Security Affairs newsletter Round 438 by Pierluigi Paganini

Cybercrime

Russian cyber thieves linked to personal data breach at North Carolina hospitals 

International operation closes down Piilopuoti dark web marketplace   

THE CITY OF DALLAS RANSOMWARE INCIDENT: MAY 2023

Nigerian National Pleads Guilty To His Role In A Business Email Compromise Scheme  

Malware

Bumblebee Loader Resurfaces in New Campaign  

Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement  

Stealth Falcon preying over Middle Eastern skies with Deadglyph  

Inside the Code of a New XWorm Variant

Who’s Behind the 8Base Ransomware Website?  

Cado Security Labs Researchers Witness a 600X Increase in P2Pinfect Traffic  

Hacking

Retool attack – When MFA isn’t actually MFA

Fileless Remote Code Execution on Juniper Firewalls  

Arbitrary code execution vulnerability in Trend Micro endpoint products’ ability to uninstall third-party security products  

The outage at the airports really came from a computer attack  

Russia linked to cyberattack on government services 

Intelligence and Information Warfare

How the Lazarus Group is stepping up crypto hacks and changing its tactics

Lazarus Group’s Web3 Rampage      

German spy chief warns of cyberattacks targeting liquefied natural gas terminals  

New ShroudedSnooper actor targets telecommunications firms in the Middle East with novel Implants  

Sandman APT | A Mystery Group Targeting Telcos with a LuaJIT Toolkit 

Is That a Spy in Your Car?

0-days exploited by commercial surveillance vendor in Egypt

PREDATOR IN THE WIRES        

OilRig’s Outer Space and Juicy Mix: Same ol’ rig, new drill pipes 

Cybersecurity