Cyber Security Blog

November 2023: Biggest Cyber Attacks, Data Breaches Ransomware Attacks

Written by Aditi Uberoi | 1 December 2023

The Biggest Cyber Attacks, Ransomware Attacks and Data Breaches - our compilation for the month of November 2023. 

  1. Ransomware Attacks in November 2023
  2. Data Breaches in November 2023
  3. Cyber-Attacks in November 2023
  4. New Ransomware/Malware Detected in November 2023
  5. Vulnerabilities/Patches 
  6. Advisories issued, reports, analysis etc. in November 2023

 

Boeing, American Airlines Pilot Association, Healthcare giant Henry Schein, Marina Bay Sands, Samsung, a U.S. Nuclear Research Lab, Japan Aerospace Space Agency and mortgage giant, Mr. Cooper. What do all of these organisations have in common?

They recently became victims of cyber crime. Some had their data encrypted, stolen or leaked. In many cases operations were disrupted for days and many will face regulatory and compliance challenges in the days to come. Our monthly list of the biggest cyber attacks, ransomware attacks and data breaches captures all the major cybersecurity incidents that took place in the month of November, 2023. 

The objective as always, isn't to turn the spotlight on the victims, but to emphasise the rise in cyber crime and how it can impact almost every business or government body. The only real prevention today is preparation. Nobody can save you from cyber attacks but you can save yourself by mitigating their impact through effective cyber incident response. 

Also, make sure you test your response capabilities through regular cyber attack tabletop exercises. These act like a litmus test of your cyber resilience capabilities. While we always recommend hiring an external facilitator for your cybersecurity tabletop exercises, if you plan to run your own, don't forget to use our free resources and customise them to your organisational needs and threat context.   

  1. Top Cyber Tabletop Exercise Scenarios 
  2. Cyber Security Tabletop Exercise Template
  3. Cyber Tabletop Exercise PPT
  4. Cyber Crisis Tabletop Exercise Checklist

These resources have been created by the world's #1 tabletop exercise facilitator and can help you run and effective incident response tabletop exercise of your own. 

If you still feel overwhelmed by everything you need to do to get your cybersecurity maturity in order, you can check out our cyber consulting services.

We have created an unmatched value proposition with our Virtual Cyber Assistant service. In the most cost-effective and flexible format possible, you can improve your cybersecurity posture over time. For those businesses that have a more immediate requirement to enhance cyber resilience, our Virtual Cyber Consultant service is just the perfect fit.  

Ransomware Attacks in November 2023

Date

Victim

Summary

Threat Actor

Business Impact

Source Link

Nov 01, 07 2023

TransForm Shared Service Organisation 

Cyber Attack on shared services provider affects 5 regional hospitals in Canada. Daixin Team claims responsibility. 

Daixin Team

Daixin Team claimed responsibility for — and leaking data from — an attack on TransForm Shared Service Org that has significantly impacted five Canadian hospitals in Ontario. Surgeries and appointments were reportedly  cancelled or rescheduled in some cases. Attackers managed to steal a database containing information on 5.6 million patient visits, corresponding to approximately 267,000 unique individuals.

Ransomware attack update on five Canadian hospitals in Ontario run under TransForm Shared Service Organization



Nov 01, 2023

California community college Río Hondo

California community college Río Hondo deals with a cybersecurity incident.

LockBit Ransomware

Río Hondo College in Southern California is dealing with a cybersecurity incident that limited campus functions for days before most services were returned. The school did not identify the disruptions as related to cyber attacks, but the LockBit ransomware gang added the school to its list of victims, giving officials until Nov 20 to pay an undisclosed ransom.

California community college Río Hondo ransomware attack

Nov 01, 2023

The Südwestfalen-IT (SIT), local municipal services provider in Western Germany. 

Massive ransomware attack hinders services in 70 German municipalities.

Unknown

A ransomware attack paralysed local government services in multiple cities and districts in western Germany. A hacker group encrypted the servers of the local municipal service provider Südwestfalen IT and to prevent the malware from spreading, the company restricted access to its infrastructure for over 70 municipalities, primarily in the western German state of North Rhine-Westphalia.

Ransomware attack on Germany’s the Südwestfalen-IT (SIT), and the 72 member municipalities

Nov 01, 2023

Doctors’ Management Services

Medical firm reaches $100,000 settlement with HHS over 2017 ransomware attack.

GandCrab Ransomware 

Doctors’ Management Services has agreed to a $100,000 settlement with the U.S. Department of Health and Human Services following a 2017 ransomware attack. The company filed a breach report with HHS four months later, warning that 206,695 people had information accessed by the hackers.

Ransomware attack update for Doctors’ Management Services

Nov 01, 07,  2023

Dallas County

Dallas County ‘interrupted’ data exfiltration, preventing encryption after attack.  

Play Ransomware

Dallas County provided an update on the ransomware attack that was reported earlier in Nov, telling residents that they were able to stop the incident before the hackers could encrypt files or systems. 

Dallas County ransomware attack update



Nov 02, 12, 2023

Boeing

Boeing confirms cyber attack amid LockBit ransomware claims

LockBit ransomware

Aerospace giant Boeing is investigating a cyberattack that impacted its parts and distribution business after the LockBit ransomware gang claimed that they breached the company's network and stole data.

Boeing ransomware attack update

Nov 02, 2023

The Querétaro Intercontinental Airport

Major Mexican airport confirms experts are working to address a cyber attack.

LockBit Ransomware

The Querétaro Intercontinental Airport confirmed reports that it had been attacked by hackers, posting a notice on social media sites that it had called in experts to help address the issue. The LockBit ransomware gang took credit for the attack, threatening to leak the data on Nov 27.

Ransomware attack on Mexico’s Querétaro Intercontinental Airport

Nov 02, 2023

Cycling component manufacturer, Shimano

Lockbit allegedly targets Shimano.

Lockbit Ransomware

4.5 TB of sensitive data allegedly breached including employee passport data, financial documents and confidential diagrams.

Ransomware attack on a cycling component manufacturer, Shimano 

Nov 03, 2023

American Airlines pilot union

American Airlines pilot union hit by ransomware attack.

Unknown

American Airlines said the attackers gained access to sensitive information belonging to 5745 pilots and applicants.

American Airlines pilot union ransomware attack

Nov 06, 2023

Sackstein Sackstein & Lee

Black Basta hits Sackstein Sackstein & Lee.

Black Basta Ransomware

Black Basta accessed the computer systems of the law firm. 

Sackstein Sackstein & Lee ransomware attack

Nov 06, 2023

Good-lawyer.com

LockBit ransomware targets good-lawyer.com.

LockBit Ransomware

LockBit stole data belonging to good-laywer.com and also warned that it will publish the stolen data on Nov 19, 2023.

Good-Lawyer.com ransomware attack

Nov 06, 2023

EFU Life Assurance

INC RANSOM hits Pakistani insurance company EFU Life Assurance.

INC RANSOM 

Hackers apparently stole files belonging to EFU Life Assurance. 

EFU Life Assurance ransomware attack

Nov 07, 2023

Cozwolle, a co-workplace

Black Basta targets a Netherlands based co-workplace.

Black Basta ransomware 

Hackers hit Cozwolle and apparently stole data.

Ransomware attack on a Netherlands-based co-working space

Nov 07, 2023

Hopewell Area School District

Medusa ransomware attack hits Hopewell Area School District.

Medusa Ransomware

Medusa added Hopewell Area School District to its victim list

Hopewell Area School District  ransomware attack

Nov 07, 2023

BITZER

A ransomware attack hits a compressor manufacturer BITZER. 

Akira Ransomware

Akira Ransomware gang hit and apparently stole data of  compressor maker BITZER.

Ransomware attack on a compressor maker BITZER

Nov 07, 2023

Japan Aviation Electronics

Japan Aviation Electronics says servers accessed during cyber attack.

AlphV/Black Cat Ransomware

The company said the attack occurred on Nov 2 and involved some of its servers being accessed by an unauthorised external party. It immediately suspended some of the impacted systems. The disruption resulted in “some delays in sending and receiving emails, but the Alphv/BlackCat ransomware gang claimed to have stolen roughly 150,000 documents from the company, including blueprints, contracts, confidential messages, and reports. 

 


Japan Aviation Electronics cyber attack update





Nov 09, 2023

The Industrial and Commercial Bank of China's (ICBC)

China's biggest lender ICBC hit by ransomware attack.

LockBit Ransomware (Apparently)

The Industrial and Commercial Bank of China's (ICBC) U.S. arm was hit by a ransomware attack that disrupted trades in the U.S. Treasury market on Thursday, the latest in a string of victims ransom-demanding hackers have claimed this year.

Ransomware attack on the U.S. arm of Industrial and Commercial Bank of China

Nov 12, 2023

Huber Heights city, Ohio

Ransomware attack on Ohio city impacts multiple services.

Unknown

The community of nearly 45,000 residents outside of Dayton released a notice that its systems were hit with ransomware. The City Manager said that public safety services were not impacted. 

Ransomware attack on Huber Heights city, Ohio

Nov 13, 2023

Canadian banking tech firm Moneris

Canadian banking tech giant Moneris says it prevented ransomware attack.

Medusa Ransomware

The ransomware gang claimed that it attacked the company and gave it nine days to pay a $6 million ransom to either download or delete the data. The victim company's spokesperson said an outside party did attempt to breach Moneris’ networks, but their team concluded none of the Digital Loss Prevention policies were triggered.

Ransomware attack on  Canadian banking tech firm Moneris

Nov 15, 2023

Financial software company MeridianLink

MeridianLink confirms cyber attack after ransomware gang claims to report company to SEC.

AlphV/Black Cat

Financial software company MeridianLink confirmed that it is dealing with a cyber attack after the hackers behind the incident took extraordinary measures to pressure the company into paying a ransom. The attack drew the interest of security researchers because AlphV claimed on its leak site that it reported MeridianLink to the Securities and Exchange Commission (SEC) for not informing the regulator of the incident.

Ransomware attack on Financial software company MeridianLink

Nov 15, 2023

Toronto Public Library

Toronto Public Library confirms data stolen in ransomware attack.

Black Basta Ransomware

The Toronto Public Library (TPL) confirmed that the personal information of employees, customers, volunteers, and donors was stolen from a compromised file server during an October ransomware attack.

Toronto Public Library (TPL) ransomware attack

Nov 16, 2023

Kyocera AVX

Kyocera AVX says ransomware attack impacted 39,000 individuals.

LockBit Ransomware

Kyocera AVX Components Corporation (KAVX) sent notices of a data breach exposing personal information of 39,111 individuals following a ransomware attack. 

Kyocera AVX ransomware attack

Nov 16, 2023

Toyota Financial Services (TFS)

Toyota confirms breach after Medusa ransomware threatens to leak data.

Medusa Ransomware

Toyota Financial Services (TFS) has confirmed that it detected unauthorised access on some of its systems in Europe and Africa after Medusa Ransomware claimed an attack on the company. The gang listed TFS to its data leak site on the dark web, demanding a payment of $8,000,000 to delete data allegedly stolen from the Japanese company.

Toyota Financial Services (TFS) ransomware attack

Nov 16, 2023

Yamaha Motor

Yamaha Motor confirms ransomware attack on Philippines subsidiary.

INC Ransom gang

The threat actors added the company to its dark web leak site on Wednesday, Nov 15, and has since published multiple file archives with roughly 37GB of allegedly stolen data containing employee ID info, backup files, and corporate and sales information, among others.

Yamaha Motor ransomware attack

Nov 17, 2023

Chicago Trading Company and Alphadyne Asset Management

Lockbit Gang Hacks US Financial Firms; Threatens to Dump Data.

Lockbit Ransomware

The gang gave financial companies deadlines to make an unspecified payment, and is threatening to publish stolen data online if its demands aren’t met.

Ransomware attack on Chicago Trading Company and Alphadyne Asset Management

Nov 20, 2023

National British Library

Rhysida Ransomware targets the National British Library.

Rhysida Ransomware

Hackers have put the stolen data on sale for 20 BTC.

National British Library ransomware attack

Nov 22, 2023

The Kansas Judicial Branch

Kansas courts confirm data theft, ransom demand after cyber attack.

Unknown 

The Kansas Judicial Branch published an update on a cybersecurity incident it suffered last month, confirming that hackers stole sensitive files containing confidential information from its systems.

Ransomware attack on Kansas courts

Nov 27, 2023

Indie game maker, Ethyrial: Echoes of Yore

Ransomware attack on indie game maker wiped all player accounts.

Unknown

As announced on the game's official Discord channel, ransomware actors attacked the main server and encrypted all data including 17,000 account and local backup drives, demanding payment in exchange for a decryption key.

Ransomware attack on game maker, Ethyrial: Echoes of Yore

Nov 27, 2023

Healthcare giant Henry Schein

Healthcare giant Henry Schein hit twice by BlackCat ransomware.

BlackCat Ransomware

Henry Schein has reported a second cyber attack this month by the BlackCat/ALPHV ransomware gang, who also breached their network in October. The BlackCat ransomware gang added Henry Schein to its dark web leak site, said it breached the company's network and allegedly stole 35 terabytes of sensitive data.

Ransomware attack on U.S. healthcare giant Henry Schein

Nov 27, 2023

Ardent Health Services and its affiliated entities ("Ardent")

Ardent hospital ERs disrupted in 6 states after ransomware attack

Unknown

Ardent Health Services disclosed that its systems were hit by a ransomware attack and as a result, Ardent proactively took its network offline, suspended all user access to its information technology applications, and impacted hospitals diverted all patients requiring emergency care to other hospitals in their area.

Ardent Health Services ransomware attack

Nov 27, 2023

Slovenia's electricity provider HSE

Slovenia's largest power provider HSE hit by ransomware attack.

Rhysida Ransomware

Ransomware attack on HSE compromised its systems and encrypted files, yet the company said the incident did not disrupt electric power production.

Ransomware attack on Slovenia's largest power provider HSE

Nov 28, 2023

Automotive giant Yanfeng

Qilin ransomware claims attack on automotive giant Yanfeng.

Qilin Ransomware group, also known as "Agenda"

The threat actors published multiple samples to prove their alleged access to Yanfeng systems and files, including financial documents, non-disclosure agreements, quotation files, technical data sheets, and internal reports.

Yanfeng ransomware attack

 Back to Top 



Data Breaches in November 2023

Date

Victim

Summary

Threat Actor

Business Impact

Source Link

Nov 02, 2023

Okta employees, and Rightway Healthcare

Nearly 5,000 Okta employees affected by third-party data breach.

Unknown

Almost 5,000 current and former Okta employees and dependents were affected by a data breach following a cyber attack on a third-party provider Rightway Healthcare used by the company for healthcare services.

Data breach attack on Okta’s third party healthcare service provider, Rightway Healthcare

Nov 03, 2023

Security and data analytics company Sumo Logic

Sumo Logic discloses security breach, advises API key resets.

Unknown

The victim company detected evidence of the breach, after discovering that an attacker used stolen credentials to gain access to a Sumo Logic AWS account. Sumo Logic said its systems and networks weren't impacted during the breach and that "customer data has been and remains encrypted."

Sumo Logic data breach

Nov 07, 2023

Marina Bay Sands

Marina Bay Sands discloses data breach impacting 665,000 customers.

Unknown

The victim company said: “Investigations have since determined that an unknown third party accessed customer data of about 665,000 non-casino rewards programme members”.

Marina Bay Sands data breach

Nov 10, 2023

McLaren Health Care

McLaren Health Care says data breach impacted 2.2 million people.

ALPHV/BlackCat ransomware

McLaren Health Care  notified nearly 2.2 million people of a data breach that occurred between late July and August this year. The threat actors published samples of the data they allegedly stole from McLaren and threatened to auction the entire data set that they claimed to impact 2.5 million people.

McLaren Health Care data breach

Nov 10, 2023

Maine Government

Maine govt notifies 1.3 million people of impact of MOVEit data breach.

Clop Ransomware 

The State of Maine has announced that its systems were breached after threat actors exploited a vulnerability in the MOVEit file transfer tool and accessed personal information of about 1.3 million, which is close to the state's entire population.

Maine government data breach

Nov 12, 2023

Multiple colleges, K-12 schools like North Carolina Central University, and North Muskegon Public Schools

Multiple colleges, K-12 schools face outages after cyber attacks.

Unknown

A spokesperson for North Carolina Central University said that the school was alerted to a cyber attack on its campus technology systems. The university said that certain systems, including the campus wi-fi network and [school portal] MyEOL began to experience some disruptions to normal operations.

Cyber attack on K-12 school and university colleges in North Carolina

Nov 13, 2023

Sutter Health

MOVEit hack hits over 845K Sutter Health patients.

Clop Ransomware

Northern California-based healthcare system Sutter Health disclosed that 845,441 patients had their personal data exposed after its third-party communications firm Virgin Pulse was impacted by the widespread MOVEit file transfer system hack. 

Sutter Health data breach

Nov 13, 2023

North Carolina’s Bladen county

Cyber attack on North Carolina county allowed hackers to access data.

Unknown

Bladen county said the attackers were able to access county data and the attack went beyond information theft.

North Carolina’s Bladen county data breach

Nov 13, 28, 2023

DP World

DP World cyber attack blocks thousands of containers in ports.

Unknown

A cyber attack on international logistics firm DP World Australia has severely disrupted regular freight movement in large Australian ports. Roughly 30,000 shipping containers of varying importance and value remained unmoved. The estimated damages were in millions of dollars.



DP World data breach attack 

Nov 14, 2023

Pharmacy provider Truepill

Pharmacy provider Truepill data breach hits 2.3 million customers.

Unknown

Postmeds, which does business as ‘Truepill,’ is sending notifications of a data breach informing recipients that threat actors accessed their sensitive personal information. 

Truepill data breach

Nov 14, 2023

Medical transcription services provider, PJ&A

PJ&A says cyber attack exposed data of nearly 9 million patients.

Unknown

PJ&A (Perry Johnson & Associates) warned that a cyber attack in March 2023 exposed the personal information of almost nine million patients. 

PJ&A data breach

Nov 15, 2023

Samsung

New Samsung data breach impacts UK store customers.

Unknown

Samsung Electronics notified some of its customers of a data breach that exposed their personal information to an unauthorised individual. 

Samsung data breach 2023

Nov 16, 2023

Undisclosed department in British government 

‘Sex life data’ stolen from UK government among record number of ransomware attacks

Unknown

Data on the sex lives of up to 10,000 people was stolen from a British government department in one of the record number of ransomware attacks to have hit Westminster in the first half of this year.

Data breach attack on British government

Nov 17, 2023

Stanley Steemer

Stanley Steemer hack breached data of almost 67K customers

Unknown

The company determined the attackers gained access to its systems starting Feb. 10 and acquired certain records after lingering inside the company’s network.

Stanley Steemer data breach

Nov 20, 2023

The Canadian government’s contractors, Brookfield Global Relocation Services (BGRS) and SIRVA Worldwide Relocation & Moving Services

Canadian government discloses data breach after contractor hacks.

LockBit Ransomware

The Canadian government said two of its contractors had been hacked, exposing sensitive information belonging to an undisclosed number of government employees. 

Data breach attack on Canadian government’s contractors

Nov 21, 2023

Auto parts giant AutoZone

Auto parts giant AutoZone warns of impact of MOVEit data breach

Clop Ransomware 

AutoZone informed the U.S. authorities  that it determined that the exploitation of the vulnerability in the MOVEit application had resulted in the exfiltration of certain data, resulting in the compromise of data of 184,995 people.

AutoZone data breach

Nov 21, 2023

U.S. nuclear research lab, Idaho National Laboratory (INL)

Hacktivists breach U.S. nuclear research lab, steal employee data.

SiegedSec (as per the name on BreachForums)

SiegedSec announced it had gained access to INL data, including details on "hundreds of thousands" of employees, system users, and citizens. SiegedSec announced it had gained access to INL data, including details on "hundreds of thousands" of employees, system users, and citizens.

Data breach attack on U.S. nuclear lab Idaho National Laboratory (INL)

Nov 22, 2023

Healthcare SaaS provider Welltok

Welltok data breach exposes data of 8.5 million US patients.

Unknown

Healthcare SaaS provider Welltok warned that a data breach exposed the personal data of nearly 8.5 million patients in the U.S. after a file transfer programme used by the company was hacked in a data theft attack.

Healthcare SaaS provider Welltok data breach

Nov 22, 2023

NYC Bar Association

Cyber attackers leaked data of 27,000 NYC Bar Association members.

Clop Ransomware

The New York City Bar Association confirmed that the data of more than 27,000 members and employees was leaked during a cyber attack nearly a year ago.

The New York City Bar Association data breach

Nov 22, 2023

Fidelity National Financial

Notorious ransomware gang takes credit for cyber attack on Fidelity National Financial.

AlphV/Black Cat Ransomware

In the 8-K filings Fidelity National Financial said the incident impacted certain FNF systems and hackers accessed ‘some credentials’.

Fidelity National Financial ransomware attack

Nov 24, 2023

Vanderbilt University Medical Center

Vanderbilt University Medical Center investigating cyber security incident.

Meow Ransomware

A spokesperson of Vanderbilt University Medical Center (VUMC) said they identified and contained a cybersecurity incident in which a database was compromised. 

Vanderbilt University Medical Center data breach

Nov 25, 2023

General Electric

General Electric investigates claims of cyber attack, data theft.

IntelBroker- (A name on BreachForums)

A threat actor named IntelBroker attempted to sell access to General Electric's "development and software pipelines" for $500 on a hacking forum.

General Electric data breach

Nov 25, 2023

Russia's Federal Air Transport Agency, Rosaviatsia

Ukraine says it hacked Russian aviation agency, leaks data.

Ukraine's intelligence service

Ukraine's intelligence service, operating under the Defence Ministry, claims they hacked Russia's Federal Air Transport Agency, 'Rosaviatsia,' to expose a purported collapse of Russia's aviation sector.

Russia's Federal Air Transport Agency data breach

Nov 29, 2023

Okta

Okta: October data breach affects all customer support system users.

Unknown

Okta said all Okta Workforce Identity Cloud (WIC) and Customer Identity Solution (CIS) customers were impacted except customers in our FedRamp High and DoD IL4 environments (these environments use a separate support system NOT accessed by the threat actor). 

Okta data breach update

Nov 29, 2023

A U.S. water facility

Hackers breach US water facility via exposed Unitronics PLCs.

Unknown

CISA (Cybersecurity & Infrastructure Security Agency) warned that threat actors breached a U.S. water facility by hacking into Unitronics programmable logic controllers (PLCs) exposed online. Risks include service disruption leading to a halt in water supply and physical damage to the infrastructure by overloading pumps or opening and closing valves.

Data breach attack on a U.S. water facility

Nov 29, 2023

Dollar Tree

Dollar Tree hit by third-party data breach impacting 2 million people

Unknown

Discount store chain Dollar Tree was impacted by a third-party data breach affecting 1,977,486 people. 

Dollar Tree data breach

Back to Top 

Cyber Attacks in November 2023

Date

Victim

Summary

Threat Actor

Business Impact

Source Link

Nov 02, 2023

Ace Hardware

Ace Hardware says 1,202 devices were hit during a cyber attack.

Unknown

Ace said in its official statement: "As a result of this incident, many of our key operating systems, including ACENET, our Warehouse Management Systems, the Ace Retailer Mobile Assistant (ARMA), Hot Sheets, Invoices, Ace Rewards and the Care Center's phone system have been interrupted or suspended".

Ace Hardware cyber attack

Nov 02, 06,  2023

Mortgage giant Mr. Cooper

Mortgage giant Mr. Cooper was hit by a cyber attack impacting its IT systems. 

Unknown

The cyber attack caused the company to shut down IT systems, including access to their online payment portal.

Mr. Cooper cyber attack




Nov 03, 2023

United Wholesale Mortgage

Cyber security incident at United Wholesale Mortgage.

Unknown

The cyber attack impacted the IT systems of United Wholesale Mortgage.

United Wholesale Mortgage cyber attack

Nov 03, 2023

Infosys McCamish Systems

India's Infosys says its US unit was hit by a cyber security event.

Unknown

Indian IT services provider, Infosys, said its U.S. unit, Infosys McCamish Systems, was impacted by a cyber security event, resulting in the non-availability of certain applications and systems.

Infosys cyber attack

Nov 08, 2023

Sberbank, state-owned banking and financial services company

Russian state-owned Sberbank was hit by a 1 million RPS DDoS attack.

Unknown

Russian financial organisation Sberbank said it faced the most powerful distributed denial of service (DDoS) attack in recent history. The attack apparently reached one million requests per second (RPS), which is roughly four times the size of the most powerful DDoS attack Sberbank had experienced up until then.

Cyber attack on Russian state-owned Sberbank

Nov 09, 2023

Cloudflare

Cloudflare website taken down by DDoS attack claimed by Anonymous Sudan.

Anonymous Sudan

Cloudflare confirmed that the outage resulted from a DDoS attack that only affected the www.cloudflare.com website without impacting other products or services.

Cloudflare cyber attack

Nov 09, 2023

Washington State Department of Transportation

Washington State Department of Transportation working to recover from cyber attack.

Unknown

Washington’s State Department of Transportation said it started recovering from a cyber attack that caused a range of issues for local ferries and apps used for maps. 

Washington State Department of Transportation  cyber attack

Nov 16, 2023

Long Beach, California

Long Beach is the latest Californian city facing a cybersecurity incident.

Unknown

The city of Long Beach, California, faced a range of issues due to a cybersecurity incident.

The city of Long Beach, California cyber attack

Nov 18, 2023

Open-source 3D design software Blender

Open-source Blender project battling DDoS attacks since Saturday.

Unknown

Blender confirmed that recent site outages have been caused by ongoing DDoS (distributed denial of service) attacks that started on Saturday (Nov 18, 2023).

Open-source Blender cyber attack

Nov 19, 2023

Crypto firm Kronos

Crypto firm Kronos Research says $26 million stolen after cyber attack.

Unknown

Kronos Research said $26 million worth of cryptocurrency was stolen from its systems following a cyber attack. The company said that it experienced “unauthorised access” to some of its  API keys, forcing it to pause trading and begin an investigation.

Kronos Research cyber attack

Nov 22, 2023

CTS, a leading managed service provider (MSP) for law firms in the UK

Cyber attack on IT provider CTS impacts dozens of UK law firms.

Unknown

CTS did not reveal the number of impacted customers or the nature of the attack, information shared so far points to a ransomware attack, but a local media reported that between 80 and 200 law firms could have been affected based on estimates shared by CTS clients.

Cyber attack on UK-based IT provider CTS

Nov 24, 2023

Cryptocurrency platform KyberSwap

KyberSwap says $54.7 million of user cryptocurrency stolen during a cyber attack.

Unknown

The cryptocurrency platform KyberSwap  confirmed that someone used “a series of complex actions to conduct exploitative swaps, enabling the withdrawal of users’ funds into the attackers’ wallets.” 

Cyber attack on cryptocurrency platform KyberSwap

Nov 24, 2023

Municipal Water Authority of Aliquippa

Municipal Water Authority of Aliquippa hacked by Iranian-backed cyber group.

Iranian-backed cyber group, Cyber Av3ngers

The Municipal Water Authority of Aliquippa said that one of their booster stations had been hacked by an Iranian-backed cyber group. 

Municipal Water Authority of Aliquippa cyber attack

Nov 25, 2023

North Texas Municipal Water District (NTMWD)

North Texas water utility serving 2 million hit with cyber attack.

Daixin Team

The cybercrime gang known as Daixin Team said it was behind the attack. It added NTMWD to its list of victims and claimed to have stolen more than 33,000 files containing customer information as the attack impacted the computer network and phone system of NTMWD.

North Texas Municipal Water District cyber attack

Nov 29, 2023

Japanese Space Agency JAXA

Cyber-Attack hits Japanese Space Agency JAXA’s Central Server. 

Unknown

According to sources, a cyber attack hit the Japan Aerospace Exploration Agency earlier this year, raising fears that sensitive information related to Japan’s space programme had been exposed as the central server was illegally accessed.

Cyber attack on Japanese space agency JAXA

Nov 29, 2023

Capital Health 

New Jersey, Pennsylvania hospitals affected by cyber attacks.

Unknown

Capital Health said it experienced network outages because of a cybersecurity incident. The company runs two hospitals as well as several smaller healthcare facilities across the New Jersey-Pennsylvania region.

Cyber attack on Capital Health hospitals in Pennsylvania


Back to Top 

New Ransomware/Malware Discovered in November 2023

New Ransomware

Summary

Source Link

New macOS 'KandyKorn' malware

A new macOS malware dubbed 'KandyKorn' has been spotted in a campaign attributed to the North Korean Lazarus hacking group, targeting blockchain engineers of a cryptocurrency exchange platform.

New macOS 'KandyKorn' malware targets cryptocurrency engineers

Socks5Systemz proxy botnet

A proxy botnet called 'Socks5Systemz' has been infecting computers worldwide via the 'PrivateLoader' and 'Amadey' malware loaders, currently counting 10,000 infected devices.

Socks5Systemz proxy service infects 10,000 systems worldwide

ObjCShellz malware

The North Korean-backed BlueNorOff threat group targets Apple customers with new macOS malware tracked as ObjCShellz that can open remote shells on compromised devices.

BlueNoroff hackers backdoor Macs with new ObjCShellz malware

Lumma (or LummaC2)

The Lumma information-stealing malware is now using an interesting tactic to evade detection by security software - the measuring of mouse movements using trigonometry to determine if the malware is running on a real machine or an antivirus sandbox.

Lumma Stealer malware now uses trigonometry to evade detection

Phobos ransomware

A new Phobos ransomware variant frames the popular VX-Underground malware-sharing collective, indicating the group is behind attacks using the encryptor.

VX-Underground malware collective framed by Phobos ransomware

DarkGate malware and PikaBot malware

A sophisticated phishing campaign pushing the DarkGate malware infections has recently added the PikaBot malware into the mix, making it the most advanced phishing campaign since the Qakbot operation was dismantled.

DarkGate and Pikabot malware emerge as Qakbot’s successors

Rust-based SysJoker backdoor 

SysJoker is a stealthy Windows, Linux, and macOS malware first documented by Intezer in early 2022,  "living off the land" commands, and a complete lack of detection for all its OS variants on VirusTotal.

New Rust-based SysJoker backdoor linked to Hamas hackers

Back to Top 

Vulnerabilities/Patches Discovered in November 2023

Date

Flaws/Fixes

Summary

Source Link

Nov 02, 2023

CVE-2023-46604

The HelloKitty ransomware operation is exploiting a recently disclosed Apache ActiveMQ remote code execution (RCE) flaw to breach networks and encrypt devices.

 

HelloKitty ransomware now exploiting Apache ActiveMQ flaw in attacks


 

Nov 03, 2023

ZDI-23-1578

ZDI-23-1579

ZDI-23-1580

ZDI-23-1581

Microsoft Exchange is impacted by four zero-day vulnerabilities that attackers can exploit remotely to execute arbitrary code or disclose sensitive information on affected installations.

New Microsoft Exchange zero-days allow RCE, data theft attacks

Nov 06, 2023

CVE-2023-23368

QNAP Systems published security advisories for two critical command injection vulnerabilities that impact multiple versions of the QTS operating system and applications on its network-attached storage (NAS) devices.

QNAP warns of critical command injection flaws in QTS OS, apps

Nov 06, 2023

CVE-2023-38547

CVE-2023-38548

CVE-2023-38549

CVE-2023-41723

Veeam released hotfixes to address four vulnerabilities in the company's Veeam ONE IT infrastructure monitoring and analytics platform, two of them critical.

Veeam warns of critical bugs in Veeam ONE monitoring platform

Nov 06, 2023

CVE-2023-4911

The operators of the Kinsing malware are targeting cloud environments with systems vulnerable to "Looney Tunables," a Linux security issue identified as CVE-2023-4911 that allows a local attacker to gain root privileges on the system.

Hackers exploit Looney Tunables Linux bug, steal cloud creds

Nov 08, 2023

CVE-2023-22518

Software company Atlassian is now saying that a recently disclosed issue is being exploited by hackers using the Cerber ransomware.

Atlassian confirms ransomware is exploiting latest Confluence bug

Nov 09, 2023

CVE-2023-47246

Threat actors are exploiting a zero-day vulnerability in the service management software SysAid to gain access to corporate servers for data theft and to deploy Clop ransomware.

Microsoft: SysAid zero-day flaw exploited in Clop ransomware attacks

Nov 13, 2023

CVE-2023-36844, CVE-2023-36845, CVE-2023-36846, and CVE-2023-36847

CISA warned federal agencies to secure Juniper devices on their networks against four vulnerabilities now used in remote code execution (RCE) attacks as part of a pre-auth exploit chain.

CISA warns of actively exploited Juniper pre-auth RCE exploit chain

Nov 14, 2023

CVE-2023-36052

Microsoft has fixed a critical security vulnerability that could let attackers steal credentials from GitHub Actions or Azure DevOps logs created using Azure CLI (short for Azure command-line interface).

Microsoft fixes critical Azure CLI flaw that leaked credentials in logs

Nov 14, 2023

CVE-2023-36033, CVE-2023-36025 and CVE-2023-36036 

The Cybersecurity and Infrastructure Security Agency (CISA) warned that hackers are exploiting three vulnerabilities disclosed by Microsoft.

CISA adds three Microsoft Patch Tuesday bugs to vulnerability list

Nov 14, 2023

CVE-2023-4966

The LockBit ransomware attacks use publicly available exploits for the Citrix Bleed vulnerability (CVE-2023-4966) to breach the systems of large organisations, steal data, and encrypt files.

LockBit ransomware exploits Citrix Bleed in attacks, 10K servers exposed

Nov 14, 2023

CVE-2023-34060

VMware disclosed a critical and unpatched authentication bypass vulnerability affecting Cloud Director appliance deployments.

VMware discloses critical VCD Appliance auth bypass with no patch

Nov 14, 2023

CVE-2023-6063

The WordPress plugin WP Fastest Cache is vulnerable to an SQL injection vulnerability that could allow unauthenticated attackers to read the contents of the site’s database.

WP Fastest Cache plugin bug exposes 600K WordPress sites to attacks

Nov 16, 2023

CVE-2023-36553

Fortinet alerted customers of a critical OS command injection vulnerability in FortiSIEM report server that could be exploited by remote, unauthenticated attackers to execute commands through specially crafted API requests.

Fortinet warns of critical command injection bug in FortiSIEM

Nov 17, 2023

CVE-2023-36584, CVE-2023-1671, CVE-2020-2551

The U.S. Cybersecurity & Infrastructure Security Agency has added to its catalogue of known exploited vulnerabilities (KEV) three security issues that affect Microsoft devices, a Sophos product, and an enterprise solution from Oracle.

CISA warns of actively exploited Windows, Sophos, and Oracle bugs

Nov 17, 2023

CVE-2023-37580

Google's Threat Analysis Group (TAG) has discovered that threat actors exploited a zero-day vulnerability in Zimbra Collaboration email server to steal sensitive data from government systems in multiple countries.

Google: Hackers exploited Zimbra zero-day in attacks on govt orgs

Nov 21, 2023

CVE-2023-4911

CISA ordered U.S. federal agencies to secure their systems against an actively exploited vulnerability that lets attackers gain root privileges on many major Linux distributions.

CISA orders federal agencies to patch Looney Tunables Linux bug

Nov 24, 2023

CVE-2023-49103

Open source file sharing software ownCloud warned of three critical-severity security vulnerabilities, including one that can expose administrator passwords and mail server credentials.

Critical bug in ownCloud file sharing app exposes admin passwords

 Back to Top 

Warnings/Advisories/Reports/Analysis

News Type

Summary

Source Link

Report

The attorney general of Connecticut is questioning whether genetic testing giant 23andMe violated data privacy laws after hackers tried to sell the information of millions of 23andMe users on a cybercrime forum last month.

Connecticut AG demands answers from 23andMe after data breach

Warning

Apple's "Find My" location network can be abused by malicious actors to stealthily transmit sensitive information captured by keyloggers installed in keyboards.

Apple 'Find My' network can be abused to steal keylogged passwords

Report

Okta says attackers who breached its customer support system last month gained access to files belonging to 134 customers, five of them later being targeted in session hijacking attacks with the help of stolen session tokens.

Okta breach: 134 customers exposed in October support system hack

Report

The United States, South Korea and Japan have decided to establish a high-level consultative body on cyber issues, primarily to tackle North Korea’s cyber activities.

US, South Korea and Japan launch group to tackle North Korea hacking

Report

Vast amounts of highly sensitive data on American military service members is up for sale by data brokers, according to a new report examining the national security implications of the practice.

Data brokers are selling US service members’ secrets, researchers find

Report

According to recent research, hackers suspected of being tied to Iran’s government have been deploying new destructive malware against Israeli organisations.

Iran-linked hackers attack Israeli education and tech organisations

Report

Microsoft has recently removed from its store a fraudulent Ledger Live app for cryptocurrency management after multiple users lost at least $768,000 worth of cryptocurrency assets.

Fake Ledger Live app in Microsoft Store steals $768,000 in crypto

Warning

The Federal Bureau of Investigation warned that ransomware threat actors are targeting casino servers and use legitimate system management tools to increase their permissions on the network.

FBI: Ransomware gangs hack casinos via 3rd party gaming vendors

Report

OpenAI's AI-powered ChatGPT large language model-based chatbot remained down because of a major ongoing outage that also took down the company's Application Programming Interface (API).

ChatGPT down after major outage impacting OpenAI systems

Report

A ransomware gang that has claimed attacks on Sony, a Hawaiʻi state government website and a supplier to Colonial Pipeline says it is shutting down after six of its affiliates were arrested.

Ransomed.vc gang claims to shut down after six affiliates allegedly arrested

Report

Security researchers have tracked a new campaign from Imperial Kitten targeting transportation, logistics, and technology firms.

Iranian hackers launch malware attacks on Israel’s tech sector

Warning

Data-wiping attacks are becoming more frequent on Israeli computers as researchers discovered variants of the BiBi malware family that destroys data on both Linux and Windows systems.

Israel warns of BiBi wiper attacks targeting Linux and Windows

Warning

The FBI and CISA revealed in a joint advisory that the Royal ransomware gang has breached the networks of at least 350 organisations worldwide since September 2022.

FBI: Royal ransomware asked 350 victims to pay $275 million

Report

Malicious actors have been abusing Ethereum's 'Create2' function to bypass wallet security alerts and poison cryptocurrency addresses, which led to stealing $60,000,000 worth of cryptocurrency from 99,000 people in six months.

Ethereum feature abused to steal $60 million from 99K victims

Report

The number of cyberattacks reported to Britain’s National Cyber Security Centre (NCSC) hit an “all-time high” over the past year, including 13 nationally significant incidents involving the exploitation of a vulnerability (CVE-2023-3519) affecting Citrix’s networking product NetScalers.

Cyber incident reports hit ‘all-time high,’ warns UK NCSC

Report

The Federal Communications Commission proposed the creation of a “Schools and Libraries Cybersecurity Pilot Program” that would allow officials to collect data about cybersecurity and advanced firewall services that would best help K-12 schools and libraries across the country defend themselves from hackers.

FCC proposes cybersecurity pilot program for schools, libraries as attacks increase

Report

Denmark's critical infrastructure experienced the largest cyber attack in the country's history this spring, with 22 energy companies breached in just a few days, according to a new report from one of the country’s top cyber agencies.

Nearly two dozen Danish energy companies hacked through firewall bug in May

Report

Ukrainian and Czech police have taken down a criminal gang that made millions of dollars through fraudulent phone calls.

Ukrainian and Czech police bust $9 million bank fraud gang

Report

Multiple fake accounts impersonating cryptocurrency scam investigators and blockchain security companies are promoting phishing pages to drain wallets in an ongoing campaign on X (former Twitter).

Fraudsters make $50,000 a day by spoofing crypto researchers

Warning

The FBI and CISA warned of Rhysida ransomware gang's opportunistic attacks targeting organisations across multiple industry sectors.

FBI and CISA warn of opportunistic Rhysida ransomware attacks

Report

The FBI and CISA released an advisory about the evasive threat actor tracked as Scattered Spider, a loosely knit hacking collective that now collaborates with the ALPHV/BlackCat Russian ransomware operation.

FBI shares tactics of notorious Scattered Spider hacker collective

Report

Australia’s government dropped plans to ban businesses from making ransomware payments as part of its revamped national cybersecurity strategy released, opting instead to introduce a mandatory reporting obligation.

Australia drops plans to ban ransomware payments in new national cyber strategy

Report

Binance, the largest cryptocurrency exchange in the world, agreed to pay more than $4 billion in settlements with several U.S. law enforcement agencies after years of investigations uncovered widespread criminal use of the platform.

Binance agrees to pay $4.3 billion for money laundering violations, CEO steps down

Report

The 'ClearFake' fake browser update campaign has expanded to macOS, targeting Apple computers with Atomic Stealer (AMOS) malware.

Atomic Stealer malware strikes macOS via fake browser updates

Report

In cooperation with Europol and Eurojust, law enforcement agencies from seven nations have arrested in Ukraine the core members of a ransomware group linked to attacks against organisations in 71 countries. The cybercriminals paralysed major corporations' operations in attacks using ransomware such as LockerGoga, MegaCortex, HIVE, and Dharma.

Police dismantle ransomware group behind attacks in 71 countries

Report

Gloucester City Council in the West Midlands of England was forced to spend more than £1.1 million ($1.39 million) to recover from a ransomware attack in December 2021.

English council spent £1.1 million recovering from ransomware attack

Back to Top