Treasury Targets DPRK Malicious Cyber and Illicit IT Worker Activities
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, newsletter)
The post Security Affairs newsletter Round 421 by Pierluigi Paganini – International edition appeared first on Security Affairs.