Cyber Security Blog

June 2023: Recent Cyber Attacks, Data Breaches & Ransomware Attacks

Written by Aditi Uberoi | 3 July 2023

June 2023 saw some of the biggest cybersecurity breaches, attacks and eye-catching news stories this year. Here's a complete roundup of all the recent cyber attacks, data breaches and ransomware attacks that made it to the news in June 2023.  

  1. Ransomware Attacks in June 2023
  2. Data Breaches in June 2023
  3. Cyber-Attacks in June 2023
  4. New Ransomware/Malware Detected in June 2023
  5. Vulnerabilities/Patches 
  6. Advisories issued, reports, analysis etc. in June 2023

The MOVEit cyber-attack and updates on the May Barracuda incident have made striking headlines this month. And perhaps, in the entire year so far.  

With Progress Software’s MOVEit tool being compromised, we have been witnessing yet another massive supply chain attack. Almost every other day in June, new victims came to light taking the total close to 130 organisations and a whopping 15 million individuals. Some of the biggest global brands have been affected by this hack including Shell, the BBC, British Airways, Boots, UCLA, Sony, EY, PwC, Cognizant and many more.

This attack has put the spotlight once again on supply chain security. It has reiterated that focussing on your cyber defences alone is not enough in today's complex threat landscape. Evaluating the security posture and breach readiness of your third party associates is just as critical. 

And if there was any reiteration left to be done, it was taken care of by the updates on the Barracuda attack that kept coming in June 2023. While the Barracuda Email Security Gateway Appliances compromise had been creating ripples since last month, on June 6, 2023, the company asked its affected customers to "rip out affected ESG appliances" as just fixing them with patches wasn’t going to work. 

As always, our endeavour is not to create fear or panic or turn the spotlight on the victim. With a purely educational motivation, we attempt to highlight everything that could go wrong and has gone wrong.   

The fact is that today you can never be fully sure of your organisational cybersecurity. It is, therefore, critical to not view your cyber health assessment as a one-time or annual activity. Securing your defences must be an ongoing process and one that sees regular investment of resources and time. 

To achieve true, cybersecurity resilience you must focus on continuous Business Continuity Management. Business Continuity can be achieved by assessing your existing cybersecurity breach readiness, ransomware readiness, evaluating your third-party risk on a regular basis and reviewing or creating Incident Response plans, policies and processes with the help of external cybersecurity experts like our Virtual Cyber Assistants

Ransomware Attacks in June 2023

Date

Victim

Summary

Threat Actor

Business Impact

Source Link

June 01, 2023

Enzo Biochem

Clinical test data of 2.5 million people stolen from biotech company Enzo Biochem

Unknown

According to regulatory filings, the ransomware attack that occurred in April resulted in the compromise of test information and personal data of nearly 2.5 million people. The victim company said that on April 6, it experienced a ransomware attack that involved the “unauthorised access to or acquisition of clinical test information of approximately 2,470,000 individuals".

Enzo Biochem ransomware attack

June 01, 2023

Harvard Pilgrim Health Care

Harvard Pilgrim Health Care ransomware attack hits 2.5 million people

Unknown

The ransomware attack impacted 2,550,922 people. The threat actors stole sensitive data from compromised systems including full names, physical addresses, phone numbers, dates of birth, health insurance account information, Social Security numbers, clinical information, including medical history, diagnoses, treatment, dates of service, and provider names.

Ransomware attack on Harvard Pilgrim Health Care

June 01, 2023

Legal services platform Casepoint

Legal services platform Casepoint used by SEC, Pentagon investigating ransomware attack claims

ALPHV ransomware

BlackCat/ALPHV ransomware group added Casepoint to its list of victims. It also shared several sensitive documents allegedly related to the FBI apart from claiming to have access to the company's network. The victim organisation earlier said that they haven't heard anything from the cyber group about a ransom nor have they seen any unusual activity on their networks. However, a few days later they added that they have activated their incident response protocols and have hired a forensic firm to help investigate the allegations. 

Legal services platform Casepoint ransomware attack update

June 02, 2023

Spanish bank Globalcaja

Large Spanish bank Globalcaja confirms ransomware attack

Play ransomware

In this attack, the ransomware gang stole an undisclosed amount of private and personal confidential data, client and employee documents, passports, contracts and more.

Ransomware attack on  Spanish bank Globalcaja

June 02, 2023

YKK

LockBit group claims ransomware attack on Japanese zipper maker YKK

LockBit ransomware

According to the vice president of corporate communications at YKK, there is no material impact on the company's operations or its ability to continue to serve customers and there is no evidence that personal or financial information or intellectual property was compromised.

YKK ransomware attack

June 03, 2023

Waterloo University

Canadian university dealing with ransomware attack on email system

Unknown

A university official explained that the school’s on-campus Microsoft Exchange email services were affected by the ransomware attack, sparing those who only use their cloud-based email. And as a result, the school disabled the email system temporarily meaning students could not log in or create new accounts and the students also were not able to sign into other educational platforms with their email credentials, like Workday, Waterloo LEARN, and more.

Waterloo University ransomware attack

June 05, 2023

Progress MOVEit 

Clop ransomware claims responsibility for MOVEit extortion attacks

Lace Tempest, a group affiliated with Clop ransomware

The Clop ransomware gang allegedly told Bleeping Computer they are behind the MOVEit Transfer data-theft attacks, where a zero-day vulnerability was exploited to breach multiple companies' servers and steal data.

MOVEit ransomware attack

June 05, 2023

Zellis

Payroll Provider Zellis Falls Prey to MOVEit Transfer Breach

Clop ransomware 

Zellis said: “A small number of our customers were impacted by this global issue and we are actively working to support them. All Zellis-owned software were unaffected and there were no associated incidents or compromises to any other part of our IT estate.”

Ransomware attack on payroll provider Zellis 

June 06, 2023

Japanese pharma company Eisai

Eisai hit with ransomware attack; launches investigation into possible data leaks

Unknown

Eisai said certain systems both in and outside of Japan, including logistics systems, were taken offline as a result of the incident.

Ransomware attack on  Japanese pharma company Eisai

June 08, 2023

Australian law firm, HWL Ebsworth 

BlackCat ransomware attempts to extort Australian commercial law giant

BlackCat ransomware

BlackCat hacked the law firm's network and published 1.45 TB of data containing over a million documents allegedly stolen from the law firm's systems in April 2023. But now the cybercriminals have started threatening to leak more if the company doesn't meet their demands. A spokesperson for the firm said that they would not succumb to the threat actor's extortion demands.

Ransomware attack on an Australian HWL Ebsworth

June, 09, 2023

The Kaiserslautern University of Applied Sciences

Cyberattack on German university takes ‘entire IT infrastructure’ offline

Unknown

The university stated that its entire IT infrastructure had been taken offline, including university email accounts and the telephone system. Almost every facility and service available to the institution’s more than 6,200 students was affected and it said computer pools and even the library will “remain closed until further notice”.

Ransomware attack on the Kaiserslautern University of Applied Sciences 

June 09, 2023

The Illinois Department of Innovation & Technology

Illinois DoIT Impacted by Wide-Ranging Ransomware Attack

Clop ransomware

The Illinois Department of Innovation & Technology (DoIT) is continuing to investigate how deeply the event has impacted state systems as the full count is not yet available, but the department said “a large number of individuals could be impacted.”

Ransomware attack on the Illinois Department of Innovation & Technology (DoIT)

June 10, 2023

Xplain – a Swiss IT firm providing services to several federal agencies in Switzerland

Switzerland warns that a ransomware gang may have accessed government data

Play ransomware

The ransomware group leaked the files it stole from the company on June 1, 2023, which it claimed included 907 GB of financial and other data. The Swiss government also confirmed that various websites of the Federal Administration were knocked offline by the DDoS attack.

Ransomware attack on Swiss government and Xplain

June 12, 2023

The Development Bank of Southern Africa

State-owned bank in South Africa confirms ‘Akira’ ransomware attack

Akira ransomware

Hackers accessed information including business names, the names of directors and shareholders, addresses, identification documents, and contact information including phone numbers and email addresses and they also encrypted servers, log files and documents.

Ransomware attack on the Development Bank of Southern Africa

June 15, 2023

Shell

Oil and gas giant Shell confirms it was impacted by Clop ransomware attacks

Clop ransomware 

Shell said there was no evidence of impact to its core IT systems and said their IT teams continued to investigate the incident without making any contact with the hackers.

Clop ransomware attack on oil giant Shell

June 15, 2023

Chilean Army

Rhysida ransomware leaks documents stolen from Chilean Army

Rhysida ransomware

The Rhysida ransomware gang published 30% (around 360,000 Chilean Army documents) of all the data they claim to have stolen from the Chilean Army's network after initially adding it to their data leak site and claiming the attack.

Rhysida ransomware attack on Chilean Army

June 17, 2023

Social media giant Reddit

Reddit says ransomware posting connected to February incident

BlackCat/ALPHV ransomware

The BlackCat/ALPHV ransomware group threatened the company with claims that 80GB of stolen data would be released to the public if they were not paid $4.5 million. The gang also demanded the company to end its controversial decision to charge third parties for using its API. A Reddit spokesperson said the claims were tied to a February security incident.

Ransomware attack on social media giant Reddit 

June 19, 2023

Des Moines Public Schools

Iowa’s largest school district confirms ransomware attack, data theft

Unknown

In this attack, 6,700 individuals became victims of an alleged data compromise. 

Ransomware attack Des Moines Public Schools

June 21, 2023

Hawaiʻi Community College

Hawaiʻi Community College hit with ransomware attack

NoEscape ransomware group, also stylized as N0_Esc4pe

The attack forced the college to shut down its IT systems and the NoEscape ransomware group claimed to have stolen 65 gigabytes of data, threatening to leak what was taken after a week.

Hawaiʻi Community College ransomware attack

June 30, 2023

Chipmaker giant TSMC

TSMC denies LockBit hack as ransomware gang demands $70 million

LockBit ransomware

The hacker stole company data and started publishing small chunks on its dark site with a demand of $70 million but TSMC denied this data breach.

Ransomware attack on Taiwanese chipmaker TSMC

 

Ransomware attacks are increasing in number and complexity every day. They are amongst the most talked-of cybersecurity problems today simply because they've become so widespread. And they're costly. While nobody is advised to pay the ransom demanded, it can take organisations weeks or even months to recover from ransomware attacks. Not to mention the hard-to-repair reputational damage they cause. But while there is no escaping them, you can try to prevent and mitigate the impact of ransomware attacks by using some of these FREE ransomware resources created by our cybersecurity experts

  1. Ransomware Mitigation Checklist
  2. Ransomware Response Checklist
  3. Ransomware Response Workflow Guide  

Back to Top 


Data Breaches in June 2023

Date

Victim

Summary

Threat Actor

Business Impact

Source Link

June 02, 2023

Burton Snowboard

Burton Snowboard discloses data breach after February attack

Unknown

In this now-disclosed attack that  occurred in February 2023, the threat actors potentially stole files containing customers' names, Social Security numbers, and financial account information. Burton Snowboard warned affected individuals that stolen files also contained their financial information.

Burton Snowboard data breach update

June 02, 2023

University of Rochester 

Students, staff encouraged to change passwords after data breach

Clop ransomware

The attack affected the whole University including its faculty, students, and staff.

University of Rochester data breach

June 04, 2023

Nova Scotia IWK Health Centre

Data on as many as 100,000 Nova Scotia healthcare staff stolen in MOVEit breach

Clop ransomware

The victim province said some Nova Scotians’ personal information has been breached as part of the global security issue with the file transfer service MOVEit. The province said the investigation has not yet determined how many employees have been impacted, but initial estimates suggest as many as 100,000 and this number could go up or down.

Nova Scotia IWK health centre data breach 

Jun 05, 2023

The BBC

The BBC amongst those affected by data breach at payroll company Zellis

Clop ransomware 

The BBC said staff were warned personal data including national insurance numbers and in some cases bank details may have been stolen. It clarified that data stolen included staff ID numbers, dates of birth, home addresses and national insurance numbers.

BBC data breach incident

June 05, 2023

British Airways 

British Airways payroll data stolen in MOVEit supply-chain attack

Clop ransomware 

BA said that personal data of its staff was compromised in a data breach incident and it notified those colleagues whose personal information has been compromised to provide support and advice. 

British Airways data breach incident 

June 05, 2023

Pharmacy giant Boots 

Boots caught up in file transfer hack

Clop ransomware 

Boots, part of Walgreens Boots Alliance, said the attack had compromised some of its employees' personal details.

Pharmacy giant Boots data breach incident

June 05, 2023

Irish airline Aer Lingus

Around 5,000 Aer Lingus employees affected by cyber attack

Clop ransomware 

Aer Lingus confirmed that around 5,000 of its employees were affected by a cyber attack that compromised personal information.

Aer Lingus data breach attack

June 06, 2023

The American Board of Internal Medicine (ABIM)

MOVEit Transfer vulnerability affects ABIM

Clop ransomware 

The victim organisation said: “ABIM amongst approximately 800 organisations potentially affected by the recent MOVEit Transfer vulnerability. We wanted to alert the diplomatic community as soon as we could to the possibility that some of their personal data may have been exposed.”

The American Board of Internal Medicine (ABIM) data breach

June 07, 2023

Honda

Honda API flaws exposed customer data, dealer panels, internal docs

Exposed by  security researcher Eaton Zveare

Honda's e-commerce platform for power equipment, marine, lawn & garden, was vulnerable to unauthorised access by anyone due to API flaws that allow password reset for any account and this flaw was exposed by security researcher Eaton Zveare. Zveare had earlier also breached Toyota's supplier portal a few months back, leveraging similar vulnerabilities. The security researcher was able to expose information on 21,393 customer orders across all dealers from August 2016 to March 2023.

Honda data breach incident due to API flaw

June 09, 2023

University of Manchester

University of Manchester announces cyber incident; says data ‘likely’ copied

Unknown

The university announced it was the victim of a cyber incident and that the hackers had accessed and “likely” copied data as the university’s more than 40,000 students were warned to be vigilant for phishing emails. The University also employs more than 12,000 staff whose data may equally be affected. In an update, the university announced: “Based on our investigations we believe that a small proportion of data has been copied that relates to some students, and some alumni.”



University of Manchester data breach

June 09, 2023

The Minnesota Department of Education

Cyber attack exposes data of 95,000 Minnesota students

Clop ransomware 

The Minnesota Department of Education said some personal information of 95,000 students was accessed as part of a data breach from a global cybersecurity attack. The exposed information affected children in foster care, the Minneapolis and Perham school districts and Hennepin Technical College.

Minnesota Department of Education data breach 

June 09, 2023

Extreme Networks

Extreme Networks emerges as victim of Clop MOVEit attack

Clop ransomware

Network equipment and services supplier Extreme Networks becomes the latest technology company to be affected by MOVEit attack. The company said it hasn’t yet determined the impact on customer information.

Extreme Networks data breach

June 12, 2023

UK communications regulator Ofcom

Confidential data downloaded from UK regulator Ofcom in cyber attack

Clop ransomware

Ofcom said a limited amount of information about companies it regulates, some of it confidential alongside the personal data of 412 of its own employees, was downloaded in the attack.

Ofcom data breach incident

June 16, 2023

Louisiana Office of Motor Vehicles

Louisiana Office of Motor Vehicles suffers data breach

Clop ransomware

The OMV believes that all Louisianans with a state-issued driver’s licence, ID or car registration have likely had sensitive data exposed including Names, Addresses, Social Security Numbers, Driver’s Licence Numbers, Vehicle Registration Information etc.

Louisiana Office of Motor Vehicles data breach

June 16, 2023

The Oregon Driver & Motor Vehicle Services

Massive hack of Oregon DMV system puts estimated 3.5 million driver licence and ID card numbers at risk as per officials 

Clop ransomware

The Oregon Driver and Motor Vehicle Services confirmed that an estimated 3.5 million driver’s licence and identification card files were compromised when the agency was hacked two weeks ago.

The Oregon Driver & Motor Vehicle Services data breach

June 19, 2023

ChatGPT

Over 100,000 ChatGPT accounts stolen via info-stealing malware

Unknown

According to dark web marketplace data, ​more than 101,000 ChatGPT user accounts have allegedly been stolen by information-stealing malware over the past year.

ChatGPT data breach affects over 100,000 accounts 

June 20, 2023

Car mount and mobile accessory maker iOttie

iOttie discloses data breach after site hacked to steal credit cards

Unknown

iOttie has not shared how many customers were impacted but said that names, personal information, and payment information could have been stolen, including financial account numbers, credit and debit card numbers, security codes, access codes, passwords, and PINs.

iOttie data breach incident

June 21, 2023

Snack food company Mondelēz

Mondelēz retirement data breached after hacker targets law firm Bryan Cave

Unknown

Mondelēz International said the personal data of more than 51,000 current and former employees was accessed after a breach at the law firm of Bryan Cave Leighton Paisner, which provided legal services to the food and snacks company.

Data breach attack on snack food company Mondelēz

June 21, 2023

Multinational shipping company UPS

UPS discloses data breach after exposed customer info used in SMS phishing

Unknown

Multinational shipping company UPS is alerting Canadian customers that some of their personal information might have been exposed via its online package look-up tools and abused in phishing attacks. As per some online reports the threat actors have apparently been using the compromised names, phone numbers, and postal codes, as well as info on recent orders.

UPS data breach

June 23, 2023

PBI Research Services, Genworth Financial, Wilton Reassurance, CalPERS 

MOVEIt breach impacts Genworth, CalPERS as data for 3.2 million exposed

Clop ransomware

PBI Research Services (PBI) has suffered a data breach with three clients (Genworth Financial, Wilton Reassurance, CalPERS-California Public Employees' Retirement System) disclosing that the data for 4.75 million people was stolen in the recent MOVEit Transfer data-theft attacks. According to three different disclosures from PBI clients, millions of customers have had their sensitive data exposed in these attacks. However, this number may increase as other companies make further disclosures.

MOVEIt breach impact on PBI Research Services and its clients 

June 23, 2023

American Airlines

American Airlines disclose data breaches affecting pilots

Unknown

According to American Airlines, the stolen data contained some of airline employees especially pilots’ personal information, such as their names and Social Security numbers, driver’s licence numbers, passport numbers, dates of birth, Airman Certificate numbers, and other government-issued identification number(s)

American Airlines latest data breach 

June 23, 2023

Southwest Airlines

Southwest Airlines discloses data breach affecting pilots

Unknown

According to the Vendor-(Pilot Credentials), an unauthorised actor gained access to the Vendor’s cloud environment on or around April 30, 2023, and temporarily obtained files uploaded by some pilot applicants. Southwest conducted a robust review of the data and determined that the files contained certain pilot applicants’ personal information, including names, Social Security numbers, driver’s licence numbers, airman certificate numbers, and passport numbers.

Southwest Airlines data breach

June 24, 2023

Capital One

Capital One becomes latest bank affected by cyber attack on debt-buying giant NCB Management Services

Unknown

Capital One is the latest financial institution to reveal that it was affected by a cyber attack that occurred in February 2023 on NCB Management Services, a company that purchases debt. Capital One said more than 16,500 people had information like their physical address, Social Security numbers, account numbers and account status leaked during the attack on NCB.

Capital One data breach incident 

June 26, 2023

New York City Department of Education

Hackers steal data of 45,000 New York City students in MOVEit breach

Clop ransomware

The New York City Department of Education (NYC DOE) said hackers stole documents containing sensitive personal information of up to 45,000 students from its MOVEit Transfer server.

New York City students affected by MOVEit hack

June 27, 2023

Siemens Energy

Siemens Energy confirms data breach after MOVEit data-theft attack

Clop ransomware

Clop listed Siemens Energy on their data leak site, indicating that data was stolen during a breach attack on the company, but as per Siemens Energy’s statement, no critical data was stolen, and business operations were not impacted.

Siemens data breach

June 27, 2023

The University of California, Los Angeles (UCLA)

UCLA among victims of worldwide cyber attack

Clop ransomware

In this hack incident, an undisclosed amount of UCLA’s data was affected. 

UCLA Data Breach

Back to Top 

Cyber Attacks in June 2023

Date

Victim

Summary

Threat Actor

Business Impact

Source Link

June 01, 2023

Idaho hospital

Idaho hospital diverts ambulances, turns to paper charting following cyber attack

Unknown

Due to the impact of the cyber attack, the  clinicians at Idaho Falls Community Hospital resorted to paper charting at the 88-bed hospital in the eastern part of the state. The attack forced the hospital to close some connected clinics while ambulances were diverted to some other hospitals.

Idaho hospital cyber attack

June 04, 2023

Atomic Wallet

Atomic Wallet hacks lead to over $35 million being stolen in crypto 

Lazarus hackers

Hackers exposed wallets and stole over $35 million in crypto

Crypto laundering cyber attack on Atomic Wallet

June 05, 2023

Outlook.com

Outlook.com hit by outages as hacktivists claim DDoS attacks

Anonymous Sudan

Due to a DDoS attack on Outlook.com that caused two major outages, there were widespread disruptions for global Outlook users, preventing users worldwide from reliably accessing or sending email and using the mobile Outlook app.

DDoS cyber attack on Outlook.com 

June 07, 2023

Aix-Marseille university 

Aix-Marseille, France’s largest university, hit by cyber attack

Unknown

The attack caused a network interruption and prevented university staff to access their systems  

Aix-Marseille university cyber attack

June 08, 2023

Russian telecom provider Infotel JSC

Ukrainian hackers take down service provider for Russian banks

Ukrainian hackers' group Cyber.Anarchy.Squad

Ukrainian hackers claimed an attack that took down Russian telecom provider Infotel JSC that provides connectivity services between the Russian Central Bank and other Russian banks, online stores, and credit institutions. And due to this attack, multiple major banks across Russia had their access cut off from the country's banking systems so that they can no longer make online payments.

Cyber attack on a Russian telecom provider Infotel JSC

June 10, 2023

Cointelegraph

Hackers steal $3 million by impersonating crypto news journalists

A hacking group tracked as 'Pink Drainer'

Pink Drainer successfully compromised the accounts of 1,932 victims to steal roughly $2,997,307 worth of digital assets on the Mainnet and Arbitrum

Pink Drainer launches crypto laundering attacks by impersonating journalists

June 12, 2023

The city of Fayetteville, Arkansas 

Fayetteville cyber security incident still not resolved

Unknown

The cyber attack forced officials to take most digital municipal services offline including email, online payments, inspection scheduling and network applications.

Cyber attack on the city of Fayetteville, Arkansas 

June 15, 2023

Barracuda ESG

Barracuda ESG zero-day attacks linked to suspected Chinese hackers

A pro-China hacker group tracked as UNC4841

Hackers compromised Barracuda’s ESG appliances used by many large scale organisations  

Chinese hackers behind Barracuda ESG cyber attack

June 26, 2023

Suncor Energy

Suncor Energy cyber attack impacts Petro-Canada gas stations

Unknown

Due to a cyber attack on Suncor Energy, Petro-Canada gas stations across Canada were impacted by technical problems preventing customers from paying with credit card or rewards points.

Suncor Energy cyber attack

June 29, 2023

Russian satellite communications provider Dozor-Teleport

Hackers claim to take down Russian satellite communications provider

Wagner Group

Hackers damaged some of the satellite terminals and leaked and destroyed confidential information stored on the company's servers as they posted 700 files, including documents and images, to a leak site, as well as some to their newly created Telegram channel.

Cyber attack on a Russian satellite communications provider


Back to Top 

New Ransomware/Malware Discovered in June 2023

New Ransomware

Summary

Source Link

Vidar information-stealing malware

Online sellers are targeted in a new campaign to push the Vidar information-stealing malware, allowing threat actors to steal credentials for more damaging attacks.

Online sellers targeted by new information-stealing malware campaign

SpinOk Android malware

The SpinOk malware has been found in a new batch of Android apps on Google Play, reportedly installed an additional 30 million times.

SpinOk Android malware found in more apps with 30 million installs

A new PowerShell malware, PowerDrop

A new PowerShell malware script named 'PowerDrop' has been discovered to be used in attacks targeting the U.S. aerospace defence industry. PowerDrop was discovered by Adlumin, who last month found a sample of the malware in the network of a defence contractor in the U.S.

New 'PowerDrop' PowerShell malware targets U.S. aerospace industry

BlackSuit encryptor

The Royal ransomware gang has begun testing a new encryptor called BlackSuit that shares many similarities with the operation's usual encryptor.

Royal ransomware gang adds BlackSuit encryptor to their arsenal

New ‘Shampoo’ Chromeloader malware

A new ChromeLoader campaign is underway, infecting visitors of warez and pirated movie sites with a new variant of the search hijacker and adware browser extension named Shampoo.

New ‘Shampoo’ Chromeloader malware pushed via fake warez sites

EarlyRAT malware

Security analysts have discovered a previously undocumented remote access trojan (RAT) named 'EarlyRAT,' used by Andariel, a sub-group of the Lazarus North Korean state-sponsored hacking group.

New EarlyRAT malware linked to North Korean Andariel hacking group

Back to Top 

 

Vulnerabilities/Patches Discovered in June 2023

Date

Flaws/Fixes

Summary

Source Link

June 01, 2023

CVE-2023-34362

Hackers exploit a zero-day vulnerability in the MOVEit Transfer file transfer software to steal data from organisations.

New MOVEit Transfer zero-day mass-exploited in data theft attacks

June 04, 2023

CVE-2023-34362

CISA has added an actively exploited security bug in the Progress MOVEit Transfer managed file transfer (MFT) solution to its list of known exploited vulnerabilities, ordering U.S. federal agencies to patch their systems by June 23.

CISA orders govt agencies to patch MOVEit bug used for data theft

June 05, 2023

CVE-2023-32784

KeePass has released version 2.54, fixing the CVE-2023-32784 vulnerability that allows the extraction of the cleartext master password from the application's memory.

KeePass v2.54 fixes bug that leaked cleartext master password

June 06, 2023

CVE-2023-3079

Google has released a security update for Chrome web browser to address the third zero-day vulnerability that hackers exploited this year.

Google fixes new Chrome zero-day flaw with exploit in the wild

June 06, 2023

CVE-2022-22706

The new security patch level 2023-06-05 integrated a patch for a high-severity flaw in the Mali GPU kernel driver from Arm that Google’s Threat Analysis Group (TAG) believes may have been used in a spyware campaign targeting Samsung phones.

Android security update fixes Mali GPU bug exploited as zero-day

June 07, 2023

CVE-2023-20178

Cisco has fixed a high-severity vulnerability found in Cisco Secure Client (formerly AnyConnect Secure Mobility Client) software that can let attackers escalate privileges to the SYSTEM account used by the operating system.

Cisco fixes AnyConnect bug giving Windows SYSTEM privileges

June 07, 2023

CVE-2023-20887

VMware issued multiple security patches today to address critical and high-severity vulnerabilities in VMware Aria Operations for Networks, allowing attackers to gain remote execution or access sensitive information.

VMware fixes critical vulnerabilities in vRealize network analytics tool

June 09, 2023

CVE-2023-35036

Progress Software warned customers of newly found critical SQL injection vulnerabilities in its MOVEit Transfer managed file transfer (MFT) solution that can let attackers steal information from customers' databases.

New MOVEit Transfer critical flaws found after security audit

June 12, 2023

CVE-2023-27997 / FG-IR-23-097)

Fortinet says a critical FortiOS SSL VPN vulnerability that was patched earlier "may have been exploited" in attacks impacting government, manufacturing, and critical infrastructure organisations.

Fortinet: New FortiOS RCE bug "may have been exploited" in attacks

June 13, 2023

CVE-2023-20867

VMware patched a VMware ESXi zero-day vulnerability exploited by a Chinese-sponsored hacking group to backdoor Windows and Linux virtual machines and steal data.

Chinese hackers used VMware ESXi zero-day to backdoor VMs

June 15, 2023

CVE-2023-35708

Progress published information about a third critical vulnerability which got listed as CVE-2023-35708 on June 16.

MOVEit discloses THIRD critical vulnerability

June 21, 2023

CVE-2023-32434 and CVE-2023-32435

Apple addressed three new zero-day vulnerabilities exploited in attacks installing Triangulation spyware on iPhones via iMessage zero-click exploits.

Apple fixes zero-days used to deploy Triangulation spyware via iMessage

June 23, 2023

CVE-2023-20887

According to the U.S. Cybersecurity and Infrastructure Security Agency, a new vulnerability affecting a popular VMware network analytics product (Aria Operations) is being exploited by hackers.

CISA says latest VMware analytics bug being exploited

 Back to Top 

Warnings/Advisories/Reports/Analysis

News

Summary

Source Link

Report

Russian cybersecurity firm Kaspersky said some iPhones on its network were hacked using an iOS vulnerability that installed malware via iMessage zero-click exploits.

Russia says US hacked thousands of iPhones in iOS zero-click attacks

Report

A previously unknown campaign involving the Hotabot botnet malware has targeted Spanish-speaking users in Latin America since at least November 2020, infecting them with a banking trojan and spam tool.

New Horabot campaign takes over victim's Gmail, Outlook accounts

Warning

The U.S and Korean agencies warned that a state-sponsored North Korean hacker group Kimsuky (a.ka. APT43) has been impersonating journalists and academics for spear-phishing campaigns to collect intelligence from think tanks, research centres, academic institutions, and various media organisations.

NSA and FBI: Kimsuky hackers pose as journalists to steal intel

Report

A new Magecart credit card stealing campaign hijacked legitimate sites to act as "makeshift" command and control (C2) servers to inject and hide the skimmers on targeted eCommerce sites.

Hackers hijack legitimate sites to host credit card stealer scripts

Report

GIGABYTE has released firmware updates to fix security vulnerabilities in over 270 motherboards that could be exploited to install malware.

GIGABYTE releases new firmware to fix recently disclosed security flaws

Report

Microsoft has agreed to pay a $20 million fine and change data privacy procedures for children to settle Federal Trade Commission (FTC) charges over Children's Online Privacy Protection Act (COPPA) violations.

Microsoft to pay $20 million for XBOX children privacy violations

Report

Hackers (APT38) based in North Korea are spoofing financial institutions and venture capital firms in the U.S., Vietnam and Japan, according to new research.

North Korean hackers spoof venture capital firms in Japan, Vietnam and US

Warning

Barracuda had recently reported that users could successfully patch vulnerable Email Security Gateway (ESG) appliances, but it posted an update this week saying the hardware “must be immediately replaced regardless of patch version level.”

Barracuda tells customers to rip out vulnerable hardware as experts size up the damage

Report

A hacking group tracked as 'Asylum Ambuscade' was observed in recent attacks targeting small to medium-sized companies worldwide, combining cyber espionage with cybercrime.

Asylum Ambuscade hackers mix cybercrime with espionage

Warning

The Swiss government has disclosed that a recent ransomware attack on an IT supplier might have impacted its data, while today, it warns that it is now targeted in DDoS attacks.

Swiss government warns of ongoing DDoS attacks, data leak

Report

A widespread brand impersonation campaign targeting over a hundred popular apparel, footwear, and clothing brands has been underway since June 2022, tricking people into entering their account credentials and financial information on fake websites.

Massive phishing campaign uses 6,000 sites to impersonate 100 brands

Report

Microsoft has linked a threat group it tracks as Cadet Blizzard since April 2023 to Russia’s Main Directorate of the General Staff of the Armed Forces (also known as GRU).

Microsoft links data wiping attacks to new Russian GRU hacking group

Warning

CISA issued this year's first binding operational directive (BOD) ordering federal civilian agencies to secure misconfigured or Internet-exposed networking equipment within 14 days of discovery.

CISA orders federal agencies to secure Internet-exposed network devices

Warning

U.S. and international cybersecurity authorities said in a joint LockBit ransomware advisory that the gang successfully extorted roughly $91 million following approximately 1,700 attacks against U.S. organisations since 2020.

CISA: LockBit ransomware extorted $91 million in 1,700 U.S. attacks

Warning

Microsoft has detected an increase in credential-stealing attacks conducted by the Russian state-affiliated hacker group often labelled as APT29, Cozy Bear or Nobelium. These attacks are directed at governments, IT service providers, nongovernmental organisations (NGOs), and defence and critical manufacturing industries.

Kremlin-backed hacking group puts fresh emphasis on stealing credentials 

Warning

The National Security Agency said that organisations should think twice about whether they’re protected against the BlackLotus “bootkit” malware that cybersecurity experts first warned about in March.

NSA warns of ‘false sense of security’ against BlackLotus malware 

Warning

A new mobile malware campaign since March 2023 pushes the Android banking trojan 'Anatsa' to online banking customers in the U.S., the U.K., Germany, Austria, and Switzerland.

Anatsa Android trojan now steals banking info from users in US, UK

Report

The Akira ransomware operation uses Linux encryptor to encrypt VMware ESXi virtual machines in double-extortion attacks against companies worldwide.

Linux version of Akira ransomware targets VMware ESXi servers

Report

The Cybersecurity and Infrastructure Security Agency (CISA) said it is working with federal agencies to remove network management tools from the public-facing internet after researchers discovered hundreds were still publicly exposed.

CISA working with agencies to pull exposed network tools from public internet

Warning

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned of ongoing distributed denial-of-service (DDoS) attacks after U.S. organisations across multiple industry sectors were hit.

CISA issues DDoS warning after attacks hit multiple US orgs

Back to Top