Date: 1 November 2023
The Biggest Cyber Attacks, Ransomware Attacks and Data Breaches - our compilation for the month of October 2023.
- Ransomware Attacks in October 2023
- Data Breaches in October 2023
- Cyber-Attacks in October 2023
- New Ransomware/Malware Detected in October 2023
- Vulnerabilities/Patches
- Advisories issued, reports, analysis etc. in October 2023
Authentication and identity management giant, Okta, lost $2 billion in market cap at the hands of cyber criminals in October 2023. One would think that this would be the biggest cybersecurity news of the month. While that assumption, isn't wrong - there are far too many other significant attacks and breaches that dominated cybersecurity headlines in the month gone by.
- Sony confirmed that a data breach impacted thousands of individuals.
- Criminals leaked millions of genetic data profiles of individuals in Germany and the UK in 23andMe data heist.
- Credit Card data of allegedly thousands of customers was exposed in the Air Europa attack.
- Air Canada apparently lost 210 GB of customer data.
- Casio customers in a whopping 148 countries were affected by a cyber-attack.
- Seiko confirmed that 60,000 items of personal data were compromised in a recent ransomware attack.
- Aerospace giant, Boeing, became victim of a ransomware attack in which criminals claim to have stolen massive amounts of sensitive data.
In light of the recent SEC action against SolarWinds and its CISO, the attacks and data breaches in October 2023 are nothing but worrying. The impact on customer and partner data has been unbridled and has raised alarm bells for the cybersecurity community and business executives worldwide. The SEC's suing of SolarWinds has definitely turned the spotlight on cybersecurity due diligence, risk evaluation and incident response in a whole new way, including education staff on MFA fatigue attacks.
It's understandable if the below data and the recent occurrences have you overwhelmed. However, getting your cybersecurity readiness in order doesn't have to be that complicated.
Cyber Management Alliance has curated transformative cybersecurity consultancy services that can help you immediately. Our Virtual Cyber Assistant and Virtual Cyber Consultant offerings are tailored for businesses of every scale and sector.
They offer you seamless, remote, flexible and cost-effective access to our expert cybersecurity professionals, empowering you to elevate your cybersecurity readiness.
Spanning over 280 services within 15 domains, our offerings are designed to ensure you get precisely what your business needs to improve risk understanding, mitigation and enhance cyber incident response. Additionally, we also offer curated packages aligned with Cyber Essentials, BCP, ISO 27001, and several other standards that help you achieve regulatory compliance.
Ransomware Attacks in October 2023
|
Date |
Victim |
Summary |
Threat Actor |
Business Impact |
Source Link |
|
October 01, 2022 |
Motel One discloses data breach following ransomware attack |
BlackCat/ALPHV ransomware group |
The Motel One Group has announced that it has been targeted by ransomware actors who managed to steal some customer data, including the details of 150 credit cards. The ransomware group claimed to have stolen nearly 24.5 million files, totaling 6 TB of size. |
||
|
October 09, 2023 |
ALPHV ransomware gang claims attack on Florida circuit court |
ALPHV ransomware gang |
The threat actors have acquired personal details like Social Security numbers and CVs of employees, including judges. |
||
|
October 16, 2023 |
Ampersand — owned by Comcast Corporation, Charter Communications and Cox Communications |
TV advertising sales giant affected by ransomware attack |
BlackBasta ransomware |
Ampersand said that it recently experienced a ransomware incident that briefly interrupted regular operations. |
|
|
October 13, 2023 |
Kansas courts closed, electronic systems down after alleged ransomware attack |
Unknown |
Due to the impact of the attack, the city of Topeka closed its municipal court and probation and prosecution divisions, and the Kansas Supreme Court was forced to use paper records to operate. |
||
|
October 13, 2023 |
Morrison Community Hospital in Illinois |
Morrison Community Hospital in Illinois, reportedly faces a cyber-attack |
BlackCat (ALPHV) ransomware group |
Hackers stole about 5TB of data belonging to Morrison Community Hospital |
|
|
October 16, 2023 |
Cerebral Palsy State Under Siege. LockBit ransomware attack threatens with 6-Day ransom deadline |
LockBit ransomware 3.0 |
The ransomware group exfiltrated miscellaneous documents including passwords, employees’ detail, financial data, backups, medical details, kids’ photo, etc. |
||
|
October 17, 2023 |
Symposia Organizzazione Congressi, EDB Soluzioni Elettroniche, Società Canavesana Servizi |
The attacks targeting Italian companies continue. Medusa and Cactus add more victims to their data leak site |
Medusa and Cactus ransomware |
The ransomware gangs targeted Italian companies and demanded ransom of $100,000. |
|
|
October 17, 2023 |
Intred and Piemme S.p.A. |
BlackBasta adds two more Italian companies to its data leak site |
BlackBasta ransomware |
BlackBasta hit systems of two Italian companies Intred and Piemme S.p.A |
Ransomware attack on two Italian companies Intred and Piemme S.p.A |
|
October 18, 2023 |
Chilean government warns of Black Basta ransomware attacks after customs incident |
Black Basta ransomware |
Officials from the Servicio Nacional de Aduanas de Chile said that they were able to prevent a cyber attack from progressing after discovering the incident. |
||
|
October 22, 2023 |
D.C. Board of Elections: Hackers may have breached entire voter roll |
RansomedVC group |
Threat actors who breached a web server operated by the DataNet Systems hosting provider in early October may have obtained access to the personal information of all registered voters as the entire voter roll that may have been exposed contains a wide range of personally identifiable information (PII). |
The District of Columbia Board of Elections (DCBOE) ransomware attack |
|
|
October 23, 2023 |
Chilean telecom giant GTD hit by the Rorschach ransomware gang |
Rorschach ransomware gang |
Chile's Grupo GTD warned that a cyber-attack has impacted its Infrastructure as a Service (IaaS) platform, disrupting online services. The cyber-attack has allegedly affected numerous services, including its data centres, internet access, and Voice-over-IP (VoIP). |
||
|
October 23, 2023 |
ASVEL basketball team confirms data breach after ransomware attack |
NoEscape ransomware gang |
The threat actors claimed to have stolen 32 GB of data, including the personal data of players, passports and ID cards, and many documents relating to finance, taxation, and legal matters. NDAs, contracts, confidential letters. Contractual agreements with players are also allegedly included in the stolen data set. |
||
|
October 25, 2023 |
Seiko says ransomware attack exposed sensitive customer data |
Black Cat ransomware |
Seiko confirmed that the incident has led to a data breach, exposing sensitive customer, partner, and personnel information. The company also confirmed that a total of 60,000 'items of personal data' held by its 'Group' (SGC), 'Watch' (SWC), and 'Instruments' (SII) departments were compromised by the attackers. |
||
|
October 25,2023 |
California city warns of data breach after ransomware attack claims |
NoEscape ransomware gang |
The ransomware gang added Victorville city to its list of victims, claiming it stole 200 GB of data from government systems. |
||
|
October 27, 2023 |
Stanford University is investigating a cyber-attack after ransomware claims |
Akira ransomware gang |
The ransomware gang claimed it attacked Stanford University and stole 430 gigabytes of data. |
||
|
October 27, 2023 |
Boeing assessing Lockbit hacking gang threat of sensitive data leak |
Lockbit ransomware |
The Lockbit cybercrime gang claimed that it had "a tremendous amount" of sensitive data stolen from the aerospace giant that it would dump online if Boeing didn't pay the ransom by Nov. 2. |
||
|
October 27, 2023 |
CL0P Ransomware targets Morskate Manufacturing |
CL0P Ransomware |
Hackers hit IT systems and stole company data. |
||
|
October 28, 2023 |
The City of Dallas, Texas was breached by Royal Ransomware |
Royal Ransomware |
The ransomware group targeted IT systems in the City of Dallas |
Data Breaches in October 2023
|
Date |
Victim |
Summary |
Threat Actor |
Business Impact |
Source Link |
|
October 03, 2023 |
Sony |
Sony confirms data breach impacting thousands in the U.S. |
The threat actor MajorNelson (BreachForums) and RansomedVC |
Late last month, following allegations on hacking forums that Sony had been breached again and 3.14 GB of data had been stolen from the company’s systems, the firm responded by saying it was investigating the claims. The leaked dataset, that at least two separate threat actors held, contained details for the SonarQube platform, certificates, Creators Cloud, incident response policies, a device emulator for generating licences, and more. |
|
|
October 03, 2023 |
Lyca Mobile investigates customer data leak after cyber-attack |
Unknown |
A cyber-attack caused disruption on Lyca Mobile’s network. The attack may have also compromised customer data and caused service provision interruptions in most countries where the network operates. |
||
|
October 05 and 18, 2023 |
Genetics firm 23andMe |
Genetics firm 23andMe says user data stolen in credential stuffing attack |
A threat actor named 'Golem - (Addka72424, a name used on Breach Forums) |
A hacker has leaked an additional 4.1 million stolen 23andMe genetic data profiles for people in Great Britain and Germany on a hacking forum. |
|
|
October 06, 2023 |
D.C. Board of Elections confirms voter data stolen in site hack |
RansomedVC group |
The attackers accessed the information through the web server of DataNet, the hosting provider for Washington D.C.'s election authority, but the breach did not involve a direct compromise of DCBOE's servers and internal systems. |
The District of Columbia Board of Elections (DCBOE) data breach |
|
|
October 07, 2023 |
Flagstar Bank |
Third Flagstar Bank data breach since 2021 affects 800,000 customers |
Clop ransomware |
Flagstar Bank warned that over 800,000 US customers had their personal information stolen by cybercriminals due to a breach at a third-party service provider. Attackers had exploited a zero-day vulnerability in the MOVEit Transfer product to access Fiserv’s systems and, from there, stole Flagstar customer data the vendor held to provide services. |
|
|
October 09, 2023 |
Air Europa data breach: Customers warned to cancel credit cards |
Unknown |
Air Europa warned customers to cancel their credit cards after attackers accessed their card information in a recent data breach. The credit card details exposed in the breach include card numbers, expiration dates, and the 3-digit CVV (Card Verification Value) code on the back of the payment cards. |
||
|
October 11, 2023 |
BianLian extortion group claims responsibility for the recent Air Canada breach |
BianLian extortion group |
The BianLian extortion group claims to have stolen 210 GB of data after breaching the network of Air Canada, the country's largest airline and a founding member of Star Alliance. |
||
|
October 11, 2023 |
Casio says customers in 148 countries affected by breach |
Unknown |
Casio said that an external cyber-attack was carried out against a database in the development environment for “ClassPad.net,” a web application managed and operated by Casio and as a result, the personal information of some customers in and outside Japan, stored in the database, was accessed and leaked. Casio has confirmed that there is no evidence of any unauthorised intrusion into assets other than the database in the development environment. |
||
|
October 17, 2023 |
D-Link confirms data breach after employee phishing attack |
Succumb |
Taiwanese networking equipment manufacturer D-Link confirmed a data breach linked to information stolen from its network and put up for sale on BreachForums earlier this month as the attacker claimed to have stolen source code for D-Link's D-View network management software, along with millions of entries containing personal information of customers and employees, including details on the company's CEO. |
||
|
October 20, 23 2023 |
Okta and Cloudflare |
Okta says its support system was breached using stolen credentials |
Unknown |
Okta said attackers accessed files containing cookies and session tokens uploaded by customers to its support management system after breaching it using stolen credentials. Cloudflare also discovered malicious activity linked to Okta's breach on its servers. |
Data breach attack on Okta and Cloudflare |
|
October 21, 2023 |
American Family Insurance confirms cyber-attack is behind IT outages |
Unknown |
Insurance giant American Family Insurance has confirmed it suffered a cyber-attack and shut down portions of its IT systems after customers reported website outages all week. |
||
|
October 22, 2023 |
Governments in the APAC region |
New TetrisPhantom hackers steal data from secure USB drives on government systems |
TetrisPhantom hackers |
A new sophisticated threat tracked as ‘TetrisPhantom’ has been using compromised secure USB drives to target government systems in the Asia-Pacific region. |
|
|
October 22, 2023 |
City of Philadelphia discloses data breach after five months |
Unknown |
The City of Philadelphia investigated a data breach after attackers "may have gained access" to City email accounts containing personal and protected health information five months ago, in May. |
||
|
October 23, 2023 |
University of Michigan employee, student data stolen in cyber-attack |
Unknown |
The University of Michigan said in a statement that they suffered a data breach after hackers broke into their network in August and accessed systems with information belonging to students, applicants, alumni, donors, employees, patients, and research study participants. |
||
|
October 23, 2023 |
US energy services firm BHI Energy |
US energy firm shares how Akira ransomware hacked its systems |
Akira ransomware |
The attack was first started by Akira ransomware using stolen VPN credentials for a third-party contractor to access BGI Energy's internal network. Akira operators revisited the network on June 16, 2023, to enumerate data that would be stolen. Between June 20 and 29, the threat actors stole 767k files containing 690 GB of data, including BHI's Windows Active Directory database. |
|
|
October 25, 2023 |
Philadelphia: Hackers spent three months accessing city government email accounts |
Unknown |
The types of information impacted could include: demographic information, such as name, address, date of birth, social security number, and other contact information as well as medical information and limited financial information related to claims. |
||
|
October 25, 2023 |
’12 million patient records exposed’: Researcher claims Redcliffe Labs hit by cyber attack; Company says ‘no data breach’ |
Unknown |
A cybersecurity expert has claimed that diagnostics service provider, Redcliffe Labs, has been hit by a cyber attack that exposed over 12 million patient records as Jeremiah Fowler has revealed that the database was non-password-protected and it contained over 12 million records containing medical diagnostic scans, test results, and other potentially sensitive medical records. |
||
|
October 27, 2023 |
Various software vendors |
Lazarus hackers breached dev repeatedly to deploy SIGNBT malware |
Lazarus group |
The North Korean Lazarus hacking group repeatedly compromised a software vendor using flaws in vulnerable software despite multiple patches and warnings being made available by the developer. Lazarus breached the same victim multiple times indicating that the hackers aimed to steal source code or attempt a supply chain attack. |
Various software vendors under data breach attack launched by Lazarus group |
|
October 27, 2023 |
CCleaner says hackers stole users’ personal data during MOVEit mass-hack |
Clop ransomware |
Gen Digital, the multinational software company that owns CCleaner, Avast, NortonLifeLock and Avira brands, said that hackers had exploited the MOVEit vulnerability and hit CCleaner, to move large sets of sensitive data over the internet. The email to customers said that the hackers took names, contact information and information about the products that were purchased. |
||
|
October 28, 2023 |
The Clark County School District (CCSD) in Nevada |
Hackers email parents the stolen data of their children in massive cyber attack on Nevada school district |
SingularityMD (the hack team) |
CCSD confirmed it suffered a cyber attack earlier this month, stating threat actors gained access to the district's email servers. |
Cyber Attacks in October 2023
|
Date |
Victim |
Summary |
Threat Actor |
Business Impact |
Source Link |
|
October 02, 2023 |
Estes reports cyber-attack caused by ongoing tech outage |
Unknown |
The cyber-attack affected the company's visibility into its operations and shut down its point of sale — preventing new shipment bookings and halting incoming revenue. |
||
|
October 10, 2023 |
Simpson Manufacturing shuts down IT systems after cyber-attack |
Unknown |
The company stated it detected IT problems and application outages. In response to the situation, Simpson took all impacted systems offline to prevent the attack's spread. |
||
|
October 12, 2023 |
Kwik Trip |
Kwik Trip says ‘network incident’ causing disruptions at stores |
Unknown |
The incident caused a disruption to some of Kwik Trip’s systems |
|
|
October 22, 2023 |
Cyber attacks hit NY state casino operation |
Unknown |
The NY state Gaming Commission confirmed that its central operating system serving the state’s slot parlours was impacted by a cybersecurity attack — forcing the closure of Jake 58 casino in Islandia, Suffolk County, for several days. |
||
|
October 23, 2023 |
Shared health service provider TransForm |
Cyber-attack on health services provider impacts 5 Canadian hospitals |
Unknown |
Due to the impact of the cyber attack, patients were forced to reschedule their appointments |
|
|
October 23, 2023 |
New York health network restores services after crippling cyber-attack |
Unknown |
Westchester Medical Center Health Network warned that HealthAlliance Hospital, Margaretville Hospital and Mountainside Residential Care Center were experiencing a potential cybersecurity threat and an IT system outage as the provider was forced to divert ambulances away from all three facilities throughout the week and faced backlash from community members for not fully explaining the situation. |
Cyber attack on a New York health network, Westchester Medical Center Health Network |
|
|
October 25, 2023 |
Ambulances Diverted After Westchester Medical Center Health Network cyber-attack |
Unknown |
Westchester Medical Center Health Network (WMCHealth) has experienced a cyber-attack that affected its information technology systems. Post the attack, the decision was taken to shut down all connected IT systems. The downtime was expected to last for 24 hours, and systems were brought back online on a rolling basis. All systems were restored by Monday, October 24. |
New Ransomware/Malware Discovered in October 2023
|
New Ransomware |
Summary |
Source Link |
|
LostTrust ransomware |
The LostTrust ransomware operation is believed to be a rebrand of MetaEncryptor, utilising almost identical data leak sites and encryptors. |
LostTrust ransomware, a likely rebrand of the MetaEncryptor gang |
|
New BunnyLoader malware |
Security researchers discovered a new malware-as-a-service (MaaS) named 'BunnyLoader' advertised on multiple hacker forums as a fileless loader that can steal and replace the contents of the system clipboard. |
New BunnyLoader threat emerges as a feature-rich malware-as-a-service |
|
A DDoS malware botnet, IZ1H9 |
A Mirai-based DDoS (distributed denial of service) malware botnet tracked as IZ1H9 has added thirteen new payloads to target Linux-based routers and routers from D-Link, Zyxel, TP-Link, TOTOLINK, and others. |
Mirai DDoS malware variant expands targets with 13 router exploits |
|
The BlackCat/ALPHV ransomware’s new tool named 'Munchkin' |
The BlackCat/ALPHV ransomware operation has begun to use a new tool named 'Munchkin' that utilises virtual machines to deploy encryptors on network devices stealthily. |
BlackCat ransomware uses new ‘Munchkin’ Linux VM in stealthy attacks |
|
New TetrisPhantom hackers |
A new sophisticated threat tracked as ‘TetrisPhantom’ has been using compromised secure USB drives to target government systems in the Asia-Pacific region. |
New TetrisPhantom hackers steal data from secure USB drives on govt systems |
|
StripedFly malware |
A sophisticated cross-platform malware platform named StripedFly flew under the radar of cybersecurity researchers for five years, infecting over a million Windows and Linux systems during that time. |
StripedFly malware framework infects 1 million Windows, Linux hosts |
Vulnerabilities/Patches Discovered in October 2023
|
Date |
Flaws/Fixes |
Summary |
Source Link |
|
October 02, 2023 |
CVE-2023-40044 |
Security researchers released a proof-of-concept (PoC) exploit for a maximum severity remote code execution vulnerability in Progress Software's WS_FTP Server file sharing platform. |
Exploit available for critical WS_FTP bug exploited in attacks |
|
October 02, 2023 |
CVE-2023-4211 |
Arm warned of an actively exploited vulnerability affecting the widely-used Mali GPU drivers. |
Arm warns of Mali GPU flaws likely exploited in targeted attacks |
|
October 02, 2023 |
CVE-2023-4863 and CVE-2023-4211 |
Google has released October 2023 security updates for Android, addressing 54 unique vulnerabilities, including two known to be actively exploited. |
|
|
October 03, 2023 |
CVE-2023-43654 and CVE-2022-1471 |
A set of critical vulnerabilities dubbed 'ShellTorch' in the open-source TorchServe AI model-serving tool impact tens of thousands of internet-exposed servers, some of which belong to large organisations. |
ShellTorch flaws expose AI servers to code execution attacks |
|
October 03, 2023 |
CVE-2023-33106, CVE-2023-33107, CVE-2022-22071, and CVE-2023-33063 |
Qualcomm is warning of three zero-day vulnerabilities in its GPU and Compute DSP drivers that hackers are actively exploiting in attacks. |
Qualcomm says hackers exploit 3 zero-days in its GPU, DSP drivers |
|
October 04, 2023 |
CVE-2023-20101 |
Cisco released security updates to fix a Cisco Emergency Responder (CER) vulnerability that let attackers log into unpatched systems using hard-coded credentials. |
Cisco fixes hard-coded root credentials in Emergency Responder |
|
October 04, 2023 |
CVE-2023-42824 and CVE-2023-5217 |
Apple released new emergency security updates to patch two new zero-day vulnerabilities known to be exploited in attacks. |
Apple emergency update fixes new zero-day used to hack iPhones |
|
October 04, 2023 |
CVE-2023-22515 |
Australian software company Atlassian released emergency security updates to fix a maximum severity zero-day vulnerability in its Confluence Data Center and Server software, which has been exploited in attacks. |
Atlassian patches critical Confluence zero-day exploited in attacks |
|
October 11, 2023 |
CVE-2023-3519 |
Hackers are conducting a large-scale campaign to exploit the recent CVE-2023-3519 flaw in Citrix NetScaler Gateways to steal user credentials. |
Hackers hijack Citrix NetScaler login pages to steal credentials |
|
October 11, 2023 |
CVE-2023-22515 |
Microsoft said a Chinese-backed threat group tracked as 'Storm-0062' (aka DarkShadow or Oro0lxy) has been exploiting a critical privilege escalation zero-day in the Atlassian Confluence Data Center and Server since September 14, 2023. |
Microsoft: State hackers exploiting Confluence zero-day since September |
|
October 12, 2023 |
CVE-2023-40044 |
Sophos X-Ops recently observed an unsuccessful attempted ransomware activity against customers. The attempt utilised CVE-2023-40044, in WS_FTP Server from Progress Software. |
|
|
October 12, 2023 |
CVE-2023-38545 |
Curl 8.4.0 has been released to patch and release details on a hyped up high-severity security vulnerability (CVE-2023-38545), easing week-long concerns regarding the flaw’s severity. |
|
|
October 16, 2023 |
CVE-2023-5360 |
A critical severity vulnerability impacting Royal Elementor Addons and Templates up to version 1.3.78 is reported to be actively exploited by two WordPress security teams. |
Hackers exploit critical flaw in WordPress Royal Elementor plugin |
|
October 17 and 19, 2023 |
CVE-2023-20198 |
Cisco warned that hackers are targeting a line of its software through a previously unknown vulnerability. |
Over 40,000 Cisco IOS XE devices infected with backdoor using zero-day |
|
October 18, 2023 |
CVE-2023-38831 |
Hackers connected to the governments of Russia and China are allegedly using a vulnerability in a popular Windows tool to attack targets around the world, including in Ukraine and Papua New Guinea. |
|
|
October 18, 2023 |
CVE-2023-4966 |
A critical vulnerability tracked as CVE-2023-4966 in Citrix NetScaler ADC/Gateway devices has been actively exploited as a zero-day since late August, security researchers announced. |
Recently patched Citrix NetScaler bug exploited as zero-day since August |
|
October 19, 2023 |
CVE-2021-26411 |
Hackers have targeted more than a dozen oil, gas and defence firms in Eastern Europe with an updated version of the MATA backdoor framework. The MATA backdoor was previously attributed to the North Korean hacker group Lazarus. |
Eastern European energy and defence firms targeted with MATA backdoor |
|
October 19, 2023 |
CVE-2023-35182, CVE-2023-35185, CVE-2023-35187 |
Security researchers found three critical remote code execution vulnerabilities in the SolarWinds Access Rights Manager (ARM) product that remote attackers could use to run code with SYSTEM privileges. |
Critical RCE flaws found in SolarWinds access audit solution |
|
October 23, 2023 |
CVE-2023-20273 |
Cisco disclosed a new high-severity zero-day (CVE-2023-20273), actively exploited to deploy malicious implants on IOS XE devices compromised using the CVE-2023-20198 zero-day unveiled earlier this week. It addressed these vulnerabilities on Oct 23. |
Cisco patches IOS XE zero-days used to hack over 50,000 devices |
|
October 24, 2023 |
CVE-2023-34051 |
VMware warned customers that proof-of-concept (PoC) exploit code is now available for an authentication bypass flaw in vRealize Log Insight (now known as VMware Aria Operations for Logs). |
|
|
October 25, 2023 |
CVE-2023-5631 |
The Winter Vivern Russian hacking group has been exploiting a Roundcube Webmail zero-day in attacks targeting European government entities and think tanks. |
|
|
October 25, 2023 |
CVE-2023-34048 |
VMware issued security updates to fix a critical vCenter Server vulnerability that can be exploited to gain remote code execution attacks on vulnerable servers. |
|
|
October 26, 2023 |
CVE-2023-38831, CVE-2023-23397 |
The Russian APT28 hacking group (aka 'Strontium' or 'Fancy Bear') has been targeting government entities, businesses, universities, research institutes, and think tanks in France since the second half of 2021 as it was linked to the exploitation of CVE-2023-38831, an RCE vulnerability in WinRAR, and CVE-2023-23397, a zero-day privilege elevation flaw in Microsoft Outlook. |
France says Russian state hackers breached numerous critical networks |
|
October 27, 2023 |
CVE-2023-46747 |
A critical vulnerability in the F5 BIG-IP configuration utility, tracked as CVE-2023-46747, allows an attacker with remote access to the configuration utility to perform unauthenticated remote code execution. |
F5 fixes BIG-IP auth bypass allowing remote code execution attacks |
Warnings/Advisories/Reports/Analysis
|
News Type |
Summary |
Source Link |
|
Warning |
The FBI issued a public service announcement warning of a significant increase in 'phantom hacker' scams targeting senior citizens across the United States. |
FBI warns of surge in 'phantom hacker' scams impacting the elderly |
|
Report |
Windows Defender no longer flags tor.exe as a trojan. Microsoft stated, "We've reviewed the submitted files and have determined that they do not fit our definitions of malware or unwanted applications. As such, we've removed the detection." |
|
|
Report |
A recently uncovered phishing campaign is targeting Microsoft 365 accounts of key executives in US-based organisations by abusing open redirects from the Indeed employment website for job listings. |
EvilProxy uses indeed.com open redirect for Microsoft 365 phishing |
|
Report |
Hackers have been observed trying to breach cloud environments through Microsoft SQL Servers vulnerable to SQL injection. |
Microsoft: Hackers target Azure cloud VMs via breached SQL servers |
|
Warning |
About 100,000 industrial control systems (ICS) were found on the public web, exposed to attackers probing them for vulnerabilities and at risk of unauthorised access as among them were power grids, traffic light systems, security and water systems. |
Researchers warn of 100,000 industrial control systems exposed online |
|
Report |
Hackers engaging in cyber espionage have targeted Chinese-speaking semiconductor companies with TSMC-themed lures that infect them with Cobalt Strike beacons. |
China-linked cyberspies backdoor semiconductor firms with Cobalt Strike |
|
Warning |
The Federal Trade Commission says Americans have lost at least $2.7 billion to social media scams since 2021, with the actual number likely many times larger due to severe under-reporting. |
FTC warns of ‘staggering’ losses to social media scams since 2021 |
|
Report |
Cloud computing provider Blackbaud reached a $49.5 million agreement with attorneys general from 49 U.S. states to settle a multi-state investigation of a May 2020 ransomware attack and the resulting data breach. |
Blackbaud agrees to $49.5 million settlement for ransomware data breach |
|
Report |
Multiple Balada Injector campaigns have compromised and infected over 17,000 WordPress sites using known flaws (CVE-2023-3169) in premium theme plugins. |
Over 17,000 WordPress sites hacked in Balada Injector attacks last month |
|
Report |
A new Magecart card skimming campaign hijacks the 404 error pages of online retailer's websites, hiding malicious code to steal customers' credit card information. |
Hackers modify online stores’ 404 pages to steal credit cards |
|
Report |
Colonial Pipeline said there has been no disruption to pipeline operations or their systems after a ransomware gang (Ransomed.vc gang) made several threats that data had been stolen from their systems. |
Colonial Pipeline attributes ransomware claims to ‘unrelated’ third-party data breach |
|
Warning |
Valve has announced implementing additional security measures for developers publishing games on Steam, including SMS-based confirmation codes as it is to deal with a recent outbreak of malicious updates pushing malware from compromised publisher accounts. |
Steam enforces SMS verification to curb malware-ridden updates |
|
Report |
A new, lightweight variant of the RomCom backdoor was deployed against participants of the Women Political Leaders (WPL) Summit in Brussels, a summit focusing on gender equality and women in politics. |
Women Political Leaders Summit targeted in RomCom malware phishing |
|
Report |
The state-sponsored Russian hacking group tracked as 'Sandworm' has compromised eleven telecommunication service providers in Ukraine between May and September 2023. |
Russian Sandworm hackers breached 11 Ukrainian telcos since May |
|
Report |
Israeli Android users are targeted by a malicious version of the 'RedAlert – Rocket Alerts' app that, while it offers the promised functionality, acts as spyware in the background. |
Fake 'RedAlert' rocket alert app for Israel installs Android spyware |
|
Report |
A group of pro-Ukraine hacktivists known as the Ukrainian Cyber Alliance said it has shut down the leak site run by the Trigona ransomware group. |
Pro-Ukraine group says it took down Trigona ransomware website |
|
Report |
A Google Ads campaign was found pushing a fake KeePass download site that used Punycode to appear as the official domain of the KeePass password manager to distribute malware. |
Fake KeePass site uses Google Ads and Punycode to push malware |
|
Report |
The Iranian hacking group tracked as OilRig (APT34) breached at least twelve computers belonging to a Middle Eastern government network and maintained access for eight months between February and September 2023. |
Iranian hackers lurked in Middle Eastern govt network for 8 months |
|
Report |
A “key target” allegedly involved with the Ragnar Locker ransomware group was arrested in Paris. |
Europol: ‘Key target’ in Ragnar Locker ransomware operation arrested in Paris |
|
Report |
Finnish prosecutors have charged a hacker on more than 30,000 counts related to allegedly breaching a Helsinki-based private psychotherapy centre. |
Hacker accused of breaching Finnish psychotherapy centre facing 30,000 counts |
|
Report |
A threat actor is using fake LinkedIn posts and direct messages about a Facebook Ads specialist position at hardware maker Corsair to lure people into downloading info-stealing malware like DarkGate and RedLine. |
|
|
Report |
The International Criminal Court (ICC) said that the serious cybersecurity incident it detected in September was an act of espionage. |
War crimes tribunal says September cyberattack was act of espionage |
|
Report |
Law enforcement officials in India conducted raids at 76 locations across the country accused of running tech support scams after receiving tips from Amazon and Microsoft. |
India raids tech-support fraud compounds after tip from Amazon, Microsoft |
|
Report |
Researchers have discovered possible signs of cooperation between the Palestinian militant organisation Hamas and one of the longest-running groups of Arabic-speaking hackers. |
|
|
Report |
The Spanish National Police have dismantled a cybercriminal organisation that carried out a variety of computer scams to steal and monetize the data of over four million people. |
Spain arrests 34 cybercriminals who stole data of 4 million people |
|
Report |
Several state and key industrial organisations in Russia were attacked with a custom Go-based backdoor that performs data theft, likely aiding espionage operations. |
Hackers backdoor Russian state, industrial orgs for data theft |
|
Report |
Cloudflare says the number of hyper-volumetric HTTP DDoS (distributed denial of service) attacks recorded in the third quarter of 2023 surpasses every previous year, indicating that the threat landscape has entered a new chapter. |
|
|
Report |
Hackers (YoroTrooper) believed to be based in Kazakhstan are targeting other members of the Commonwealth of Independent States in a wide-ranging espionage campaign. |
Kazakhstan-based hackers targeting gov’t websites in Central Asia, Cisco says |
|
Report |
Oldham council is to spend £682,000 on computer upgrades after bosses said they were fighting off 10,000 cyber attacks a day. |
Oldham Council facing 10,000 cyber attacks a day, report says |
|
Report |
The Russian government plans to have its own analogous version of the malware scanning platform VirusTotal up and running within the next two years, due to concerns the U.S. government could access data from the popular Google-owned service. |
Russia to launch its own version of VirusTotal due to US snooping fears |
|
Report |
At least 25 people have reportedly seen $4.4 million in crypto drained from across 80 wallets due to a 2022 data breach that impacted password storage software LastPass as in an Oct. 27 X (Twitter) post, pseudonymous on-chain researcher ZachXBT said he and MetaMask developer Taylor Monahan tracked the fund movements of at least 80 wallets compromised on Oct. 25. |
Crypto thief steals $4.4M in a day as toll rises from LastPass breach |
