July 2023: Recent Cyber Attacks, Data Breaches & Ransomware Attacks
Date: 1 August 2023
What do a zoo, a general hospital, a Plastic Surgery clinic and an earthquake monitoring centre have in common? Nothing much except the fact that they are all treasure troves of data and were therefore victimised by serious cyber-attacks in July 2023.
Like every month, we're back with our latest compilation of all recent cyber attacks, data breaches and ransomware attacks that made it to the news in July 2023.
- Ransomware Attacks in July 2023
- Data Breaches in July 2023
- Cyber-Attacks in July 2023
- New Ransomware/Malware Detected in July 2023
- Vulnerabilities/Patches
- Advisories issued, reports, analysis etc. in July 2023
Going by the examples quoted earlier, it's true that cyber attacks and cyber criminals don't discriminate. You could have a big or small business, you could be a cosmetics giant or an ambulance service and you are just the same in the eyes of the advanced hacker - an avenue for making a quick buck and causing serious disruption.
The only real prevention or protection today is preparation. The attackers will come after you, no matter who you are or what you do. The only difference between a business that goes down at the hands of a cyber crime and one that doesn't and maybe even bounces back is in their Incident Response readiness.
The need for better Cyber Incident Planning and Response was also reiterated this month with the SEC's new 4-day timeline for reporting the material impact of cyber-attacks on registered companies in the U.S.
Having said that, it's not always easy to achieve cybersecurity resilience and business continuity. That's why several organisations which either don't have the internal capabilities or budget or simply need some external support, are increasingly opting for our unique Virtual Cyber Assistant services.
In the most cost-effective package possible, you get access to deeply experienced virtual cybersecurity experts who can help you create relevant and effective cybersecurity incident response playbooks, plans and policies. They can help you improve your ransomware readiness, third-party risk posture, breach readiness and achieve compliance with industry standards and regulations.
Ransomware Attacks in July 2023
Date |
Victim |
Summary |
Threat Actor |
Business Impact |
Source Link |
July 04, 2023 |
Japan’s largest port stops operations after ransomware attack |
Unknown |
The attack forced the port of Nagoya to cancel all container loading and unloading operations at the terminals using trailers, causing massive financial losses to the port and severe disruption to the circulation of goods to and from Japan. |
||
July 12, 2023 |
Tampa Bay zoo targeted in cyber attack by apparent offshoot of Royal ransomware |
Offshoot of Royal Ransomware |
Hackers stole the information of the zoo’s employees and vendors. |
||
July 13, 2023 |
Beverly Hills plastic surgery clinic of Dr. Motykie |
Beverly Hills plastic surgery clinic hit by ransomware attack |
ALPHV Ransomware group |
Sensitive data, including nude photographs, have been leaked online as the hackers demanded that Dr. Motykie pay $2.5 million or else the clinic’s private data would be made public. |
|
July 14, 2023 |
Cornelius, North Carolina |
Services in North Carolina town unavailable after ransomware attack |
Unknown |
The ransomware attack forced the city to suspend some emergency services. |
|
July 17, 2023 |
Wisconsin County deals with ‘catastrophic software failure’; California city declares ransomware emergency |
LockBit Ransomware |
Langlade County Sheriff’s Office experienced a catastrophic software failure as all phone lines remained non-functioning and the attackers stole an undisclosed amount of data. |
||
July 19, 2023 |
Russian medical laboratory Helix |
Russian medical lab suspends some services after ransomware attack |
Unknown |
The cyber attack that crippled the company's systems hit customers of the Russian medical laboratory Helix as they were unable to receive their test results for several days. |
|
July 20, 2023 |
Tampa General Hospital says sensitive data of 1.2 million stolen in failed ransomware attack |
Snatch Ransomware group |
Hackers entered Tampa hospital’s systems and accessed sensitive information of more than 1.2 million people before trying to encrypt the data. This sensitive information includes names, addresses, phone numbers, dates of birth, Social Security numbers, health insurance information, medical record numbers, patient account numbers, dates of service and/or treatment information used by the hospital for its business operations. |
||
July 25, 2023 |
Yamaha confirms cyber attack after multiple ransomware gangs take responsibility |
Black Byte Ransomware and Akira Ransomware group |
Yamaha Canada Music said it dealt with a cyber attack that led to unauthorised access and data theft. |
||
July 25, 2023 |
Cyber attack on University of West Scotland claimed by Rhysida ransomware gang |
Rhysida ransomware |
Hackers stole university data that they have put on auction for 20 Bitcoin. |
Data Breaches in July 2023
Date |
Victim |
Summary |
Threat Actor |
Business Impact |
Source Link |
July 2, 2023 |
Microsoft denies data breach, theft of 30 million customer accounts |
Anonymous Sudan |
Hacktivists alleged that they had “successfully hacked Microsoft” and “accessed a large database containing more than 30 million Microsoft accounts, emails, and passwords”. Anonymous Sudan offered to sell this database to interested parties for $50,000 and urged interested buyers to engage in contact with their Telegram bot to arrange the purchase of the data. |
||
July 03, 2023 |
The OCR, AQA and Pearson Edexcel examiners |
Hacks targeting British exam boards raise fears of students cheating |
Unknown |
In this incident, hackers stole national exam papers for school-leavers and sold them online to students seeking to cheat on their tests. |
Data breach attack on British exam boards OCR, AQA and Pearson Edexcel |
July 4, 2023 |
The City of Fort Worth |
Fort Worth officials say leaked data came from Public Information Act request |
SiegedSec hacking group |
Officials in the City of Fort Worth, Texas denied being hacked for a second time after the same cybercrime group posted another batch of information allegedly stolen from government networks, but the SiegedSec hacking group said its “final” attack involved 40 GB of stolen data from Fort Worth’s Department of Transportation & Public Works. The group shared screenshots of what appeared to be a file transfer service used by the city, which has nearly 1 million residents. |
|
July 05, 2023 |
The Belarusian State University (BSU) |
Belarusian hacktivists сlaim to breach the country’s leading state university |
Belarusian threat actors known as the Cyber Partisans |
Hackers claimed to have accessed 3 terabytes of data from the university's system as they claimed to have encrypted and wiped computers and servers, and also shut down the domain controllers responsible for managing user authentication and network security, but the university denied this claim. |
|
July 06, 2023 |
Nickelodeon investigates breach after leak of 'decades old’ data |
Unknown |
Hackers stole files of 500 GB from Nickelodeon systems and leaked them on the dark web. |
||
July 07, 2023 |
Henrietta Johnson Medical Center's EHR vendor, Delaware Health Net |
Delaware health centre suffers 3rd-party breach |
Unknown |
In this cyber event, hackers compromised 500 patients' protected health information at Delaware health centre as they accessed patient names, dates of birth, ethnicity, medical record numbers, diagnosis codes, lab information and health insurance information. |
|
July 08, 2023 |
Gaming gear company Razer |
Razer investigates data breach claims, resets user sessions |
A hacker known as ‘Nationalist’ |
The hacker stole the source code, database, encryption keys, and backend access logins for Razer.com, the company's main website and has put this information on sale for 100K. |
|
July 10, 2023 |
America's largest healthcare facility owners and operators HCA Healthcare |
HCA confirms breach after hacker steals data of 11 million patients |
The hacker is known as TIA on a hacking forum |
This data breach impacted an estimated 11 million patients who received care at one of its hospitals and clinics as the threat actor leaked samples of the stolen data on a hacking forum. The stolen database consists of 17 files and 27.7 million database records. |
|
July 11, 2023 |
Deutsche Bank confirms service provider breach exposed its customer data |
Unknown |
The breach affected one of Deutsche Bank’s external service providers, which operates its account switching service in Germany. The bank said that only a limited amount of personal data was exposed due to the security incident and this security incident also impacted other major banks and financial service providers, including Commerzbank, Postbank, Comdirect, and ING. |
||
July 14, 2023 |
Shutterfly says Clop ransomware attack did not impact customer data |
Clop ransomware |
The ransomware attack impacted Shutterfly's enterprise business unit, Shutterfly Business Solutions (SBS). |
||
July 14, 2023 |
Kotak Life Insurance, State Bank of India |
From Kotak Life Insurance and IDFC First Bank to State Bank of India and Turtlemint, BFSI is under attack |
Clop Ransomware |
Clop Ransomware group leaked stolen data from these Indian banks on their dark web. There were about 13 different folders, with each containing over eight gigabytes of data. One of them has over 37 megabytes of data. |
|
July 14, 2023 |
Online gaming platform Roblox |
Roblox data breach impacts almost 4,000 developers |
Unknown |
Online gaming platform Roblox has admitted to being impacted by a third-party security issue. ‘Have I Been Pwned’ reported to have compromised 3,943 developer accounts. |
|
July 15, 2023 |
The government and other critical public and private organisations in Ukraine |
Gamaredon hackers start stealing data 30 minutes after a breach |
Gamaredon, aka Armageddon, UAC-0010, and Shuckworm |
Since the onset of the Russian invasion, the threat actors are believed to be responsible for thousands of attacks against the government and other critical public and private organisations in Ukraine as Gamaredon attacks commonly start with an email or message sent to targets via Telegram, WhatsApp, Signal, or other IM apps. |
|
July 15, 2023 |
Colorado State University |
Colorado State University says data breach impacts students, staff |
Clop Ransomware |
Clop Ransomware stole sensitive personal information of current and former students and employees during the recent MOVEit Transfer data-theft attacks. |
Colorado State University data breach due to MOVEit data theft |
July 19, 2023 |
Beauty giant Estée Lauder |
Estée Lauder beauty giant breached by two ransomware gangs |
ALPHV/BlackCat and Clop Ransomware |
The threat actor gained access to some of Estée Lauder’s systems and may have stolen data. |
|
July 21, 2023 |
VirusTotal apologises for data leak affecting 5,600 customers |
Human Error |
A VirusTotal employee mistakenly uploaded a CSV file online and leaked the information of over 5,600 customers. This data breach impacted only Premium account customers, with the uploaded file containing their names and corporate email addresses. |
||
July 21, 2023 |
Netscaler ADC bug exploited to breach US critical infrastructure organisation |
Unknown |
Hackers breached the network of a U.S. organisation by exploiting and leveraging the unauthenticated remote code execution (RCE) flaw to plant a webshell on the target’s non-production NetScaler Application Delivery Controller (ADC) appliance. |
||
July 22, 2023 |
DHL investigates MOVEit breach |
Clop Ransomware |
DHL confirmed that one of its software providers was impacted by the vulnerability affecting MOVEit |
||
July 22, 2023 |
Senior State Department Official of the U.S. |
Emails Of US Envoy to China, Senior State Department Official, allegedly accessed in Chinese cyber attack |
Chinese hackers |
Chinese hackers allegedly accessed the emails of the US envoy to China and another Senior Department of State Official. |
|
July 24, 2023 |
Norwegian government IT systems hacked using zero-day flaw |
Unknown |
The breach attack indicated that the hackers might have accessed and/or exfiltrated sensitive data from the ICT system. |
||
July 24, 2023 |
PokerStars confirms MOVEit data breach leaked up to 110k Social Security numbers |
Clop Ransomware |
The incident resulted in an unauthorised party being able to access consumers’ sensitive information, which includes their names, Social Security numbers, and addresses. |
||
July 25, 2023 |
Pacific Premier says vendor hit by MOVEit data breach |
Clop Ransomware |
The vendor confirmed that personal data had been compromised in the incident including social security numbers, account numbers and other personally identifiable information. |
||
July 26, 2023 |
NATO investigates alleged data theft by SiegedSec hackers |
SiegedSec hacking Group |
The hacking group posted on Telegram claiming to have hundreds of documents stolen from the COI Cooperation Portal. Cybersecurity company CloudSEK analysed the leaked data and found that it comprises 845 MB of files, 8,000 rows of user-related sensitive information, unclassified documents, and user account access details. |
Data breach attack on NATO’s Communities of Interest (COI) Cooperation Portal |
|
July 26, 2023 |
Massive data breach may have exposed personal information of MSU students, employees |
Unknown |
Some personal information belonging to Michigan State University students and employees may have been exposed through a wide-ranging data breach. |
||
July 27, 2023 |
8 million people hit by data breach at US govt contractor Maximus |
Clop Ransomware |
In this breach incident, hackers stole the personal data of 8 to 11 million people during the recent MOVEit transfer data-theft attacks. |
||
July 27, 2023 |
Southern Association of Independent Schools, Inc (SAIS). |
School Accreditation Organisation data breach exposed sensitive information on students, parents, and teachers online |
Unknown |
In this hack incident, the total number of impacted records is 682,438 with a total size of 572.8 GB. Documents contained personally identifiable information (PII) and private medical information of students. |
Southern Association of Independent Schools, Inc (SAIS) data breach |
Cyber Attacks in July 2023
Date |
Victim |
Summary |
Threat Actor |
Business Impact |
Source Link |
July 5, 2023 |
Russian railway site allegedly taken down by Ukrainian hackers |
The Ukrainian hacktivist group IT Army |
According to the company's statement, the website and mobile app remained down for several hours due to a “massive” cyber attack, forcing passengers to only buy tickets at railway stations. |
||
July 10, 2023 |
Trinidad and Tobago’s justice department, the Attorney General and Ministry of Legal Affairs (AGLA) |
Trinidad and Tobago facing outages after cyber attack |
Unknown |
The attack disrupted internal services and operations of the Attorney General and Ministry of Legal Affairs (AGLA). |
Cyber attack on Trinidad and Tobago’s justice department, AGLA |
July 11, 2023 |
Bay Area city / The City of Hayward, California |
Bay Area city shuts down municipal sites following cyber attack |
Unknown |
The City of Hayward was forced to shut off its website and several online municipal portals. |
|
July 13, 2023 |
Norwegian Refugee Council |
Norwegian Refugee Council hit by cyber attack |
Unknown |
Hackers targeted NRC council’s online database that stores the personal information of project participants. |
|
July 20, 2023 |
University students in North America |
Scammers are targeting college kids with fake bioscience job offers |
Unknown |
Cybercriminals are targeting college students with fake job offers in the bioscience and health industries with the hope of extracting fees out of victims, experts are warning. |
|
July 22, 2023 |
CoinsPaid blames Lazarus hackers for theft of $37,300,000 in crypto |
Lazarus group |
The attack resulted in the theft of $37,200,000 worth of cryptocurrency. |
||
July 23, 2023 |
Lazarus hackers linked to $60 million Alphapo cryptocurrency heist |
Lazarus group |
North Korean Lazarus hacking group stole almost $60 million in crypto, including over 6 million USDT, 108 K USDC, 100.2 million FTN, 430 K TFL, 2.5 K ETH, and 1,700 DAI, all drained from hot wallets, likely made possible by a leak of private keys. |
||
July 24, 2023 |
Microsoft IIS |
Lazarus hackers hijack Microsoft IIS servers to spread malware |
Lazarus group |
Lazarus targeted IIS servers for initial access to corporate networks and leveraged poorly protected IIS services for malware distribution. |
|
July 24, 2023 |
Norway government ministries hit by cyber attack |
Unknown |
The government’s security specialists identified the attack following "unusual" traffic on the supplier's platform. The attack didn’t disrupt the government’s operation. As a result of the hack, employees of several Norwegian ministries couldn’t access some shared services on their mobile phones, including email, but they could still use work devices without issue. |
||
July 26, 2023 |
South Central Ambulance Service and South Western Ambulance Service |
Cyber attack leaves NHS ambulance trusts unable to access patient records |
Unknown |
The cyber attack left two NHS ambulance trusts without access to their electronic patient records. |
|
July 26, 2023 |
An ECG provider CardioComm |
CardioComm, a provider of ECG monitoring devices, confirms cyber attack affected its services |
Unknown |
In this attack, a number of CardioComm’s products were affected as the outage targeted HeartCheck CardiBeat, a handheld electrocardiogram (ECG) monitor that connects to a users’ smartphone via Bluetooth, enabling consumers to transmit results to a physician, clinic or CardioComm’s SMART monitoring ECG reading service. |
|
July 26, 2023 |
Earthquake Monitoring Center in Wuhan, China |
Wuhan Earthquake Monitoring Center suffers cyber attack; investigation underway |
Trojan horse program called "validator" |
The Wuhan Municipal Emergency Management Bureau said that some of the network equipment of the front-end station collection points of the Wuhan Earthquake Monitoring Center, were subjected to a cyber attack by an overseas organisation. |
|
July 27, 2023 |
TLScontact, the Swiss government's chosen IT provider |
Swiss visa appointments cancelled in the UK due to 'IT incident' |
Unknown |
Due to this incident, TLScontact was forced to cancel appointments for Swiss (Schengen) tourist and transit visas across the UK. |
|
July 28, 2023 |
M-Pesa, Kenya government e-services, Kenya Power |
M-Pesa, key govt services unavailable as Kenya grapples with cyber attack |
Anonymous Sudan |
Due to this incident, Kenyans were denied access to essential services such as buying electricity tokens, transacting on M-Pesa, digital banking and various government services on e-Citizen as the outage of M-Pesa services paralysed operations across many sectors including collection of revenue such as parking fees by counties. Apart from these, Kenya Power was also affected by this cyber attack. |
|
July 30, 2023 |
Israel's largest oil refinery operator, BAZAN Group |
Israel's largest oil refinery website offline after DDoS attack |
Iranian hacktivist group, 'Cyber Avengers' aka 'CyberAv3ngers' |
The incoming traffic to BAZAN Group's websites, bazan.co.il and eng.bazan.co.il began to either time out, with HTTP 502 errors, or was being refused by the company's servers. The hacker group additionally leaked what appeared to be screenshots of BAZAN's SCADA systems, which are software applications used to monitor and operate industrial control systems. |
New Ransomware/Malware Discovered in July 2023
New Ransomware/Malware |
Summary |
Source Link |
TrueBot malware |
Cybersecurity agencies in the U.S. and Canada warn that threat actors are using new TrueBot malware variants to steal data from victims. |
CyberNew TrueBot malware variants target US and Canadian firms |
Big Head ransomware |
Security researchers have dissected a recently emerged ransomware strain named ‘Big Head’ that may be spreading through malvertising that promotes fake Windows updates and Microsoft Word installers. |
|
NokNok malware |
Security researchers observed a new campaign they attribute to the Charming Kitten APT group where hackers use new NokNok malware that targets macOS systems. |
|
SophosEncrypt ransomware |
Cybersecurity vendor Sophos is being impersonated by a new ransomware-as-a-service called SophosEncrypt, with the threat actors using the company name for their operation. |
|
P2PInfect worm malware |
A new peer-to-peer (P2P) malware with self-spread capabilities targets Redis instances running on Internet-exposed Windows and Linux systems. |
|
Khronos Ransomware |
Khronos Ransomware; Extension: .Khronos; Ransom note: info.hta |
|
New Realst macOS malware |
A new Mac malware named "Realst" is being used in a massive campaign targeting Apple computers, with some of its latest variants including support for macOS 14 Sonoma, which is still in development. |
|
New Nitrogen malware |
A new 'Nitrogen' initial access malware campaign uses Google and Bing search ads to promote fake software sites that infect unsuspecting users with Cobalt Strike and ransomware payloads. |
|
New Submarine malware |
CISA says new malware known as Submarine was used to backdoor Barracuda ESG (Email Security Gateway) appliances on federal agencies' networks by exploiting a now-patched zero-day bug. |
New Submarine malware found on hacked Barracuda ESG appliances |
Vulnerabilities/Patches Discovered in July 2023
Date |
Flaws/Fixes |
Summary |
Source Link |
July 02, 2023 |
CVE-2023-27997 |
Thousands of FortiGate firewalls are vulnerable to a critical security issue identified as CVE-2023-27997, almost a month after Fortinet released an update that addresses the problem. |
300,000+ Fortinet firewalls vulnerable to critical FortiOS RCE bug |
July 04, 2023 |
CVE-2023-31222 |
The Cybersecurity and Infrastructure Security Agency (CISA) warned of a severe vulnerability in a cardiac device from medical device company Medtronic. |
|
July 06, 2023 |
CVE-2022-31199 |
CISA and the FBI warn of new Truebot malware variants deployed on networks compromised using a critical remote code execution (RCE) vulnerability in the Netwrix Auditor software in attacks targeting organisations across the United States and Canada. |
Netwrix Auditor RCE bug exploited in Truebot malware attacks |
July 06, 2023 |
CVE-2023-20185 |
Cisco warns customers of a high-severity vulnerability impacting some data centre switch models, allowing attackers to tamper with encrypted traffic. |
Cisco warns of bug that lets attackers break traffic encryption |
July 06, 2023 |
CVE-2023-3269 |
A serious vulnerability affects multiple Linux kernel versions that could be triggered with minimal capabilities. The security issue is being referred to as StackRot (CVE-2023-3269) and can be used to compromise the kernel and elevate privileges. |
|
July 07, 2023 |
CVE-2023-36934 |
Progress, the developer of MOVEit Transfer, discovered multiple SQL injection problems in their product that include a critical one tracked as CVE-2023-36934, which can be exploited without user authentication. |
|
July 07, 2023 |
CVE-2023-36460 |
TootRoot bug tracked as CVE-2023-36460 is a problem in Mastodon's media processing code that allows using media files on toots (the equivalent of tweets) to cause a range of problems, from denial of service (DoS) to arbitrary remote code execution. |
Critical TootRoot bug lets attackers hijack Mastodon servers |
July 07, 2023 |
CVE-2021-29256 |
CISA has asked federal agencies to patch a high-severity Arm Mali GPU kernel driver privilege escalation flaw added to its list of actively exploited vulnerabilities. |
CISA warns govt agencies to patch actively exploited Android driver |
July 10 & 24, 2023
|
CVE-2023-37450 |
Apple has issued a new round of Rapid Security Response (RSR) updates to address a new zero-day bug exploited in attacks and impacting fully-patched iPhones, Macs, and iPads. |
Apple fixes new zero-day used in attacks against iPhones, Macs |
July 10, 2023 |
CVE-2023-20864 |
VMware warns customers that exploit code is now available for a critical vulnerability in the VMware Aria Operations for Logs analysis tool, which helps admins manage terabytes worth of app and infrastructure logs in large-scale environments. |
VMware warns of exploit available for critical vRealize RCE bug |
July 11, 2023 |
CVE-2023-36884 |
Microsoft discloses an unpatched zero-day security bug in multiple Windows and Office products exploited in the wild to gain remote code execution via malicious Office documents. |
Microsoft: Unpatched Office zero-day exploited in NATO summit attacks |
July 12, 2023 |
CVE-2023-33308 |
Fortinet has disclosed a critical severity flaw impacting FortiOS and FortiProxy, allowing a remote attacker to perform arbitrary code execution on vulnerable devices. |
Fortinet warns of critical RCE flaw in FortiOS, FortiProxy devices |
July 12, 2023 |
CVE-2023-36664 |
Ghostscript, an open-source interpreter for PostScript language and PDF files widely used in Linux, has been found vulnerable to a critical-severity remote code execution flaw. |
Critical RCE found in popular Ghostscript open-source PDF library |
July 13, 2023 |
CVE-2023-35829 |
Cybersecurity researchers and threat actors are targeted by a fake proof of concept (PoC) CVE-2023-35829 exploit that instals a Linux password-stealing malware. |
Fake Linux vulnerability exploit drops data-stealing malware |
July 17, 2023 |
CVE-2023-28121 |
Hackers are conducting widespread exploitation of a critical WooCommerce Payments plugin to gain access to user privileges, including administrators, on vulnerable WordPress installations. |
Hackers exploiting critical WordPress WooCommerce Payments bug |
July 17, 2023 |
CVE-2023-29298 and CVE-2023-38203 |
Hackers are actively exploiting two ColdFusion vulnerabilities to bypass authentication and remotely execute commands to install webshells on vulnerable servers. |
Critical ColdFusion flaws exploited in attacks to drop webshells |
July 18, 2023 |
‘Bad.Build’ vulnerability |
Google said it has fixed a vulnerability in its Cloud Build service that allowed hackers to tamper with application images and infect users. |
Google fixes ‘Bad.Build’ vulnerability affecting Cloud Build service |
July 19, 2023 |
CVE-2023-3519 |
Citrix alerted customers of a critical-severity vulnerability in NetScaler ADC and NetScaler Gateway. |
New critical Citrix ADC and Gateway flaw exploited as zero-day |
July 20, 2023 |
CVE-2023-34329 and CVE-2023-34330 |
Two new critical severity vulnerabilities have been discovered in the MegaRAC Baseboard Management Controller (BMC) software made by hardware and software company American Megatrends International. |
Critical AMI MegaRAC bugs can let hackers brick vulnerable servers |
July 22, 2023 |
CVE-2023-3519 |
Thousands of Citrix Netscaler ADC and Gateway servers exposed online are vulnerable to attacks exploiting a critical remote code execution (RCE) bug that was previously abused in the wild as a zero-day. |
Over 15K Citrix servers vulnerable to CVE-2023-3519 RCE attacks |
July 23, 2023 |
CVE-2023-29298 and CVE-2023-38205 |
CISA has given federal agencies three weeks to secure Adobe ColdFusion servers on their networks against two critical security flaws exploited in attacks, one of them as a zero-day. |
|
July 24, 2023 |
CVE-2023-35078 |
US-based IT software company Ivanti has patched an actively exploited zero-day authentication bypass vulnerability impacting its Endpoint Manager Mobile (EPMM) mobile device management software. |
Ivanti patches new zero-day exploited in Norwegian govt attacks |
July 24, 2023 |
CVE-2023-20593 |
Google's security researcher Tavis Ormandy discovered a new vulnerability impacting AMD Zen2 CPUs that could allow a malicious actor to steal sensitive data, such as passwords and encryption keys. |
Zenbleed attack leaks sensitive data from AMD Zen2 processors |
July 25, 2023 |
CVE-2023-35078 |
The Norwegian National Security Authority (NSM) has confirmed that attackers used a zero-day vulnerability in Ivanti's Endpoint Manager Mobile (EPMM) solution to breach a software platform used by 12 ministries in the country. |
Norway says Ivanti zero-day was used to hack govt IT systems |
July 25, 2023 |
CVE-2023-35078 |
The CISA warned U.S. federal agencies to secure their systems against a maximum severity authentication bypass vulnerability in Ivanti's Endpoint Manager Mobile (EPMM), formerly MobileIron Core. |
CISA warns govt agencies to patch Ivanti bug exploited in attacks |
July 25, 2023 |
CVE-2023-30799 |
A critical severity 'Super Admin' privilege elevation flaw puts over 900,000 MikroTik RouterOS routers at risk, potentially enabling attackers to take full control over a device and remain undetected. |
Super Admin elevation bug puts 900,000 MikroTik devices at risk |
July 25, 2023 |
CVE-2023-20891 |
VMware has patched an information disclosure vulnerability in VMware Tanzu Application Service for VMs (TAS for VMs) and Isolation Segment caused by credentials being logged and exposed via system audit logs. |
VMware fixes bug exposing CF API admin credentials in audit logs |
July 26, 2023 |
CVE-2023-30799 |
According to researchers, more than 900,000 MikroTik routers are vulnerable to an issue that the company quietly patched. |
Researchers say more than 900,000 MikroTik routers vulnerable to hackers |
Warnings/Advisories/Reports/Analysis
News |
Summary |
Source Link |
Report |
A phishing campaign that security researchers named SmugX and attributed to a Chinese threat actor has been targeting embassies and foreign affairs ministries in the UK, France, Sweden, Ukraine, Czech, Hungary, and Slovakia, since December 2022. |
Hackers target European government entities in SmugX campaign |
Report |
The Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten – IMY) has fined two companies with 12.3 million SEK (€1 million/$1.1 million) for using Google Analytics to generate web statistics and warned two others about the same practice. |
Google Analytics data transfer to U.S. brings $1 million fine to Swedish firms |
Report |
A “suspected senior member” of the French-speaking OPERA1ER cybercrime gang is in custody, international police announced. |
Top suspect in OPERA1ER cybercrime operation arrested in Africa |
Report |
Britain’s cyber and signals intelligence agency GCHQ could monitor logs of domestic internet traffic in the United Kingdom in real-time to identify online fraud and interrupt criminals during the act, under a new law being considered by the government. |
New law could allow GCHQ to monitor UK internet logs in real-time to tackle fraud |
Report |
Microsoft is investigating an ongoing issue preventing Outlook.com users from searching their emails and triggering 401 exception errors. |
Microsoft investigates Outlook.com bug breaking email search |
Report |
Security researchers discovered two malicious file management applications on Google Play with a collective installation count of over 1.5 million that collected excessive user data that goes well beyond what's needed to offer the promised functionality. |
Apps with 1.5M instals on Google Play send your data to China |
Report |
JumpCloud, a US-based enterprise software firm is notifying several customers of an "ongoing incident." As a caution, the company has invalidated existing admin API keys to protect its customer organisations. |
|
Report |
Hackers supporting the government of Iran are targeting experts in Middle Eastern affairs and nuclear security in a new campaign that researchers said involved malware for both Apple and Microsoft products. |
Iran-based hackers targeting nuclear security experts through Mac, Windows malware |
Report |
The Justice Department announced the arrest of a cybersecurity professional accused of hacking into a cryptocurrency exchange and stealing about $9 million. |
|
Report |
Since at least May 2021, stealthy Linux malware called AVrecon was used to infect over 70,000 Linux-based small office/home office (SOHO) routers and add them to a botnet designed to steal bandwidth and provide a hidden residential proxy service. |
AVrecon malware infects 70,000 Linux routers to build botnet |
Report |
Conor Brian Fitzpatrick, aka Pompompurin, the owner of the notorious BreachForums (aka Breached) hacking forum, has pleaded guilty to hacking and child pornography possession charges. |
BreachForums owner Pompompurin pleads guilty to hacking charges |
Report |
The administrators of the Genesis Market for stolen credentials announced on a hacker forum that they sold the store and a new owner would get the reins “next month.” |
Genesis Market infrastructure and inventory sold on hacker forum |
Report |
Researchers at the RWTH Aachen University in Germany published a study revealing that tens of thousands of container images hosted on Docker Hub contain confidential secrets, exposing software, online platforms, and users to a massive attack surface. |
Thousands of images on Docker Hub leak auth secrets, private keys |
Report |
A financially motivated cybercrime gang has been observed deploying BlackCat ransomware payloads on networks backdoored using a revamped Sardonic malware version. |
FIN8 deploys ALPHV ransomware using Sardonic malware variant |
Report |
Threat actors are showing an increased interest in generative artificial intelligence tools, with hundreds of thousands of OpenAI credentials for sale on the dark web and access to a malicious alternative for ChatGPT. |
OpenAI credentials stolen by the thousands for sale on the dark web |
Report |
The Cyber Police Department of the National Police of Ukraine dismantled another massive bot farm linked to more than 100 individuals after searches at almost two dozen locations. |
Ukraine takes down massive bot farm, seizes 150,000 SIM cards |
Warning |
GitHub is warning of a social engineering campaign targeting the accounts of developers in the blockchain, cryptocurrency, online gambling, and cybersecurity sectors to infect their devices with malware. |
GitHub warns of Lazarus hackers targeting devs with malicious projects |
Analysis |
In the second quarter of 2023, the percentage of ransomware attacks that resulted in the victim paying, fell to a record low of 34%. |
Ransom Monetization Rates Fall to Record Low Despite Jump In Average Ransom Payments |
Report |
The Microsoft consumer signing key stolen by Storm-0558 Chinese hackers provided them with access far beyond the Exchange Online and Outlook.com accounts that Redmond said were compromised, according to Wiz security researchers. |
Stolen Microsoft key offered widespread access to Microsoft cloud services |
Report |
The Clop Ransomware gang is expected to earn between $75-100 million from extorting victims of their massive MOVEit data theft campaign. |
Clop gang to earn over $75 million from MOVEit extortion attacks |
Report |
The Clop ransomware gang is copying an ALPHV ransomware gang extortion tactic by creating Internet-accessible websites dedicated to specific victims, making it easier to leak stolen data and further pressuring victims into paying a ransom. |
Clop now leaks data stolen in MOVEit attacks on clearweb sites |
Warning |
The U.S. Securities and Exchange Commission has adopted new rules requiring publicly traded companies to disclose cyberattacks within four business days after determining they're material incidents. |
SEC now requires companies to disclose cyberattacks in 4 days |
Report |
U.S. government services contracting giant Maximus has confirmed that hackers exploiting a vulnerability in MOVEit Transfer accessed the protected health information of as many as 11 million individuals. |
|
Report |
Hawaiʻi Community College announced that it paid a ransomware gang to delete the information of more than 28,000 people who had their information accessed during an attack last month. |
Hawaiʻi Community College pays ransom after attackers steal personal info of 28,000 people |