June 2023 saw some of the biggest cybersecurity breaches, attacks and eye-catching news stories this year. Here's a complete roundup of all the recent cyber attacks, data breaches and ransomware attacks that made it to the news in June 2023.
The MOVEit cyber-attack and updates on the May Barracuda incident have made striking headlines this month. And perhaps, in the entire year so far.
With Progress Software’s MOVEit tool being compromised, we have been witnessing yet another massive supply chain attack. Almost every other day in June, new victims came to light taking the total close to 130 organisations and a whopping 15 million individuals. Some of the biggest global brands have been affected by this hack including Shell, the BBC, British Airways, Boots, UCLA, Sony, EY, PwC, Cognizant and many more.
This attack has put the spotlight once again on supply chain security. It has reiterated that focussing on your cyber defences alone is not enough in today's complex threat landscape. Evaluating the security posture and breach readiness of your third party associates is just as critical.
And if there was any reiteration left to be done, it was taken care of by the updates on the Barracuda attack that kept coming in June 2023. While the Barracuda Email Security Gateway Appliances compromise had been creating ripples since last month, on June 6, 2023, the company asked its affected customers to "rip out affected ESG appliances" as just fixing them with patches wasn’t going to work.
As always, our endeavour is not to create fear or panic or turn the spotlight on the victim. With a purely educational motivation, we attempt to highlight everything that could go wrong and has gone wrong.
The fact is that today you can never be fully sure of your organisational cybersecurity. It is, therefore, critical to not view your cyber health assessment as a one-time or annual activity. Securing your defences must be an ongoing process and one that sees regular investment of resources and time.
To achieve true, cybersecurity resilience you must focus on continuous Business Continuity Management. Business Continuity can be achieved by assessing your existing cybersecurity breach readiness, ransomware readiness, evaluating your third-party risk on a regular basis and reviewing or creating Incident Response plans, policies and processes with the help of external cybersecurity experts like our Virtual Cyber Assistants.
Date |
Victim |
Summary |
Threat Actor |
Business Impact |
Source Link |
June 01, 2023 |
Clinical test data of 2.5 million people stolen from biotech company Enzo Biochem |
Unknown |
According to regulatory filings, the ransomware attack that occurred in April resulted in the compromise of test information and personal data of nearly 2.5 million people. The victim company said that on April 6, it experienced a ransomware attack that involved the “unauthorised access to or acquisition of clinical test information of approximately 2,470,000 individuals". |
||
June 01, 2023 |
Harvard Pilgrim Health Care ransomware attack hits 2.5 million people |
Unknown |
The ransomware attack impacted 2,550,922 people. The threat actors stole sensitive data from compromised systems including full names, physical addresses, phone numbers, dates of birth, health insurance account information, Social Security numbers, clinical information, including medical history, diagnoses, treatment, dates of service, and provider names. |
||
June 01, 2023 |
Legal services platform Casepoint |
Legal services platform Casepoint used by SEC, Pentagon investigating ransomware attack claims |
ALPHV ransomware |
BlackCat/ALPHV ransomware group added Casepoint to its list of victims. It also shared several sensitive documents allegedly related to the FBI apart from claiming to have access to the company's network. The victim organisation earlier said that they haven't heard anything from the cyber group about a ransom nor have they seen any unusual activity on their networks. However, a few days later they added that they have activated their incident response protocols and have hired a forensic firm to help investigate the allegations. |
|
June 02, 2023 |
Spanish bank Globalcaja |
Large Spanish bank Globalcaja confirms ransomware attack |
Play ransomware |
In this attack, the ransomware gang stole an undisclosed amount of private and personal confidential data, client and employee documents, passports, contracts and more. |
|
June 02, 2023 |
LockBit group claims ransomware attack on Japanese zipper maker YKK |
LockBit ransomware |
According to the vice president of corporate communications at YKK, there is no material impact on the company's operations or its ability to continue to serve customers and there is no evidence that personal or financial information or intellectual property was compromised. |
||
June 03, 2023 |
Waterloo University |
Canadian university dealing with ransomware attack on email system |
Unknown |
A university official explained that the school’s on-campus Microsoft Exchange email services were affected by the ransomware attack, sparing those who only use their cloud-based email. And as a result, the school disabled the email system temporarily meaning students could not log in or create new accounts and the students also were not able to sign into other educational platforms with their email credentials, like Workday, Waterloo LEARN, and more. |
|
June 05, 2023 |
Clop ransomware claims responsibility for MOVEit extortion attacks |
Lace Tempest, a group affiliated with Clop ransomware |
The Clop ransomware gang allegedly told Bleeping Computer they are behind the MOVEit Transfer data-theft attacks, where a zero-day vulnerability was exploited to breach multiple companies' servers and steal data. |
||
June 05, 2023 |
Payroll Provider Zellis Falls Prey to MOVEit Transfer Breach |
Clop ransomware |
Zellis said: “A small number of our customers were impacted by this global issue and we are actively working to support them. All Zellis-owned software were unaffected and there were no associated incidents or compromises to any other part of our IT estate.” |
||
June 06, 2023 |
Japanese pharma company Eisai |
Eisai hit with ransomware attack; launches investigation into possible data leaks |
Unknown |
Eisai said certain systems both in and outside of Japan, including logistics systems, were taken offline as a result of the incident. |
|
June 08, 2023 |
Australian law firm, HWL Ebsworth |
BlackCat ransomware attempts to extort Australian commercial law giant |
BlackCat ransomware |
BlackCat hacked the law firm's network and published 1.45 TB of data containing over a million documents allegedly stolen from the law firm's systems in April 2023. But now the cybercriminals have started threatening to leak more if the company doesn't meet their demands. A spokesperson for the firm said that they would not succumb to the threat actor's extortion demands. |
|
June, 09, 2023 |
The Kaiserslautern University of Applied Sciences |
Cyberattack on German university takes ‘entire IT infrastructure’ offline |
Unknown |
The university stated that its entire IT infrastructure had been taken offline, including university email accounts and the telephone system. Almost every facility and service available to the institution’s more than 6,200 students was affected and it said computer pools and even the library will “remain closed until further notice”. |
Ransomware attack on the Kaiserslautern University of Applied Sciences |
June 09, 2023 |
Illinois DoIT Impacted by Wide-Ranging Ransomware Attack |
Clop ransomware |
The Illinois Department of Innovation & Technology (DoIT) is continuing to investigate how deeply the event has impacted state systems as the full count is not yet available, but the department said “a large number of individuals could be impacted.” |
Ransomware attack on the Illinois Department of Innovation & Technology (DoIT) |
|
June 10, 2023 |
Xplain – a Swiss IT firm providing services to several federal agencies in Switzerland |
Switzerland warns that a ransomware gang may have accessed government data |
Play ransomware |
The ransomware group leaked the files it stole from the company on June 1, 2023, which it claimed included 907 GB of financial and other data. The Swiss government also confirmed that various websites of the Federal Administration were knocked offline by the DDoS attack. |
|
June 12, 2023 |
The Development Bank of Southern Africa |
State-owned bank in South Africa confirms ‘Akira’ ransomware attack |
Akira ransomware |
Hackers accessed information including business names, the names of directors and shareholders, addresses, identification documents, and contact information including phone numbers and email addresses and they also encrypted servers, log files and documents. |
Ransomware attack on the Development Bank of Southern Africa |
June 15, 2023 |
Oil and gas giant Shell confirms it was impacted by Clop ransomware attacks |
Clop ransomware |
Shell said there was no evidence of impact to its core IT systems and said their IT teams continued to investigate the incident without making any contact with the hackers. |
||
June 15, 2023 |
Chilean Army |
Rhysida ransomware leaks documents stolen from Chilean Army |
Rhysida ransomware |
The Rhysida ransomware gang published 30% (around 360,000 Chilean Army documents) of all the data they claim to have stolen from the Chilean Army's network after initially adding it to their data leak site and claiming the attack. |
|
June 17, 2023 |
Social media giant Reddit |
Reddit says ransomware posting connected to February incident |
BlackCat/ALPHV ransomware |
The BlackCat/ALPHV ransomware group threatened the company with claims that 80GB of stolen data would be released to the public if they were not paid $4.5 million. The gang also demanded the company to end its controversial decision to charge third parties for using its API. A Reddit spokesperson said the claims were tied to a February security incident. |
|
June 19, 2023 |
Des Moines Public Schools |
Iowa’s largest school district confirms ransomware attack, data theft |
Unknown |
In this attack, 6,700 individuals became victims of an alleged data compromise. |
|
June 21, 2023 |
Hawaiʻi Community College |
Hawaiʻi Community College hit with ransomware attack |
NoEscape ransomware group, also stylized as N0_Esc4pe |
The attack forced the college to shut down its IT systems and the NoEscape ransomware group claimed to have stolen 65 gigabytes of data, threatening to leak what was taken after a week. |
|
June 30, 2023 |
Chipmaker giant TSMC |
TSMC denies LockBit hack as ransomware gang demands $70 million |
LockBit ransomware |
The hacker stole company data and started publishing small chunks on its dark site with a demand of $70 million but TSMC denied this data breach. |
Ransomware attacks are increasing in number and complexity every day. They are amongst the most talked-of cybersecurity problems today simply because they've become so widespread. And they're costly. While nobody is advised to pay the ransom demanded, it can take organisations weeks or even months to recover from ransomware attacks. Not to mention the hard-to-repair reputational damage they cause. But while there is no escaping them, you can try to prevent and mitigate the impact of ransomware attacks by using some of these FREE ransomware resources created by our cybersecurity experts.
Date |
Victim |
Summary |
Threat Actor |
Business Impact |
Source Link |
June 02, 2023 |
Burton Snowboard |
Burton Snowboard discloses data breach after February attack |
Unknown |
In this now-disclosed attack that occurred in February 2023, the threat actors potentially stole files containing customers' names, Social Security numbers, and financial account information. Burton Snowboard warned affected individuals that stolen files also contained their financial information. |
|
June 02, 2023 |
Students, staff encouraged to change passwords after data breach |
Clop ransomware |
The attack affected the whole University including its faculty, students, and staff. |
||
June 04, 2023 |
Data on as many as 100,000 Nova Scotia healthcare staff stolen in MOVEit breach |
Clop ransomware |
The victim province said some Nova Scotians’ personal information has been breached as part of the global security issue with the file transfer service MOVEit. The province said the investigation has not yet determined how many employees have been impacted, but initial estimates suggest as many as 100,000 and this number could go up or down. |
||
Jun 05, 2023 |
The BBC |
The BBC amongst those affected by data breach at payroll company Zellis |
Clop ransomware |
The BBC said staff were warned personal data including national insurance numbers and in some cases bank details may have been stolen. It clarified that data stolen included staff ID numbers, dates of birth, home addresses and national insurance numbers. |
|
June 05, 2023 |
British Airways payroll data stolen in MOVEit supply-chain attack |
Clop ransomware |
BA said that personal data of its staff was compromised in a data breach incident and it notified those colleagues whose personal information has been compromised to provide support and advice. |
||
June 05, 2023 |
Pharmacy giant Boots |
Boots caught up in file transfer hack |
Clop ransomware |
Boots, part of Walgreens Boots Alliance, said the attack had compromised some of its employees' personal details. |
|
June 05, 2023 |
Irish airline Aer Lingus |
Around 5,000 Aer Lingus employees affected by cyber attack |
Clop ransomware |
Aer Lingus confirmed that around 5,000 of its employees were affected by a cyber attack that compromised personal information. |
|
June 06, 2023 |
The American Board of Internal Medicine (ABIM) |
MOVEit Transfer vulnerability affects ABIM |
Clop ransomware |
The victim organisation said: “ABIM amongst approximately 800 organisations potentially affected by the recent MOVEit Transfer vulnerability. We wanted to alert the diplomatic community as soon as we could to the possibility that some of their personal data may have been exposed.” |
|
June 07, 2023 |
Honda |
Honda API flaws exposed customer data, dealer panels, internal docs |
Exposed by security researcher Eaton Zveare |
Honda's e-commerce platform for power equipment, marine, lawn & garden, was vulnerable to unauthorised access by anyone due to API flaws that allow password reset for any account and this flaw was exposed by security researcher Eaton Zveare. Zveare had earlier also breached Toyota's supplier portal a few months back, leveraging similar vulnerabilities. The security researcher was able to expose information on 21,393 customer orders across all dealers from August 2016 to March 2023. |
|
June 09, 2023 |
University of Manchester announces cyber incident; says data ‘likely’ copied |
Unknown |
The university announced it was the victim of a cyber incident and that the hackers had accessed and “likely” copied data as the university’s more than 40,000 students were warned to be vigilant for phishing emails. The University also employs more than 12,000 staff whose data may equally be affected. In an update, the university announced: “Based on our investigations we believe that a small proportion of data has been copied that relates to some students, and some alumni.” |
||
June 09, 2023 |
Cyber attack exposes data of 95,000 Minnesota students |
Clop ransomware |
The Minnesota Department of Education said some personal information of 95,000 students was accessed as part of a data breach from a global cybersecurity attack. The exposed information affected children in foster care, the Minneapolis and Perham school districts and Hennepin Technical College. |
||
June 09, 2023 |
Extreme Networks emerges as victim of Clop MOVEit attack |
Clop ransomware |
Network equipment and services supplier Extreme Networks becomes the latest technology company to be affected by MOVEit attack. The company said it hasn’t yet determined the impact on customer information. |
||
June 12, 2023 |
UK communications regulator Ofcom |
Confidential data downloaded from UK regulator Ofcom in cyber attack |
Clop ransomware |
Ofcom said a limited amount of information about companies it regulates, some of it confidential alongside the personal data of 412 of its own employees, was downloaded in the attack. |
|
June 16, 2023 |
Louisiana Office of Motor Vehicles |
Louisiana Office of Motor Vehicles suffers data breach |
Clop ransomware |
The OMV believes that all Louisianans with a state-issued driver’s licence, ID or car registration have likely had sensitive data exposed including Names, Addresses, Social Security Numbers, Driver’s Licence Numbers, Vehicle Registration Information etc. |
|
June 16, 2023 |
The Oregon Driver & Motor Vehicle Services |
Massive hack of Oregon DMV system puts estimated 3.5 million driver licence and ID card numbers at risk as per officials |
Clop ransomware |
The Oregon Driver and Motor Vehicle Services confirmed that an estimated 3.5 million driver’s licence and identification card files were compromised when the agency was hacked two weeks ago. |
|
June 19, 2023 |
Over 100,000 ChatGPT accounts stolen via info-stealing malware |
Unknown |
According to dark web marketplace data, more than 101,000 ChatGPT user accounts have allegedly been stolen by information-stealing malware over the past year. |
||
June 20, 2023 |
Car mount and mobile accessory maker iOttie |
iOttie discloses data breach after site hacked to steal credit cards |
Unknown |
iOttie has not shared how many customers were impacted but said that names, personal information, and payment information could have been stolen, including financial account numbers, credit and debit card numbers, security codes, access codes, passwords, and PINs. |
|
June 21, 2023 |
Snack food company Mondelēz |
Mondelēz retirement data breached after hacker targets law firm Bryan Cave |
Unknown |
Mondelēz International said the personal data of more than 51,000 current and former employees was accessed after a breach at the law firm of Bryan Cave Leighton Paisner, which provided legal services to the food and snacks company. |
|
June 21, 2023 |
Multinational shipping company UPS |
UPS discloses data breach after exposed customer info used in SMS phishing |
Unknown |
Multinational shipping company UPS is alerting Canadian customers that some of their personal information might have been exposed via its online package look-up tools and abused in phishing attacks. As per some online reports the threat actors have apparently been using the compromised names, phone numbers, and postal codes, as well as info on recent orders. |
|
June 23, 2023 |
PBI Research Services, Genworth Financial, Wilton Reassurance, CalPERS |
MOVEIt breach impacts Genworth, CalPERS as data for 3.2 million exposed |
Clop ransomware |
PBI Research Services (PBI) has suffered a data breach with three clients (Genworth Financial, Wilton Reassurance, CalPERS-California Public Employees' Retirement System) disclosing that the data for 4.75 million people was stolen in the recent MOVEit Transfer data-theft attacks. According to three different disclosures from PBI clients, millions of customers have had their sensitive data exposed in these attacks. However, this number may increase as other companies make further disclosures. |
MOVEIt breach impact on PBI Research Services and its clients |
June 23, 2023 |
American Airlines disclose data breaches affecting pilots |
Unknown |
According to American Airlines, the stolen data contained some of airline employees especially pilots’ personal information, such as their names and Social Security numbers, driver’s licence numbers, passport numbers, dates of birth, Airman Certificate numbers, and other government-issued identification number(s) |
||
June 23, 2023 |
Southwest Airlines discloses data breach affecting pilots |
Unknown |
According to the Vendor-(Pilot Credentials), an unauthorised actor gained access to the Vendor’s cloud environment on or around April 30, 2023, and temporarily obtained files uploaded by some pilot applicants. Southwest conducted a robust review of the data and determined that the files contained certain pilot applicants’ personal information, including names, Social Security numbers, driver’s licence numbers, airman certificate numbers, and passport numbers. |
||
June 24, 2023 |
Capital One becomes latest bank affected by cyber attack on debt-buying giant NCB Management Services |
Unknown |
Capital One is the latest financial institution to reveal that it was affected by a cyber attack that occurred in February 2023 on NCB Management Services, a company that purchases debt. Capital One said more than 16,500 people had information like their physical address, Social Security numbers, account numbers and account status leaked during the attack on NCB. |
||
June 26, 2023 |
New York City Department of Education |
Hackers steal data of 45,000 New York City students in MOVEit breach |
Clop ransomware |
The New York City Department of Education (NYC DOE) said hackers stole documents containing sensitive personal information of up to 45,000 students from its MOVEit Transfer server. |
|
June 27, 2023 |
Siemens Energy |
Siemens Energy confirms data breach after MOVEit data-theft attack |
Clop ransomware |
Clop listed Siemens Energy on their data leak site, indicating that data was stolen during a breach attack on the company, but as per Siemens Energy’s statement, no critical data was stolen, and business operations were not impacted. |
|
June 27, 2023 |
UCLA among victims of worldwide cyber attack |
Clop ransomware |
In this hack incident, an undisclosed amount of UCLA’s data was affected. |
Date |
Victim |
Summary |
Threat Actor |
Business Impact |
Source Link |
June 01, 2023 |
Idaho hospital |
Idaho hospital diverts ambulances, turns to paper charting following cyber attack |
Unknown |
Due to the impact of the cyber attack, the clinicians at Idaho Falls Community Hospital resorted to paper charting at the 88-bed hospital in the eastern part of the state. The attack forced the hospital to close some connected clinics while ambulances were diverted to some other hospitals. |
|
June 04, 2023 |
Atomic Wallet hacks lead to over $35 million being stolen in crypto |
Lazarus hackers |
Hackers exposed wallets and stole over $35 million in crypto |
||
June 05, 2023 |
Outlook.com hit by outages as hacktivists claim DDoS attacks |
Anonymous Sudan |
Due to a DDoS attack on Outlook.com that caused two major outages, there were widespread disruptions for global Outlook users, preventing users worldwide from reliably accessing or sending email and using the mobile Outlook app. |
||
June 07, 2023 |
Aix-Marseille, France’s largest university, hit by cyber attack |
Unknown |
The attack caused a network interruption and prevented university staff to access their systems |
||
June 08, 2023 |
Russian telecom provider Infotel JSC |
Ukrainian hackers take down service provider for Russian banks |
Ukrainian hackers' group Cyber.Anarchy.Squad |
Ukrainian hackers claimed an attack that took down Russian telecom provider Infotel JSC that provides connectivity services between the Russian Central Bank and other Russian banks, online stores, and credit institutions. And due to this attack, multiple major banks across Russia had their access cut off from the country's banking systems so that they can no longer make online payments. |
|
June 10, 2023 |
Hackers steal $3 million by impersonating crypto news journalists |
A hacking group tracked as 'Pink Drainer' |
Pink Drainer successfully compromised the accounts of 1,932 victims to steal roughly $2,997,307 worth of digital assets on the Mainnet and Arbitrum |
Pink Drainer launches crypto laundering attacks by impersonating journalists |
|
June 12, 2023 |
Fayetteville cyber security incident still not resolved |
Unknown |
The cyber attack forced officials to take most digital municipal services offline including email, online payments, inspection scheduling and network applications. |
||
June 15, 2023 |
Barracuda ESG zero-day attacks linked to suspected Chinese hackers |
A pro-China hacker group tracked as UNC4841 |
Hackers compromised Barracuda’s ESG appliances used by many large scale organisations |
||
June 26, 2023 |
Suncor Energy cyber attack impacts Petro-Canada gas stations |
Unknown |
Due to a cyber attack on Suncor Energy, Petro-Canada gas stations across Canada were impacted by technical problems preventing customers from paying with credit card or rewards points. |
||
June 29, 2023 |
Russian satellite communications provider Dozor-Teleport |
Hackers claim to take down Russian satellite communications provider |
Wagner Group |
Hackers damaged some of the satellite terminals and leaked and destroyed confidential information stored on the company's servers as they posted 700 files, including documents and images, to a leak site, as well as some to their newly created Telegram channel. |
New Ransomware |
Summary |
Source Link |
Vidar information-stealing malware |
Online sellers are targeted in a new campaign to push the Vidar information-stealing malware, allowing threat actors to steal credentials for more damaging attacks. |
Online sellers targeted by new information-stealing malware campaign |
SpinOk Android malware |
The SpinOk malware has been found in a new batch of Android apps on Google Play, reportedly installed an additional 30 million times. |
SpinOk Android malware found in more apps with 30 million installs |
A new PowerShell malware, PowerDrop |
A new PowerShell malware script named 'PowerDrop' has been discovered to be used in attacks targeting the U.S. aerospace defence industry. PowerDrop was discovered by Adlumin, who last month found a sample of the malware in the network of a defence contractor in the U.S. |
New 'PowerDrop' PowerShell malware targets U.S. aerospace industry |
BlackSuit encryptor |
The Royal ransomware gang has begun testing a new encryptor called BlackSuit that shares many similarities with the operation's usual encryptor. |
Royal ransomware gang adds BlackSuit encryptor to their arsenal |
New ‘Shampoo’ Chromeloader malware |
A new ChromeLoader campaign is underway, infecting visitors of warez and pirated movie sites with a new variant of the search hijacker and adware browser extension named Shampoo. |
New ‘Shampoo’ Chromeloader malware pushed via fake warez sites |
EarlyRAT malware |
Security analysts have discovered a previously undocumented remote access trojan (RAT) named 'EarlyRAT,' used by Andariel, a sub-group of the Lazarus North Korean state-sponsored hacking group. |
New EarlyRAT malware linked to North Korean Andariel hacking group |
Date |
Flaws/Fixes |
Summary |
Source Link |
June 01, 2023 |
CVE-2023-34362 |
Hackers exploit a zero-day vulnerability in the MOVEit Transfer file transfer software to steal data from organisations. |
New MOVEit Transfer zero-day mass-exploited in data theft attacks |
June 04, 2023 |
CVE-2023-34362 |
CISA has added an actively exploited security bug in the Progress MOVEit Transfer managed file transfer (MFT) solution to its list of known exploited vulnerabilities, ordering U.S. federal agencies to patch their systems by June 23. |
CISA orders govt agencies to patch MOVEit bug used for data theft |
June 05, 2023 |
CVE-2023-32784 |
KeePass has released version 2.54, fixing the CVE-2023-32784 vulnerability that allows the extraction of the cleartext master password from the application's memory. |
KeePass v2.54 fixes bug that leaked cleartext master password |
June 06, 2023 |
CVE-2023-3079 |
Google has released a security update for Chrome web browser to address the third zero-day vulnerability that hackers exploited this year. |
Google fixes new Chrome zero-day flaw with exploit in the wild |
June 06, 2023 |
CVE-2022-22706 |
The new security patch level 2023-06-05 integrated a patch for a high-severity flaw in the Mali GPU kernel driver from Arm that Google’s Threat Analysis Group (TAG) believes may have been used in a spyware campaign targeting Samsung phones. |
Android security update fixes Mali GPU bug exploited as zero-day |
June 07, 2023 |
CVE-2023-20178 |
Cisco has fixed a high-severity vulnerability found in Cisco Secure Client (formerly AnyConnect Secure Mobility Client) software that can let attackers escalate privileges to the SYSTEM account used by the operating system. |
|
June 07, 2023 |
CVE-2023-20887 |
VMware issued multiple security patches today to address critical and high-severity vulnerabilities in VMware Aria Operations for Networks, allowing attackers to gain remote execution or access sensitive information. |
VMware fixes critical vulnerabilities in vRealize network analytics tool |
June 09, 2023 |
CVE-2023-35036 |
Progress Software warned customers of newly found critical SQL injection vulnerabilities in its MOVEit Transfer managed file transfer (MFT) solution that can let attackers steal information from customers' databases. |
New MOVEit Transfer critical flaws found after security audit |
June 12, 2023 |
CVE-2023-27997 / FG-IR-23-097) |
Fortinet says a critical FortiOS SSL VPN vulnerability that was patched earlier "may have been exploited" in attacks impacting government, manufacturing, and critical infrastructure organisations. |
Fortinet: New FortiOS RCE bug "may have been exploited" in attacks |
June 13, 2023 |
CVE-2023-20867 |
VMware patched a VMware ESXi zero-day vulnerability exploited by a Chinese-sponsored hacking group to backdoor Windows and Linux virtual machines and steal data. |
|
June 15, 2023 |
CVE-2023-35708 |
Progress published information about a third critical vulnerability which got listed as CVE-2023-35708 on June 16. |
|
June 21, 2023 |
CVE-2023-32434 and CVE-2023-32435 |
Apple addressed three new zero-day vulnerabilities exploited in attacks installing Triangulation spyware on iPhones via iMessage zero-click exploits. |
Apple fixes zero-days used to deploy Triangulation spyware via iMessage |
June 23, 2023 |
CVE-2023-20887 |
According to the U.S. Cybersecurity and Infrastructure Security Agency, a new vulnerability affecting a popular VMware network analytics product (Aria Operations) is being exploited by hackers. |
News |
Summary |
Source Link |
Report |
Russian cybersecurity firm Kaspersky said some iPhones on its network were hacked using an iOS vulnerability that installed malware via iMessage zero-click exploits. |
Russia says US hacked thousands of iPhones in iOS zero-click attacks |
Report |
A previously unknown campaign involving the Hotabot botnet malware has targeted Spanish-speaking users in Latin America since at least November 2020, infecting them with a banking trojan and spam tool. |
New Horabot campaign takes over victim's Gmail, Outlook accounts |
Warning |
The U.S and Korean agencies warned that a state-sponsored North Korean hacker group Kimsuky (a.ka. APT43) has been impersonating journalists and academics for spear-phishing campaigns to collect intelligence from think tanks, research centres, academic institutions, and various media organisations. |
NSA and FBI: Kimsuky hackers pose as journalists to steal intel |
Report |
A new Magecart credit card stealing campaign hijacked legitimate sites to act as "makeshift" command and control (C2) servers to inject and hide the skimmers on targeted eCommerce sites. |
Hackers hijack legitimate sites to host credit card stealer scripts |
Report |
GIGABYTE has released firmware updates to fix security vulnerabilities in over 270 motherboards that could be exploited to install malware. |
GIGABYTE releases new firmware to fix recently disclosed security flaws |
Report |
Microsoft has agreed to pay a $20 million fine and change data privacy procedures for children to settle Federal Trade Commission (FTC) charges over Children's Online Privacy Protection Act (COPPA) violations. |
Microsoft to pay $20 million for XBOX children privacy violations |
Report |
Hackers (APT38) based in North Korea are spoofing financial institutions and venture capital firms in the U.S., Vietnam and Japan, according to new research. |
North Korean hackers spoof venture capital firms in Japan, Vietnam and US |
Warning |
Barracuda had recently reported that users could successfully patch vulnerable Email Security Gateway (ESG) appliances, but it posted an update this week saying the hardware “must be immediately replaced regardless of patch version level.” |
Barracuda tells customers to rip out vulnerable hardware as experts size up the damage |
Report |
A hacking group tracked as 'Asylum Ambuscade' was observed in recent attacks targeting small to medium-sized companies worldwide, combining cyber espionage with cybercrime. |
|
Warning |
The Swiss government has disclosed that a recent ransomware attack on an IT supplier might have impacted its data, while today, it warns that it is now targeted in DDoS attacks. |
|
Report |
A widespread brand impersonation campaign targeting over a hundred popular apparel, footwear, and clothing brands has been underway since June 2022, tricking people into entering their account credentials and financial information on fake websites. |
Massive phishing campaign uses 6,000 sites to impersonate 100 brands |
Report |
Microsoft has linked a threat group it tracks as Cadet Blizzard since April 2023 to Russia’s Main Directorate of the General Staff of the Armed Forces (also known as GRU). |
Microsoft links data wiping attacks to new Russian GRU hacking group |
Warning |
CISA issued this year's first binding operational directive (BOD) ordering federal civilian agencies to secure misconfigured or Internet-exposed networking equipment within 14 days of discovery. |
CISA orders federal agencies to secure Internet-exposed network devices |
Warning |
U.S. and international cybersecurity authorities said in a joint LockBit ransomware advisory that the gang successfully extorted roughly $91 million following approximately 1,700 attacks against U.S. organisations since 2020. |
CISA: LockBit ransomware extorted $91 million in 1,700 U.S. attacks |
Warning |
Microsoft has detected an increase in credential-stealing attacks conducted by the Russian state-affiliated hacker group often labelled as APT29, Cozy Bear or Nobelium. These attacks are directed at governments, IT service providers, nongovernmental organisations (NGOs), and defence and critical manufacturing industries. |
Kremlin-backed hacking group puts fresh emphasis on stealing credentials |
Warning |
The National Security Agency said that organisations should think twice about whether they’re protected against the BlackLotus “bootkit” malware that cybersecurity experts first warned about in March. |
NSA warns of ‘false sense of security’ against BlackLotus malware |
Warning |
A new mobile malware campaign since March 2023 pushes the Android banking trojan 'Anatsa' to online banking customers in the U.S., the U.K., Germany, Austria, and Switzerland. |
Anatsa Android trojan now steals banking info from users in US, UK |
Report |
The Akira ransomware operation uses Linux encryptor to encrypt VMware ESXi virtual machines in double-extortion attacks against companies worldwide. |
Linux version of Akira ransomware targets VMware ESXi servers |
Report |
The Cybersecurity and Infrastructure Security Agency (CISA) said it is working with federal agencies to remove network management tools from the public-facing internet after researchers discovered hundreds were still publicly exposed. |
CISA working with agencies to pull exposed network tools from public internet |
Warning |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned of ongoing distributed denial-of-service (DDoS) attacks after U.S. organisations across multiple industry sectors were hit. |