December 2023: Biggest Cyber Attacks, Data Breaches Ransomware Attacks
Date: 2 January 2024
Toyota Financial services, Idaho National Laboratory, Nissan Oceania, Yakult Australia, Norton Healthcare, Apparels Giant VF, Mr. Cooper, Xfinity, Panasonic Aviation, EasyPark, HTC Global Services. Wondering what's common amongst these names? They've all been compromised by cyber crime in the last month of 2023.
- Ransomware Attacks in December 2023
- Cyber Attacks in December 2023
- Data Breaches in December 2023
- New Ransomware/Malware Detected in December 2023
- Vulnerabilities/Patches
- Advisories issued, reports, analysis etc. in December 2023
The year may be ending but the cyber attacks didn't stop. Businesses across verticals and organisations from libraries to healthcare institutions continued to be impacted by the rise in cyber crime. Like every month, we're back with our compilation of the biggest cyber attacks, ransomware attacks and data breaches for December 2023.
Worried how to protect your organisation against this rampant rise in cyber threats? Remember that preparation is the only protection today. Get your cybersecurity incident response plans and Incident Response Playbooks in order.
Test the effectiveness of your plans and processes with Cybersecurity Tabletop Exercises. If you can't hire an expert facilitator, use the below resources to get started on your cyber drills immediately.
- Top Cyber Tabletop Exercise Scenarios
- Cyber Security Tabletop Exercise Template
- Cyber Tabletop Exercise PPT
- Cyber Crisis Tabletop Exercise Checklist
These invaluable free resources have been created by the leading expert in tabletop exercise facilitation worldwide. They are designed to assist you in conducting a successful and efficient incident response tabletop exercise on your own.
Ransomware Attacks in December 2023
Date |
Victim |
Summary |
Threat Actor |
Business Impact |
Source Link |
December 03, 2023 |
Tipalti |
Accounting Software Technology company, Tipalti, investigates claims of data stolen in ransomware attack |
ALPHV/BlackCat Ransomware |
The threat actors claimed to have stolen 265 GB of data, including data for Twitch and Roblox, which they said they will extort separately. |
|
December 04, 2023 |
HTC Global Services confirms cyber attack after data leaked online |
ALPHV/BlackCat |
HTC Global Services confirmed that it suffered a cyber attack after the ALPHV ransomware gang began leaking screenshots of stolen data. The leaked data included passports, contact lists, emails, and confidential documents allegedly stolen during the attack. |
||
December 08, 2023 |
Americold |
Nearly 130,000 affected by ransomware attack on cold storage company Americold |
Unknown |
A ransomware attack in April on cold storage giant Americold, affected nearly 130,000 people, the company announced in a breach report to regulators in Maine. |
|
December 08, 2023 |
Kentucky healthcare giant says 2.5 million people affected by May ransomware attack |
ALPHV/Black Cat Ransomware |
A ransomware attack in May exposed 2.5 million patients of hospitals connected to healthcare giant Norton Healthcare. The company said the data of current and former patients, employees, as well as employee dependents and beneficiaries were leaked as a result of the attack. |
||
December 14, 2023 |
Sony investigating potential ransomware attack on Insomniac Games unit |
Rhysida Ransomware |
The Rhysida ransomware gang claimed to have attacked Insomniac Games, giving the video game developer six days to respond to their undisclosed ransom demand. |
||
December 14, 2023 |
Kraft Heinz investigates hack claims, says systems ‘operating normally’ |
Snatch Team |
In a post on Snatch extortion group's data leak site, the threat actors claimed that they breached Kraft Heinz. |
||
December 14, 2023 |
Delta Dental California |
Delta Dental of California data breach exposed information of 7 million people |
Clop Ransomware (MOVEit breach) |
The data breach impacted 6,928,932 customers of Delta Dental of California, who had their names, financial account numbers, and credit/debit card numbers, including security codes, exposed. |
|
December 20, 2023 |
Tech giant HCL |
Indian tech giant HCL investigating ransomware attack |
Unknown |
The company said it has become aware of a ransomware incident in an isolated cloud environment for one of its projects and there has been no impact observed due to this incident on the overall HCLTech network. |
|
December 21, 2023 |
Bladen County Public Library is on the list of MEOW ransomware gang victims |
MEOW Ransomware |
The ransomware gang claimed an attack on North Carolina’s Bladen County Public Library. County leaders announced that their systems were affected by a cyber attack, and the incident was so damaging that the North Carolina National Guard was called in to help with the recovery effort. |
||
December 21, 2023 |
Toronto Public Library |
Toronto Public Library ‘remains a crime scene’ after ransomware attack |
Unknown |
Toronto City Librarian Vickery Bowles said they’ve spent weeks trying to restore services but library accounts online were still not accessible and public computers as well as printers were not available. The librarian said the attack has been devastating for people who rely on the city’s libraries as their primary source of internet access — particularly low income city residents and school children. |
|
December 22, 2023 |
Mint Mobile discloses new data breach exposing customer data |
Threat actor named “Blue” on BreachForums |
Mint Mobile disclosed a new data breach that exposed the personal information of its customers, including data that can be used to perform SIM swap attacks. |
||
December 26, 2023 |
Yakult Australia confirms 'cyber incident' after 95 GB data leak |
DragonForce |
Yakult Australia confirmed experiencing a "cyber incident" in a statement to BleepingComputer as both the company's Australian and New Zealand IT systems were affected, and DragonForce which claimed responsibility for the cyber attack leaked 95 GB of data that it stated, belongs to the company. |
||
December 27, 2023 |
German hospital network Katholische Hospitalvereinigung Ostwestfalen (KHO) |
Lockbit ransomware disrupts emergency care at German hospitals |
Lockbit Ransomware |
German hospital network Katholische Hospitalvereinigung Ostwestfalen (KHO) confirmed that recent service disruptions at three hospitals were caused by a Lockbit ransomware attack. |
Ransomware attack on German hospital network Katholische Hospitalvereinigung Ostwestfalen (KHO) |
December 27, 2023 |
Ohio Lottery |
Ohio Lottery hit by cyber attack claimed by DragonForce ransomware |
DragonForce Ransomware |
The Ohio Lottery was forced to shut down some key systems after a cyber attack affected an undisclosed number of internal applications on Christmas Eve as the attackers claimed to have encrypted devices and stolen data during the attack, including Social Security Numbers and dates of birth. |
|
December 27, 2023 |
Trinidad and Tobago social security agency |
Trinidad and Tobago social security agency hit with post-Christmas ransomware attack |
Unknown |
A key government agency in Trinidad and Tobago said it was hit with a ransomware attack that will limit its operations for at least the rest of the year. |
Trinidad and Tobago social security agency ransomware attack |
Cyber Attacks in December 2023
Date |
Victim |
Summary |
Threat Actor |
Business Impact |
Source Link |
December 07, 2023 |
Central Virginia transit system affected by cyber incident |
Play Ransomware |
The Greater Richmond Transit Company (GRTC) that runs the transit system for central Virginia faced a computer network disruption due to a cyber attack around the Thanksgiving holiday. |
Cyber attack on Central Virginia’s Greater Richmond Transit Company (GRTC) |
|
December 11, 2023 |
A private group water scheme in the rural Erris area of County Mayo in Ireland that uses vulnerable Unitronics tool |
Two-day water outage in remote Irish region caused by pro-Iran hackers |
Cyber Av3ngers Group |
The incident affected a private group water scheme by exploiting a vulnerability (CVE-2023-6448) in an Israel-made Unitronics tool used by a water body in the rural Erris area of County Mayo. The attack resulted in outages for approximately 160 households over two days, and was as a result of the exploitation of a vulnerability in a particular type of programmable logic controller. |
|
December 11, 2023 |
Central Bank of Lesotho |
Central Bank of Lesotho faces outages after cyber attack |
Unknown |
The central bank of the southern African country Lesotho faced severe outages due to a cyber attack that forced it to shut down its systems. |
|
December 12, 2023 |
Ukraine’s intelligence claims cyber attack on Russia’s state tax service |
Ukraine's security services (SBU) |
Ukraine's defence intelligence directorate (GUR) said it infected thousands of servers belonging to Russia's state tax service with malware, and destroyed databases and backups. During the operation, Ukraine's military spies said they managed to break into one of the "key well-protected central servers" of Russia's federal tax service (FNS) as well as more than 2,300 regional servers throughout Russia and occupied Crimea. The attack also affected a Russian tech company that operates FNS’s database. |
||
December 12, 2023 |
Ukrainian mobile carrier Kyivstar |
Ukraine's largest mobile carrier Kyivstar down following cyber attack |
Unknown |
The official website remained offline as the company informed subscribers via its social media channels that it was targeted by hackers, causing a technical failure that impacts mobile communications and internet access. |
|
December 13, 2023 |
A district court of March in Switzerland |
District court in Switzerland ‘victim of a cyber attack’ |
Unknown |
A district court suffered a cyber attack and the entire IT systems were taken down to protect the data. The court’s telephone lines were down, however scheduled hearings in the court were expected to take place as planned. |
|
December 13, 2023 |
The London Public Library, Ontario |
Ontario public library shuts down most services due to cyber attack |
Unknown |
The library was forced to shut down most of its services due to a cyber attack. It posted an alert on its website that several branches would be closed indefinitely and its phones, email, WiFi, website, catalogues, printers, computers and digital resources were no longer accessible. |
|
December 13, 2023 |
Ledger dApp supply chain attack steals $600K from crypto wallets |
Unknown |
Ledger warns users not to use web3 dApps after a supply chain attack on the 'Ledger dApp Connect Kit' library was found pushing a JavaScript wallet drainer that stole $600,000 in crypto and NFTs. |
||
December 17, 2023 |
WordPress hosting service Kinsta targeted by Google phishing ads |
Unknown |
WordPress hosting provider Kinsta warned customers that Google ads have been observed promoting phishing sites to steal hosting credentials. The attackers were supposedly using these Ads to target people who have visited kinsta.com or my.kinsta.com. |
||
December 20, 2023 |
Liberty Hospital Kansas |
Kansas City-area hospital transfers patients and reschedules appointments after cyber attack |
Unknown |
Kansas City, Missouri said it was struggling to provide care to patients after a cyber attack limited its systems. Liberty Hospital said it was still dealing with disruptions to its computer systems. |
|
December 21, 2023 |
First American Insurance |
First American becomes latest real estate industry giant to be hit by a cyber attack |
Unknown |
Insurance company First American confirmed that it is dealing with a cyber attack that forced it to shut down certain systems. |
|
December 27, 2023 |
Albanian parliament and a telecom company |
Albanian parliament, telecom company hit by cyber attacks |
Iran-linked hacker group known as Homeland Justice |
The Albanian parliament and a telecom company operating in the country were targeted by cyber attacks, the country’s cyber agency said in a statement. The attacks apparently originated from outside Albania. |
Cyber attack on Albanian parliament and country’s telecom company |
December 29, 2023 |
Eagers Automotive |
Eagers Automotive halts trading in response to cyber attack |
Unknown |
Eagers Automotive suffered a cybe rattack and was forced to halt trading on the stock exchange as that attack forced it to halt all trading operations to manage disclosure obligations concerning the cybersecurity incident, and announced that the incident impacted several of its systems across Australia and New Zealand. |
Data Breaches in December 2023
Date |
Victim |
Summary |
Threat Actor |
Business Impact |
Source Link |
December 05, and 22, 2023 |
Nissan Oceania |
Nissan is investigating a cyber attack and potential data breach claimed by Akira Ransomware |
Akira Ransomware |
The attack may have let hackers access personal information. In a new entry added to the operation's date leak blog on December 22, Akira says that its operators allegedly stole around 100 GB of documents from the automaker's systems. |
|
December 06, 2023 |
U.S. Navy contractor Austal USA |
Navy contractor Austal USA confirms cyber attack after data leak |
The Hunters International Ransomware Group |
Austal USA, a shipbuilding company and a contractor for the U.S. Department of Defense (DoD) and the Department of Homeland Security (DHS) confirmed that it suffered a cyber attack and is currently investigating the impact of the incident. |
|
December 10, 2023 |
Toyota Financial Services (TFS) |
Toyota warns customers of data breach exposing personal, financial information |
Medusa Ransomware |
Toyota Financial Services (TFS) stated that sensitive personal and financial data was exposed in the attack. The threat actors demanded a payment of $8,000,000 to delete the stolen data and gave Toyota 10 days to respond to their demand, but Toyota has not negotiated a ransom payment with the cybercriminals. Currently, all data has been leaked on Medusa's extortion portal on the dark web. |
|
December 12, 2023 |
The Idaho National Laboratory (INL) |
U.S. nuclear research lab data breach impacts 45,000 people |
SiegedSec Hacktivists |
The research lab said in breach notification letters filed with the Maine Attorney General's Office that the attackers exfiltrated the data of 45,047 current and former employees (including postdocs, graduate fellows, and interns), as well as their dependents and spouses. The breach has not, allegedly, affected employees hired after June 1, 2023. |
|
December 12, 2023 |
Apparel giant VF Corp. the makers of Timberland, Vans, North Face, and Jansport |
Apparel giant VF reports cyber attack on first day of SEC disclosure rule |
Unknown |
One of the biggest apparel companies in the world reported a “material” cyber attack to the U.S. SEC on the first day that a new cyber incident reporting rule went into effect. VF Corporation said it detected unauthorised activity on a portion of its information technology systems on December 13 and was forced to shut down some systems. |
|
December 15, 2023 |
Mortgage company Mr. Cooper |
October cyber attack leaked data of 14.7 million people, mortgage giant Mr. Cooper says |
Unknown |
According to a latest update, mortgage loan servicer Mr. Cooper said the information of nearly 14.7 million people was leaked during a cyber attack in October 2023. |
|
December 15, 2023 |
The Fred Hutchinson Cancer Center |
Seattle cancer centre confirms cyber attack after ransomware gang threats |
Hunters International Ransomware Group |
The ransomware group listed the Fred Hutchinson Cancer Center on its leak site, claiming to have stolen 533 GB of data. The group was apparently extorting individual patients as well. |
|
December 18, 2023 |
MongoDB |
MongoDB says hackers accessed corporate systems containing customer information |
Unknown |
The company said a security incident involving unauthorised access targeted certain MongoDB corporate systems, which included exposure of customer account metadata and contact information. |
|
December 18, 2023 |
Xfinity |
36 million people affected by data breach at Xfinity |
Unknown |
Cable TV and internet service provider Xfinity says a breach linked to a widespread vulnerability (CVE-2023-4966) in Citrix technology exposed data of about nearly 36 million people in mid-October. |
|
December 19, 2023 |
ESO Solutions |
Nearly 3 million affected by ransomware attack on medical software firm |
Unknown |
Around 3 million people across the U.S. had their information exposed following a ransomware attack on ESO solutions that provides software to hospitals and emergency medical services. |
|
December 22, 2023 |
St Vincent’s Health Australia |
Australian healthcare provider St. Vincent’s has had data stolen during a cyber attack |
Unknown |
Australia’s largest non-profit healthcare provider said an unknown cyber crime group targeted its systems and stole data. |
|
December 22, 2023 |
Ubisoft gaming |
Ubisoft says it's investigating reports of a new security breach |
Unknown |
Ubisoft suffered a breach after images of the company's internal software and developer tools were leaked online. Vx-underground said threat actors planned to exfiltrate around 900GB of data. |
|
December 22, 2023 |
Bharat Sanchar Nigam Limited (BSNL) |
Threat actor breaches BSNL server database, puts up dataset on dark web |
The threat actor, using the alias "Perell" |
The threat actor released a sample dataset containing 32,000 lines of data, which included sensitive details of fibre and landline users of BSNL, on a dark web forum. The threat actor claimed that the total number of lines across all databases amounts to 2.9 million. |
|
December 25, 2023 |
Grand Theft GTA 5 |
GTA 5 source code reportedly leaked online a year after RockStar hack |
Lapsus$ Ransomware |
The source code for Grand Theft Auto 5 was reportedly leaked on Christmas Eve, a little over a year after the Lapsus$ threat actors hacked Rockstar games and stole corporate data. |
|
December 26, 2023 |
Integris Health |
Integris Health patients get extortion emails after cyber attack |
Unknown |
Integris Health patients in Oklahoma received blackmail emails stating that their data was stolen in a cyber attack on the healthcare network, and if they did not pay an extortion demand, the data would be sold to other threat actors. Hackers claimed they stole the personal data of over 2 million patients. |
|
December 26, 2023 |
Fidelity National Financial subsidiary LoanCare |
Fidelity National Financial subsidiary says 1.3 million affected by November cyber attack |
ALPHV/BlackCat Ransomware |
LoanCare, a subsidiary of title insurance giant Fidelity National Financial reported a data breach to state regulators. It said that 1,316,938 people had information accessed by hackers who breached the parent company on or about November 19, 2023. Based on the investigation hackers may have obtained names, addresses, social security numbers, and loan numbers. |
|
December 27, 2023 |
Panasonic discloses data breach after December 2022 cyber attack |
Unknown |
Panasonic Avionics Corporation disclosed a data breach affecting an undisclosed number of individuals after its corporate network was breached more than one year ago. |
||
December 27, 2023 |
Entertainment giant National Amusements |
Entertainment giant National Amusements says more than 82,000 affected by cyber attack |
Unknown |
National Amusements announced a data breach that affected more than 82,000 people as an investigation found that the hackers had access to files on the company’s systems between December 13 and December 15. |
|
December 27, 2023 |
Corewell Health |
Another Corewell Health data breach impacts more than 1 million patients |
Unknown |
For the second time in just a few months, more than 1 million Corewell Health patients in Southeast Michigan may have had their medical information exposed in a data breach. |
|
December 28, 2023 |
Game mode on Steam breached to push password-stealing malware |
Epsilon information stealer malware pushed by an unknown hacker |
Downfall, a fan expansion for the popular Slay the Spire indie strategy game, was breached on Christmas Day to push Epsilon information stealer malware using the Steam update system. After the game is installed, it deploys the malware which runs in the background and steals the user's passwords, credit card details, and authentication cookies. |
||
December 28, 2023 |
EasyPark discloses data breach that may impact millions of users |
Unknown |
Parking app developer EasyPark published a notice on its website warning of a data breach it discovered on December 10, 2023, which impacted an unknown number of its millions of users. |
||
December 28, 2023 |
Risk and financial advisory company Kroll |
Kroll reveals FTX customer information exposed in August data breach |
Unknown |
Kroll released additional details regarding the August data breach, which exposed the personal information of FTX bankruptcy claimants as Kroll said the exposed data included coin holdings and balances, which would allow threat actors to pinpoint attractive targets who invest heavily in the cryptocurrency markets. |
|
December 28, 2023 |
Cardiothoracic and Vascular Surgeons Files Notice of Data Breach Affecting an Unknown Number of Patient SSNs |
Unknown |
In this notice, CTVS explained that the incident resulted in an unauthorised party being able to access consumers’ sensitive information, which includes their names, Social Security Numbers, financial account information, driver’s licence numbers, dates of birth, medical record numbers, and health information. |
Cardiothoracic and Vascular Surgeons, P.A. (“CTVS”) data breach |
New Ransomware/Malware Discovered in December 2023
New Ransomware |
Summary |
Source Link |
Agent Raccoon malware |
Hackers use a novel malware named 'Agent Raccoon' (or Agent Racoon) in cyber attacks against organisations in the United States, the Middle East, and Africa. |
Hackers use new Agent Raccoon malware to backdoor US targets |
A new proxy trojan malware |
Cybercriminals are targeting Mac users with a new proxy trojan malware bundled with popular, copyrighted macOS software being offered on warez sites. |
New proxy malware targets Mac users through pirated software |
Linux version of Qilin ransomware |
A sample of the Qilin ransomware gang's VMware ESXi encryptor has been found and it could be one of the most advanced and customisable Linux encryptors seen to date. |
|
A new hacking group named 'AeroBlade' |
A previously unknown cyber espionage hacking group named 'AeroBlade' was discovered targeting organisations in the United States aerospace sector. |
|
The latest variants of the P2Pinfect botnet |
The latest variants of the P2Pinfect botnet are now focusing on infecting devices with 32-bit MIPS (Microprocessor without Interlocked Pipelined Stages) processors, such as routers and IoT devices. |
Stealthier version of P2Pinfect malware targets MIPS devices |
Krasue RAT malware |
Security researchers discovered a remote access trojan they named Krasue that is targeting Linux systems of telecommunications companies. It managed to remain undetected since 2021. |
Krasue RAT malware hides on Linux servers using embedded rootkits |
New cybercrime market 'OLVX' |
A new cybercrime marketplace, OLVX, has emerged and is quickly gaining new customers looking to purchase tools to conduct online fraud and cyber attacks. |
|
BazarCall attacks |
A new wave of BazarCall attacks uses Google Forms to generate and send payment receipts to victims, attempting to make the phishing attempt appear more legitimate. |
BazarCall attacks abuse Google Forms to legitimise phishing emails |
GambleForce |
Researchers have uncovered a previously unknown hacker group that uses simple and dated attack methods to target governments and businesses in the Asia-Pacific region. |
New hacker group uses old attack methods to breach Asian gambling companies |
NKAbuse |
A new Go-based multi-platform malware identified as 'NKAbuse' is the first malware abusing NKN (New Kind of Network) technology for data exchange, making it a stealthy threat. |
New NKAbuse malware abuses NKN blockchain for stealthy comms |
Rhadamanthys Stealer malware |
The developers of the Rhadamanthys information-stealing malware have recently released two major versions to add improvements and enhancements across the board, including new stealing capabilities and enhanced evasion. |
Rhadamanthys Stealer malware evolves with more powerful features |
FalseFont malware |
Microsoft says the APT33 Iranian cyber-espionage group is using recently discovered FalseFont backdoor malware to attack defence contractors worldwide. |
Microsoft: Hackers target defence firms with new FalseFont malware |
New Xamalicious Android malware |
A previously unknown Android backdoor named 'Xamalicious' has infected approximately 338,300 devices via malicious apps on Google Play, Android's official app store. |
New Xamalicious Android malware installed 330k times on Google Play |
New MASEPIE malware |
Ukraine's Computer Emergency Response Team (CERT) warned of a new phishing campaign that allowed Russia-linked hackers to deploy previously unseen malware on a network in under one hour. |
Russian military hackers target Ukraine with new MASEPIE malware |
Vulnerabilities/Patches Discovered in December 2023
Date |
Flaws/Fixes |
Summary |
Source Link |
December 01, 2023 |
CVE-2023-34060 |
VMware has fixed a critical authentication bypass vulnerability in Cloud Director appliance deployments, a bug that was left unpatched for over two weeks since it was disclosed on November 14th. |
VMware fixes critical Cloud Director auth bypass unpatched for 2 weeks |
December 02, 2023 |
CVE-2023-4966 |
The U.S. Department of Health and Human Services (HHS) warned hospitals this week to patch the critical 'Citrix Bleed' Netscaler vulnerability actively exploited in attacks. |
US Health Dept urges hospitals to patch critical Citrix Bleed bug |
December 02, 2023 |
CVE-2020-0688 CVE-2021-26855 CVE-2021-27065 CVE-2022-41082 CVE-2023-21529 CVE-2023-36745 CVE-2023-36439 |
Tens of thousands of Microsoft Exchange email servers in Europe, the U.S., and Asia exposed on the public internet are vulnerable to remote code execution flaws. |
Over 20,000 vulnerable Microsoft Exchange servers exposed to attacks |
December 04, 2023 |
CVE-2023-45124 |
WordPress administrators are being emailed fake WordPress security advisories for a fictitious vulnerability tracked as CVE-2023-45124 to infect sites with a malicious plugin. |
|
December 04, 2023 |
CVE-2023-40088 |
Google announced that the December 2023 Android security updates tackle 85 vulnerabilities, including a critical severity zero-click remote code execution (RCE) bug. |
|
December 04, 2023 |
CVE-2023-23397 |
Microsoft's Threat Intelligence team issued a warning earlier about the Russian state-sponsored actor APT28 (aka "Fancybear" or "Strontium") actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts and steal sensitive information. |
Russian hackers exploiting Outlook bug to hijack Exchange accounts |
December 05, 2023 |
CVE-2023-26360 |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning about hackers actively exploiting a critical vulnerability in Adobe ColdFusion identified as CVE-2023-26360 to gain initial access to government servers. |
Hackers breach US govt agencies using Adobe ColdFusion exploit |
December 05, 2023 |
CVE-2023-41101 CVE-2023-38316 CVE-2023-40463 CVE-2023-40464 CVE-2023-40461 CVE-2023-40458 CVE-2023-40459 CVE-2023-40462 CVE-2023-40460 |
A set of 21 newly discovered vulnerabilities impact Sierra OT/IoT routers and threaten critical infrastructure with remote code execution, unauthorised access, cross-site scripting, authentication bypass, and denial of service attacks. |
"Sierra:21" vulnerabilities impact critical infrastructure routers |
December 06, 2023 |
CVE-2023-22522 CVE-2023-22523 CVE-2023-22524 CVE-2022-1471 |
Atlassian published security advisories for four critical remote code execution (RCE) vulnerabilities impacting Confluence, Jira, and Bitbucket servers, along with a companion app for macOS. |
Atlassian patches critical RCE flaws across multiple products |
December 07, 2023 |
CVE-2023-33043 CVE-2023-33044 CVE-2023-33042 CVE-2023-32842 CVE-2023-32844 CVE-2023-20702 CVE-2023-32846 CVE-2023-32841 CVE-2023-32843 CVE-2023-32845 |
A new set of vulnerabilities in 5G modems by Qualcomm and MediaTek, collectively called "5Ghoul," impact 710 5G smartphone models from Google partners (Android) and Apple, routers, and USB modems. |
New 5Ghoul attack impacts 5G phones with Qualcomm, MediaTek chips |
December 07, 2023 |
CVE-2023-23397 |
Russian APT28 military hackers used Microsoft Outlook zero-day exploits to target multiple European NATO member countries, including a NATO Rapid Deployable Corps. |
|
December 10, 2023 |
CVE-2021-44228 |
Roughly 38% of applications using the Apache Log4j library are using a version vulnerable to security issues, including Log4Shell, a critical vulnerability identified as CVE-2021-44228 that carries the maximum severity rating, despite patches being available for more than two years. |
Over 30% of Log4J apps use a vulnerable version of the library |
December 10, 2023 |
CVE-2023-6553 |
A critical severity vulnerability in a WordPress plugin with more than 90,000 installs can let attackers gain remote code execution to fully compromise vulnerable websites. |
50K WordPress sites exposed to RCE attacks by critical bug in backup plugin |
December 11, 2023 |
CVE-2023-42916 and CVE-2023-42917 |
Apple has issued emergency security updates to backport patches for two actively exploited zero-day flaws to older iPhones and some Apple Watch and Apple TV models. |
Apple emergency updates fix recent zero-days on older iPhones |
December 11, 2023 |
CVE-2023-50164 |
Hackers are attempting to leverage a recently fixed critical vulnerability (CVE-2023-50164) in Apache Struts that leads to remote code execution, in attacks that rely on publicly available proof-of-concept exploit code. |
Hackers are exploiting critical Apache Struts flaw using public PoC |
December 12, 2023 |
CVE-2022-3236 |
Sophos opted to backport a security update for CVE-2022-3236 for end-of-life (EOL) firewall firmware versions after discovering hackers actively exploiting the flaw in attacks. |
Sophos backports RCE fix after attacks on unsupported firewalls |
December 12, 2023 |
CVE-2023-42325 CVE-2023-42327 CVE-2023-42326 |
Roughly 1,450 pfSense instances exposed online are vulnerable to command injection and cross-site scripting flaws that, if chained, could enable attackers to perform remote code execution on the appliance. |
Over 1,450 pfSense servers exposed to RCE attacks via bug chain |
December 13, 2023 |
CVE-2023-50164 |
Hackers are attempting to leverage a recently fixed critical vulnerability (CVE-2023-50164) in Apache Struts that leads to remote code execution, in attacks that rely on publicly available proof-of-concept exploit code. |
Hackers are exploiting critical Apache Struts flaw using public PoC |
December 15, 2023 |
CVE-2023-49954 |
3CX CEO Nick Galea said the SQL injection flaw was discovered by independent security researcher Theo Stein in the 3CX CRM Integration and is now tracked as CVE-2023-49954. |
|
December 19, 2023 |
CVE-2023-7024 |
Google Chrome has released an emergency security fix for a zero-day flaw that has been exploited in the wild. |
Google discovers another Chrome zero-day exploited in the wild |
December 27, 2023 |
CVE-2023-7102 |
Network and email security firm Barracuda said it remotely patched all active Email Security Gateway (ESG) appliances on December 21 against a zero-day bug exploited by UNC4841 Chinese hackers. |
Barracuda fixes new ESG zero-day exploited by Chinese hackers |
December 28, 2023 |
CVE-2023-38606 |
Researchers at the cybersecurity firm Kaspersky said they discovered an obscure hardware feature that was likely exploited by hackers during previously reported spyware attacks on iPhone users. |
Spyware attack chain used previously unknown iPhone hardware feature, report says |
December 28, 2023 |
CVE-2021-43890 |
Microsoft has again disabled the MSIX ms-appinstaller protocol handler after multiple financially motivated threat groups abused it to infect Windows users with malware. |
Microsoft disables MSIX protocol handler abused in malware attacks |
December 28, 2023 |
CVE-2023-49070 |
A critical Apache OFBiz pre-authentication remote code execution vulnerability is being actively exploited using public proof of concept (PoC) exploits. |
Apache OFBiz RCE flaw exploited to find vulnerable Confluence servers |
Warnings/Advisories/Reports/Analysis
News Type |
Summary |
Source Link |
Report |
North Korean-backed state hackers have stolen an estimated $3 billion in a long string of hacks targeting the cryptocurrency industry over the last six years since January 2017. |
North Korea's state hackers stole $3 billion in crypto since 2017 |
Report |
As Genetic testing provider 23andMe faces multiple lawsuits for an October credential stuffing attack that led to the theft of customer data, the company has modified its Terms of Use to make it harder to sue the company. |
23andMe updates user agreement to prevent data breach lawsuits |
Warning |
The UK National Cyber Security Centre (NCSC) and Microsoft warn that the Russian state-backed actor "Callisto Group" (aka "Seaborgium" or "Star Blizzard") is targeting organisations worldwide with spear-phishing campaigns used to steal account credentials and data. |
UK and allies expose Russian FSB hacking group, sanction members |
Warning |
A vulnerability in an open-source library that is common across the Web3 space impacts the security of pre-built smart contracts, affecting multiple NFT collections, including Coinbase. |
Multiple NFT collections at risk by flaw in open-source library |
Report |
The social media giant Meta announced that it had started rolling out end-to-end encryption (E2EE) as a default “for all personal chats and calls on Messenger and Facebook.” |
As Meta rolls out end-to-end encryption, police warn keeping children safe ‘no longer possible’ |
Report |
Amazon's Customer Protection and Enforcement team has taken legal action against an underground store refund scheme that has resulted in the theft of millions of dollars worth of products from Amazon's online platforms. |
Amazon sues REKK fraud gang that stole millions in illicit refunds |
Report |
The FBI has published guidance on how companies can request a delay in disclosing cyber incidents to the Securities and Exchange Commission (SEC). |
FBI explains how companies can delay SEC cyber incident disclosures |
Report |
Police in Lancashire in North West England have managed to return around £8 million ($10 million) in bitcoin to a man whose cryptocurrency was stolen back in 2017. |
UK police return £8 million in bitcoin stolen by chronically ill bed-bound thief |
Warning |
Because of the British government’s failures to tackle ransomware, there is a “high risk” the country faces a “catastrophic ransomware attack at any moment,” according to an unprecedentedly critical parliamentary report published Wednesday by the Joint Committee on the National Security Strategy (JCNSS). |
UK government risking ‘catastrophic ransomware attack,' parliamentary report warns |
Warning |
CISA and partner cybersecurity agencies and intelligence services warned that the APT29 hacking group linked to Russia's Foreign Intelligence Service (SVR) has been targeting unpatched TeamCity servers in widespread attacks since September 2023. |
CISA: Russian hackers target TeamCity servers since September |
Report |
A new wave of BazarCall attacks uses Google Forms to generate and send payment receipts to victims, attempting to make the phishing attempt appear more legitimate. |
BazarCall attacks abuse Google Forms to legitimize phishing emails |
Report |
A new cybercrime marketplace, OLVX, has emerged and is quickly gaining new customers looking to purchase tools to conduct online fraud and cyberattacks. |
|
Warning |
CISA and partner cybersecurity agencies and intelligence services warned that the APT29 hacking group linked to Russia's Foreign Intelligence Service (SVR) has been targeting unpatched TeamCity servers in widespread attacks since September 2023. |
CISA: Russian hackers target TeamCity servers since September |
Report |
Users of Ubiquiti networking devices, ranging from routers to security cameras, have reported seeing other people’s devices and notifications through the company's UniFi cloud services. |
Ubiquiti users report having access to others’ UniFi routers, cameras |
Report |
This year has seen the emergence of ten new Android banking malware families, which collectively target 985 bank and fintech/trading apps from financial institutes across 61 countries. |
Ten new Android banking trojans targeted 985 bank apps in 2023 |
Warning |
Microsoft published warnings about the potential for gift card fraud and hackers abusing a popular authentication technology, and alongside the warnings, Microsoft said it recently used a court order to shut down a cybercrime marketplace where 750 million fraudulent Microsoft accounts were available for sale. |
Microsoft disrupts credentials marketplace, warns of gift card fraud, OAuth abuse |
Warning |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) urged technology manufacturers to stop providing software and devices with default passwords. |
CISA urges tech manufacturers to stop using default passwords |
Report |
The ransomware gang behind several devastating attacks on major American cities has allegedly launched more than 300 successful incidents since June 2022, according to cybersecurity officials in the United States and Australia. |
|
Report |
A group of hackers in recent months has attempted to steal personal and financial information from residents and visitors of the United Arab Emirates in a new text-based phishing campaign. |
Cybercriminals target UAE residents, visitors in new info-stealing campaign |
Report |
A transnational cybercrime operation was taken down this week after law enforcement agencies from 34 countries coordinated on nearly 3,500 arrests and the seizure of about $300 million in stolen funds. |
|
Report |
Google and Twitter ads are promoting sites containing a cryptocurrency drainer named 'MS Drainer' that has already stolen $59 million from 63,210 victims over the past nine months. |
Crypto drainer steals $59 million from 63k people in Twitter ad push |
Report |
Europol notified over 400 websites that their online shops have been hacked with malicious scripts that steal debit and credit cards from customers making purchases. |
Europol warns 443 online shops infected with credit card stealers |
Report |
A nearly four-year-long battle between Google and consumers in a class action lawsuit reached a preliminary settlement over allegations that Google deceives users about their privacy when browsing in the tech giant’s so-called Incognito mode. |
Google to settle class action lawsuit alleging Incognito mode does not protect user privacy |