Cyber Security Blog

September 2023: Major Cyber Attacks, Data Breaches, Ransomware Attacks

Written by Aditi Uberoi | 2 October 2023

The Biggest Cyber Attacks, Ransomware Attacks and Data Breaches - our compilation for the month of September 2023. 

  1. Ransomware Attacks in September 2023
  2. Data Breaches in September 2023
  3. Cyber-Attacks in September 2023
  4. New Ransomware/Malware Detected in September 2023
  5. Vulnerabilities/Patches 
  6. Advisories issued, reports, analysis etc. in September 2023

The massive ransomware attacks on MGM and Caesars Entertainment clearly dominated all conversation about cybersecurity in September 2023. 

Attacks on casinos and hotels always get a more than fair share of attention - they're dramatic, involve a lot of money, cause direct inconvenience to customers, make for interesting press - all the pandemonium that cyber criminals tend to love. No wonder casino heists also form the plots of several potboilers.

Yet, while these attacks were the most spoken of - they were far, far from being the only samples of cyber crime in the month gone by.  Schools, city councils, kids snacks, government ministries, healthcare organisations, dating apps, electricity grids, charitable organisations and crypto businesses are just some of the many victims that emerged through our research. Airbus, SONY, Air Canada,  Pizza Hut Australia and even Save the Children were compromised in one way or the other. 

The alarming thing here is that of all these big names were breached in just one month - such is the rapid rise in the rate of cyber crime across the globe. 

Nobody and we mean absolutely nobody can now afford to be relaxed about their cybersecurity. It's time to gather forces, ramp up protection and bolster defences with urgency.   

At Cyber Management Alliance, we offer game-changing cybersecurity consultancy services that are accessible to all businesses, regardless of their size and industry.

Our Virtual Cyber Assistant and Virtual Cyber Consultant services provide easy, remote access to highly skilled cybersecurity experts to any business looking to amplify its cybersecurity endeavours. With over 280 services across 15 domains,  you can find exactly what you're looking for in the most cost-effective package available in the market. We also have readymade packages for Cyber Essentials, BCP, ISO 27001 and many others. 

Ransomware Attacks in September 2023

Date

Victim

Summary

Threat Actor

Business Impact

Source Link

September 01, 2023

The Chambersburg Area School District

Pennsylvania school district to stay open despite ransomware attack

Unknown

The attack caused a network disruption affecting the operability of certain CASD computer systems. Students have been unable to access the internet on premises and were advised to leave their Chromebook and iPad devices at home. 

Ransomware attack on the Chambersburg Area School District in Pennsylvania

September 06, 2023

The Seville City Council

The Seville City Council suspends all telematic services due to a computer hijacking: “It will not be negotiated”

LockBit Ransomware

The Seville City Council has returned to paper notes and in-person procedures after suffering the hijacking of its computer systems by a group of cybercriminals, as confirmed by the City Council. The hackers have allegedly demanded up to one and a half million dollars (1,396,642 euros) from the municipal government, although it has assured that "in no case will it negotiate with cybercriminals."

Ransomware attack on the Seville City Council

September 06, 2023

Minneapolis Public Schools

Minneapolis school district says data breach affected more than 100,000 people

The Medusa ransomware group

Minneapolis Public Schools has begun notifying more than 100,000 people that their personal information may have been leaked after a cyber attack earlier this year. The Medusa ransomware group claimed the attack on March 7, demanding $1 million to decrypt MPS systems. The school district did not pay up and ten days later the gang leaked data — including what appeared to be highly sensitive student files — and it posted a 51-minute video that included screenshots of the allegedly stolen information.

Ransomware attack on Minneapolis Public Schools

September 07, 2023

Mayanei Hayeshua Medical Center

Hackers claim to publish prominent Israeli hospital’s patient data

Ragnar Locker ransomware gang

Hackers who breached an Israeli hospital near Tel Aviv last month said they started leaking stolen data because no ransom was paid. The ransomware attack on Mayanei Hayeshua Medical Center resulted in the shutdown of its administrative computer systems, leading the hospital to redirect new patients and those requiring emergency care to other medical centres.

Ransomware attack on Mayanei Hayeshua Medical Center

September 07, 2023

Caesars Entertainment

Caesars Entertainment Pays $15 Million Ransom to Cyber Hackers after Breach

ALPHV and Scattered Spider

Caesars Entertainment confirmed the cybersecurity attack in a September, 14, SEC filing as the company wrote that on September 7, “we determined that the unauthorised actor acquired a copy of, among other data, our loyalty program database, which includes driver’s licence numbers and/or social security numbers for a significant number of members in the database”. Caesars leadership also allegedly negotiated with the criminals and paid $15 million as ransom.

Caesars Entertainment ransomware attack

September 11, 2023

Lanka Government Cloud (LGC)

Sri Lankan government loses months of data following ransomware attack

Unknown

Sri Lanka’s government email network was hit by a ransomware attack that wiped months of data from thousands of email accounts, including ones belonging to top government officials as the attack, which started at the end of August, affected nearly 5,000 email addresses using the gov.lk email domain. The victims include Sri Lanka’s council of ministers which forms the central government of the country.

Ransomware attack on Sri Lankan government-(LGC)

September 11, 2023

MGM Resorts

MGM Resorts shuts down IT systems after cyber attack

ALPHV and Scattered Spider

MGM Resorts International disclosed that it was dealing with a cybersecurity issue that impacted some of its systems, including its main website, online reservations, and in-casino services, like ATMs, slot machines, and credit card machines.

MGM Resorts ransomware attack

September 13, 2023

Royal Dutch Football Association

Royal Dutch Football Association confirms it paid ransom for hacked employee data

LockBit 

The governing body for soccer in the Netherlands said that it paid a ransom to hackers who breached its systems earlier this year and stole the sensitive data of more than more than 1.2 million employees and members. The threat actor LockBit claimed to have stolen 305 GB of data.

Royal Dutch Football Association ransomware attack

September 14, 2023

An undisclosed third party supplier based in Stockport, UK  

Manchester police officers’ data stolen following ransomware attack on supplier

Unknown

A ransomware attack on a third-party supplier compromised the personal details of thousands of officers with Greater Manchester Police (GMP) in North West England.

Ransomware attack on a third party supplier of Greater Manchester Police

September 18, 2023

Kuwait government’s Finance Ministry

Kuwait isolates some government systems following attack on its Finance Ministry

Rhysida ransomware gang

The government of Kuwait suffered a ransomware attack that affected its Ministry of Finance. Government officials immediately tried to separate and shut off affected systems.

Ransomware attack on Kuwait government’s Finance Ministry

September 22, 2023

The City of Dallas, Texas

Dallas says Royal Ransomware breached its network using stolen account

Royal Ransomware

The City of Dallas, Texas, said that the Royal Ransomware attack that forced it to shut down all IT systems in May started with a stolen account. During this period, they successfully collected and exfiltrated 1.169 TB worth of files based on system log data analysis conducted by city officials and external cybersecurity experts.

The City of Dallas, Texas ransomware attack

September 26, 2023

Sony

Sony investigates cyber attack as hackers fight over who's responsible

RansomedVC and MajorNelson (BreachForums name)

Sony said that it is investigating allegations of a cyber attack this week as different hackers have stepped up to claim responsibility for the purported hack. Claims of attacking Sony's systems were initially made by an extortion group called RansomedVC. This group claimed that it had breached Sony's networks and stolen 260 GB of data during the attack that they are attempting to sell for $2.5 million. But on the other side, MajorNelson (another group) leaked for free a 2.4 GB compressed archive, which contains 3.14 GB of uncompressed data that it claims belongs to Sony.

Ransomware attack on Sony

September 27, 2023

Building automation giant Johnson Controls

Building automation giant Johnson Controls hit by ransomware attack

Dark Angels ransomware gang

Johnson Controls International has suffered what is described as a massive ransomware attack that encrypted many of the company devices, including VMware ESXi servers, impacting the company’s and its subsidiaries’ operations. The threat actors claimed to have stolen over 27 TB of corporate data and encrypted the company's VMWare ESXi virtual machines during the attack.

Ransomware attack on Johnson Controls

September 27, 2023

Philippine Health Insurance Corporation (PhilHealth)

Philippines state health org struggling to recover from ransomware attack

Medusa Ransomware Gang

The ransomware incident forced Philippine Health Insurance Corporation to take several websites and portals offline as the ransomware gang gave PhilHealth 10 days to pay several different ransoms, including $100,000 to extend the ransomware’s deadline and $300,000 to either delete all the stolen data or download it.



Ransomware attack on Philippine Health Insurance Corporation

September 29, 2023

McLaren HealthCare

Large Michigan healthcare provider confirms ransomware attack

Black Cat/ALPHV ransomware gang

According to the Detroit Free Press, the company reported outages affecting billing and electronic health record systems as McLaren had to shut down the computer network at 14 different facilities — a situation that got so bad that employees had to communicate through their personal phones.

McLaren HealthCare ransomware attack

 

 Back to Top 


Data Breaches in September 2023

Date

Victim

Summary

Threat Actor

Business Impact

Source Link

September 01, 2023

Golf equipment maker Callaway

Golf gear giant Callaway data breach exposes info of 1.1 million

Unknown

The incident exposed sensitive personal and account information of more than a million customers in the United States. The data breach has apparently impacted customers of Callaway and its sub-brands Odyssey, Ogio, and Callaway Gold Preowned sites that all operate under the same business umbrella.

Callaway data breach

September 03, 2023

University of Sydney

University of Sydney data breach impacts recent applicants

Unknown

In this breach incident, a third-party service provider exposed personal information of recently applied and enrolled international applicants of University of Sydney.

University of Sydney data breach

September 04, 2023

Freecycle, an online forum dedicated to exchanging used items

Freecycle confirms massive data breach impacting 7 million users

Unknown

Freecycle confirmed a massive data breach that affected more than 7 million users. The non-profit organisation said it discovered the breach weeks after a threat actor put the stolen data for sale on a hacking forum on May 30, and warned affected people to switch passwords immediately. The stolen information includes usernames, User IDs, email addresses, and MD5-hashed passwords, with no other information exposed.

Freecycle data breach

September 05, 2023

Dating App Coffee Meets Bagel

Coffee Meets Bagel says recent outage caused by destructive cyber attack

Unknown

CMB confirmed that the outages were caused by their systems being breached and a hacker deleting company data, causing the production servers to no longer operate correctly.

Coffee Meets Bagel data breach

September 05, 2023

Atlas VPN

Atlas VPN zero-day vulnerability leaks users' real IP address

Unknown

An Atlas VPN zero-day vulnerability has been affecting the Linux client that leaks a user's real IP address simply by visiting a website.

Real IP address breach of Atlas VPN

September 12, 2023

Canadian Nurses Association

Canadian Nurses Association confirms data theft after group dumps stolen info

Two different ransomware groups — Snatch and Nokoyawa

The Canadian Nurses Association (CNA) confirmed that it worked with its members to respond to a leak of sensitive data stolen by a group of hackers earlier this year.

Canadian Nurses Association data breach

September 13, 2023

Airbus

Airbus investigates data leak allegedly involving thousands of suppliers

Threat actor using the moniker "USDoD"

Airbus said that it investigated a cybersecurity incident following reports that a hacker posted information on 3,200 of the company’s vendors to the dark web. The threat actor using the moniker "USDoD" posted on BreachForums that they obtained access to an Airbus web portal after compromising the account of a Turkish airline employee.

Airbus data breach

September 13, 2023

Rollbar

Rollbar discloses data breach after hackers stole access tokens

Unknown

Software bug-tracking company Rollbar announced that  unknown attackers hacked its systems in early August and gained access to customer access tokens.

Rollbar data breach

September 14, 2023

US-Canada water commission, International Joint Commission (IJC)

US-Canada water commission investigating cyber attack

NoEscape ransomware gang

The International Joint Commission (IJC) announced that it experienced a cyber attack following reports that ransomware hackers claimed to have stolen reams of data. The ransomware gang claimed it attacked the organisation — which has offices in Washington, D.C., Ottawa and Windsor — and stole 80 GB of contracts, geological files, conflict of interest forms and more.

Data breach attack on US-Canada water commission, International Joint Commission (IJC)

September 15, 2023

Satellite, defence, and pharmaceutical industries  based in  Israel, the U.S., Brazil, and the United Arab Emirates.

Iranian state hackers target satellite, defence organisations worldwide

Peach Sandstorm

Hackers linked to Iran’s government targeted thousands of organisations in the satellite, defence, and pharmaceutical industries as part of an espionage campaign. The hacking group allegedly compromised some targeted organisations based in  Israel, the U.S., Brazil, and the United Arab Emirates.

Data breach attack on satellite, defence organisations worldwide

September 19, 2023

The International Criminal Court (ICC)

Hackers breached International Criminal Court’s systems 

Unknown

The International Criminal Court (ICC) disclosed a cyberattack after discovering last week that its systems had been breached.

The International Criminal Court (ICC) data breach

September 20, 2023

TransUnion

TransUnion denies it was hacked, links leaked data to 3rd party

Threat actor known as USDoD

According to the USDoD's listing published on a hacking forum over the weekend, the database allegedly stolen from TransUnion's systems includes a wide range of sensitive information of roughly 59,000 people worldwide but TransUnion denied this claim.

TransUnion data breach

September 20, 2023

Pizza Hut Australia

Pizza Hut Australia warns 193,000 customers of a data breach

“Shiny Hunters” (@shinycorp)

Pizza Hut Australia sent data breach notifications to customers, warning them that a cyber attack allowed hackers to access their personal information. The notification said that the hacker gained unauthorised access to Pizza Hut Australia systems storing sensitive information of customers who made online orders, as well as partial financial data and encrypted account passwords.

Pizza Hut Australia data breach

September 21, 2023

Air Canada

Air Canada says hackers accessed limited employee records during cyber attack

Unknown

Canada’s largest airline announced a data breach that involved the information of employees, but said its operations and customer data were not impacted.

Air Canada data breach

September 21, 2023

T-Mobile

T-Mobile denies new data breach rumours, points to authorised retailer

An unknown threat actor under the alias 'emo' 

T-Mobile denied suffering another data breach. News reports had alleged that a threat actor leaked a large database allegedly containing T-Mobile employees’ data. Someone under the alias 'emo' apparently shared an 89 GB ZIP archive allegedly containing T-Mobile data on the BreachForums hacking forum for free.

T-Mobile data breach

September 25, 2023

BORN Ontario

BORN Ontario child registry data breach affects 3.4 million people

Clop ransomware's MOVEit hacking spree

An investigation revealed that threat actors copied files containing sensitive information of approximately 3.4 million people, primarily newborns and pregnancy care patients, who benefited from BORN services between January 2010 and May 2023.

BORN Ontario data breach

September 25, 2023

SickKids

SickKids impacted by BORN Ontario data breach that hit 3.4 million

Clop ransomware's MOVEit hacking spree

The Hospital for Sick Children, more commonly known as SickKids is amongst healthcare providers that were impacted by the recent breach at BORN Ontario.

SickKids data breach

Back to Top 

Cyber Attacks in September 2023

Date

Victim

Summary

Threat Actor

Business Impact

Source Link

September 03, 2023

Supermarket chain Lidl.

Children's PAW Patrol themed snack recalled due to a compromised URL on the packaging which directs to an adult content site  

Unknown

Supermarket chain Lidl has been recalling four types of PAW Patrol-themed snacks across the UK as a compromised URL listed on the snack's packaging leads to a porn site.

Lidl Cyber attack

September 04, 2023

Germany’s Federal Financial Supervisory Authority (BaFin)

German financial regulator's website hit by DDoS attack

Unknown

Due to the impact of the DDoS attack, the website of Germany’s Federal Financial Supervisory Authority (BaFin) was only partially accessible over the weekend.

Cyber attack on Germany’s Federal Financial Supervisory Authority (BaFin)

September 05, 2023

Coffee Meets Bagel

Coffee Meets Bagel says recent outage caused by destructive cyber attack

Unknown

Coffee Meets Bagel (CMB) suffered a worldwide outage, with users upset that they could not coordinate planned dates or continue communicating with their matches and CMB confirmed that the outages were caused by their systems being breached and a hacker deleting company data, causing the production servers to no longer operate correctly.

Coffee Meets Bagel cyber attack

September 05, 2023

The department of health for Hawaiʻi

Hawai’i State Department of Health resolves website defacement

Unknown

The department of health for Hawaiʻi has fixed a website defacement caused by a cybercrime group. It denied that hackers had access to any other government systems. The incident affected healthybydefault.hawaii.gov — a website created by the Hawaiʻi State Department of Health (DOH). 

Cyber attack on the website of Hawai’i State Department of Health

September 11, 2023

Save the Children International

Save the Children International hit with cyber attack, but says operations weren’t impacted

BianLian hacker gang

The global charity organisation confirmed that it was recently hit with a cyber attack after a ransomware group claimed to have breached the organisation’s systems. The organisation said the hackers gained unauthorised access to parts of their network but their operations weren’t impacted. 

Save the Children International cyber attack

September 12, 2023

A national electricity grid organisation in Asia

'Redfly' hackers infiltrated power supplier's network for 6 months

An espionage threat group tracked as 'Redfly'

An espionage threat group tracked as 'Redfly' hacked a national electricity grid organisation in Asia and quietly maintained access to the breached network for six months.

Cyber attack on a national electricity grid organisation in Asia

September 13, 2023

CoinEx

CoinEx confirms hack after $31 million in cryptocurrency allegedly stolen from exchange

North Korea’s Lazarus hacking group (Apparently)

Cryptocurrency exchange CoinEx confirmed that a hacker stole millions of dollars worth of cryptocurrency in an attack. While the company claims the amount of losses is still being determined, blockchain data collected by several cryptocurrency security firms shows that about $31 million worth of coins was allegedly stolen from the platform.

CoinEx cyber attack

September 14, 2023

U.S based Victims in the defence, satellite, and pharmaceutical sectors

Iranian hackers breach defence orgs in password spray attacks

APT33 (aka Peach Sandstorm, HOLMIUM, or Refined Kitten)

Microsoft says an Iran-backed threat group has targeted thousands of organisations in the U.S. and worldwide, in password spray attacks since February 2023. State hackers also allegedly stole sensitive information from a limited number of victims in the defence, satellite, and pharmaceutical sectors.

Cyber attack on U.S based victims in the defence, satellite, and pharmaceutical sectors

September 15, 2023

Carthage Area Hospital and Claxton-Hepburn Medical Center

Upstate New York non-profit hospitals still facing issues after LockBit ransomware attack

LockBit

For two weeks, the hospitals have been dealing with a cybersecurity incident that forced them to divert ambulances to other local hospitals and reschedule most appointments.

Cyber attack on Carthage Area Hospital and Claxton-Hepburn Medical Center

September 19, 2023

Crypto lender Celsius

Claimants in Celsius crypto bankruptcy targetted in phishing attack

Unknown

Scammers impersonated the bankruptcy claim agent for crypto lender Celsius in phishing attacks that attempt to steal funds from cryptocurrency wallets.

Crypto lender Celsius cyber attack

September 22, 2023

The Government of Bermuda

Government of Bermuda links cyber attack to Russian hackers

Unknown Russian hackers

The Government of British overseas territory Bermuda has linked a cyber attack affecting all its departments' IT systems to Russian hackers. The Government said: "The public is advised that the Government Is currently experiencing internet/email and phone service interruptions. All Departments are impacted".

Cyber attack on the government of Bermuda

September 25, 2023

Hong Kong crypto business Mixin

Hong Kong crypto business Mixin says hackers stole $200 million in assets

Allegedly North Korean government’s APT38 hacking group — known by many researchers as Lazarus or TraderTraitor

A cryptocurrency business based in Hong Kong announced that hackers had stolen around $200 million of its assets after attacking its cloud service provider.

Cyber attack on a Hong Kong crypto business Mixin

September 26, 2023

Product leasing giant Progressive Leasing

Product leasing giant warns that sensitive information was stolen during a cyber attack

AlphV/Black Cat ransomware

Progressive Leasing said it experienced a cybersecurity incident affecting certain Progressive Leasing systems.

Cyber attack on  product leasing giant Progressive Leasing

September 28, 2023

Russian flight booking system Leonardo

Russian flight booking system suffers ‘massive’ cyber attack

The Ukrainian hacktivist group IT Army

DDoS attack on Leonardo lasted about an hour and affected the operation of several Leonardo customers, including Russian air carriers Rossiya Airlines, Pobeda and flagship airline Aeroflot.

Cyber attack on a Russian flight booking system Leonardo


Back to Top 

New Ransomware/Malware Discovered in September 2023

New Ransomware

Summary

Source Link

The Chaes malware

The Chaes malware has returned as a new, more advanced variant that includes a custom implementation of the Google DevTools protocol for direct access to the victim's browser functions, allowing it to steal data using WebSockets.

Chaes malware now uses Google Chrome DevTools Protocol to steal data

A new Mirai malware

A new Mirai malware botnet variant has been spotted infecting inexpensive Android TV set-top boxes used by millions for media streaming.

Mirai variant infects low-cost Android TV boxes for DDoS attacks

RedLine Clipper, Agent Tesla, and OriginBotnet

Researchers have identified a new phishing campaign that uses Microsoft Word documents to distribute malware that can log what a victim types, syphon cryptocurrency funds, and steal sensitive data.

Phishing campaign uses Word documents to distribute three malware strains

An unknown backdoor malware named 'Sponsor' 

A nation-state threat actor known as 'Charming Kitten' (Phosphorus, TA453, APT35/42) has been observed deploying a previously unknown backdoor malware named 'Sponsor' against 34 companies around the globe.

Iranian hackers backdoor 34 orgs with new Sponsor malware

A new information stealer malware, 'MetaStealer'

A new information stealer malware has appeared in the wild, stealing a wide variety of sensitive information from Intel-based macOS computers.

New 'MetaStealer' malware targets Intel-based macOS systems

Bumblebee malware

The malware loader 'Bumblebee' has broken its two-month vacation with a new campaign that employs new distribution techniques that abuse 4shared WebDAV services.

Bumblebee malware returns in new attacks abusing WebDAV folders

An info-stealing malware 'LuaDream’

A previously unknown threat actor dubbed 'Sandman' targets telecommunication service providers in the Middle East, Western Europe, and South Asia, using a modular info-stealing malware named 'LuaDream'.

‘Sandman’ hackers backdoor telcos with new LuaDream malware

A malware named 'Deadglyph'

A novel and sophisticated backdoor malware named 'Deadglyph' was seen used in a cyberespionage attack against a government agency in the Middle East.

New stealthy and modular Deadglyph malware used in govt attacks

new ZenRAT malware

Fake Bitwarden sites are pushing installers purportedly for the open-source password manager that carry a new password-stealing malware that security researchers call ZenRAT.

Fake Bitwarden sites push new ZenRAT password-stealing malware

Menorah malware

APT34 hackers sent phishing emails to victims believed to be based in Saudi Arabia, ultimately infecting them with the Menorah malware.

Alleged Iranian hackers target victims in Saudi Arabia with new spying malware

Back to Top 

Vulnerabilities/Patches Discovered in September 2023

Date

Flaws/Fixes

Summary

Source Link

September 01, 2023

CVE-2023-34039

Proof-of-concept exploit code has been released for a critical SSH authentication bypass vulnerability in VMware's Aria Operations for Networks analysis tool (formerly known as vRealize Network Insight).

Exploit released for critical VMware SSH auth bypass vulnerability

September 04, 2023

CVE-2023-28432 and CVE-2023-28434

Hackers are exploiting two recent MinIO vulnerabilities to breach object storage systems and access private information, execute arbitrary code, and potentially take over servers.

Hackers exploit MinIO storage system to breach corporate networks

September 05, 2023

CVE-2023-39238, CVE-2023-39239, CVE-2023-39240

Three critical-severity remote code execution vulnerabilities impact ASUS RT-AX55, RT-AX56U_V2, and RT-AC86U routers, potentially allowing threat actors to hijack devices if security updates are not installed.

ASUS routers vulnerable to critical remote code execution flaws

September 06, 2023

CVE-2023-35674

This high-severity zero-day vulnerability (CVE-2023-35674) is a flaw in the Android Framework that enables attackers to escalate privileges without requiring user interaction or additional execution privileges.

September Android updates fix zero-day exploited in attacks

September 11, 2023

CVE-2023-4863

Google released emergency security updates to fix the fourth Chrome zero-day vulnerability exploited in attacks since the start of the year.

Google fixes another Chrome zero-day bug exploited in attacks

September 12, 2023

CVE-2023-26369

Adobe has released security updates to patch a zero-day vulnerability in Acrobat and Reader tagged as exploited in attacks. Even though additional information on the attacks is yet to be disclosed, the zero-day is known to affect both Windows and macOS systems.

Adobe warns of critical Acrobat and Reader zero-day exploited in attacks

September 12, 2023

CVE-2023-41064

Apple released security updates for older iPhones to fix a zero-day vulnerability tracked as CVE-2023-41064 that was actively exploited to infect iOS devices with NSO's Pegasus spyware.

Apple backports BLASTPASS zero-day fix to older iPhones

September 15, 2023

CVE-2023-4863

Mozilla released an advisory warning users of a vulnerability affecting its popular web browser and email client.

Mozilla, CISA urge users to patch Firefox security flaw

September 19, 2023

CVE-2023-41179

Trend Micro fixed a remote code execution zero-day vulnerability in Trend Micro's Apex One endpoint protection solution that was actively exploited in attacks. 

Trend Micro fixes endpoint protection zero-day used in attacks

September 22, 2023

CVE-2023-41991, CVE-2023-41992, and CVE-2023-41993

Security researchers with the Citizen Lab and Google's Threat Analysis Group (TAG) revealed that three zero-days patched by Apple earlier in the week were abused as part of an exploit chain to install Cytrox's Predator spyware.

Recently patched Apple, Chrome zero-days exploited in spyware attacks

September 26, 2023

CVE-2023-5129

Google has assigned a new CVE ID (CVE-2023-5129) to a libwebp security vulnerability exploited as a zero-day in attacks and patched two weeks ago.

Google assigns new maximum rated CVE to libwebp bug exploited in attacks

September 26, 2023

CVE-2023-32315

Hackers are actively exploiting a high-severity vulnerability in Openfire messaging servers to encrypt servers with ransomware and deploy cryptominers.

Hackers actively exploiting Openfire flaw to encrypt servers

September 27, 2023

CVE-2023-5217

Google has patched the fifth Chrome zero-day vulnerability exploited in attacks since the start of the year in emergency security updates.

Google fixes fifth actively exploited Chrome zero-day of 2023

 Back to Top 

Warnings/Advisories/Reports/Analysis

News Type

Summary

Source Link

Report

Researchers said that ransomware campaigns are using internet-exposed Microsoft SQL databases as a beachhead to launch attacks on victim systems.

Ransomware attackers are targeting exposed Microsoft SQL databases

Warning

A team of researchers from the University of Wisconsin-Madison has uploaded to the Chrome Web Store a proof-of-concept extension that can steal plaintext passwords from a website's source code.

Chrome extensions can steal plaintext passwords from websites

Report

A new sextortion scam is making the rounds that pretends to be an email from the adult site YouPorn, warning that a sexually explicit video of you was uploaded to the site and suggesting you pay to have it taken down.

Fake YouPorn extortion scam threatens to leak your sex tape

Warning

Identity and access management company Okta released a warning about social engineering attacks targeting IT service desk agents at U.S.-based customers in an attempt to trick them into resetting multi-factor authentication (MFA) for high-privileged users.

Okta: Hackers target IT help desks to gain Super Admin, disable MFA

Report

The Swedish Authority for Privacy Protection (IMY) has fined insurer Trygg-Hansa $3 million for exposing sensitive data belonging to hundreds of thousands of customers on its online portal.

Insurer fined $3M for exposing data of 650 k clients for two years

Report

Online cryptocurrency casino Stake.com announced that its ETH/BSC hot wallets had been compromised to perform unauthorised transactions, with over $40 million in crypto reportedly stolen.

Crypto casino Stake.com loses $41 million to hot wallet hackers

Report

An Atlas VPN zero-day vulnerability affecting the Linux client leaks a user's real IP address simply by visiting a website.

Atlas VPN zero-day vulnerability leaks users' real IP address

Report

Toyota says a recent disruption of operations in Japan-based production plants was caused by its database servers running out of storage space.

Toyota says filled disk storage halted Japan-based factories

Report

Researchers have uncovered a hidden “phishing empire” targeting businesses in Europe, Australia and the U.S. with a sophisticated new tool.

New phishing tool hijacked thousands of Microsoft business email accounts

Report

According to cybersecurity researchers, cybercriminals are targeting French-speaking architects, engineers and graphic designers with malware that turns their computers into cryptocurrency mining machines.

GPU-thirsty hackers target architects, designers with cryptomining malware

Warning

In January 2021, the Threat Analysis Group (TAG) publicly disclosed a campaign from government backed actors in North Korea who used 0-day exploits to target security researchers working on vulnerability research and development. Recently, TAG became aware of a new campaign likely from the same actors based on similarities with the previous campaign.

Active North Korean campaign targeting security researchers

Report

Britain’s National Cyber Security Centre (NCSC) and National Crime Agency (NCA) published a joint report detailing the ways in which the ransomware ecosystem is increasingly professionalising “in a bid to gain efficiencies and maximise profits.”

Don’t focus on ransomware variants, say UK’s national cyber and crime agencies

Warning

The Associated Press warned of a data breach impacting AP Stylebook customers where the attackers used the stolen data to conduct targeted phishing attacks.

Associated Press warns that AP Stylebook data breach led to phishing attack

Warning

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered federal agencies to patch security vulnerabilities abused as part of a zero-click iMessage exploit chain to infect iPhones with NSO Group's Pegasus spyware.

CISA warns govt agencies to secure iPhones against spyware attacks

Report

Researchers said cybercriminals appeared to have deployed bots to break into customer accounts at several large automakers, then harvested important information about thousands of individual vehicles and offered it for sale in private Telegram channels.

Nearly 15,000 accounts raided at automaker sites to harvest vehicle IDs, report says

Report

Reported ransomware attacks on organisations in the United Kingdom reached record levels last year, when criminals compromised data of potentially more than 5.3 million people from over 700 organisations, according to a surprisingly neglected dataset published by the Information Commissioner’s Office (ICO).

Ransomware attacks hit record level in UK, according to neglected official data

Report

The U.S. National Security Council (NSC) urged the governments of all countries participating in the International Counter Ransomware Initiative (CRI) to issue a joint statement announcing they will not pay ransoms to cybercriminals, according to three sources with knowledge of the plans.

White House urging dozens of countries to publicly commit to not pay ransoms

Report

The BlackCat (ALPHV) ransomware gang now uses stolen Microsoft accounts and the recently spotted Sphynx encryptor to encrypt targets' Azure cloud storage.

BlackCat ransomware hits Azure Storage with Sphynx encryptor

Report

The Irish Data Protection Commission (DPC) has fined TikTok €345 million ($368 million) for violating the privacy of children between the ages of 13 and 17 while processing their data.

TikTok slapped with $368 million fine over child privacy violations

Report

TikTok is flooded by a surge of fake cryptocurrency giveaways posted to the video-sharing platform, with almost all of the videos pretending to be themes based on Elon Musk, Tesla, or SpaceX.

TikTok flooded by 'Elon Musk' cryptocurrency giveaway scams

Report

The Microsoft AI research division accidentally leaked dozens of terabytes of sensitive data starting in July 2020 while contributing open-source AI learning models to a public GitHub repository.

Microsoft leaks 38TB of private data via unsecured Azure storage

Report

T-Mobile customers said they could see other peoples' account and billing information after logging into the company's official mobile application.

T-Mobile app glitch let users see other people's account info

Report

TikTok is flooded with videos promoting fake nude celebrity photo leaks used to push referral rewards for the Temu online megastore.

Fake celebrity photo leak videos flood TikTok with Temu referral codes

Report

The National Student Clearinghouse (NSC) reported that nearly 900 colleges and universities across the U.S. had data stolen during attacks by a Russia-based ransomware gang exploiting the popular MOVEit file-sharing tool.



MOVEit fallout continues as National Student Clearinghouse says nearly 900 schools affected

Report

Ukrainian cybersecurity officials said that Russia is stepping up its cyberattacks on Ukraine's law enforcement agencies in an effort to uncover what they know about war crimes committed by Russian soldiers.

Russian hackers target Ukrainian government systems involved in war crimes investigations

Report

Suspected Chinese hackers targeted a Middle Eastern telecom organisation and an Asian government in a recent spying operation. The hacking group Budworm, also known as Emissary Panda and APT27 attacked a U.S. state legislature using a Log4j vulnerability and now Budworm used a previously unseen version of its custom backdoor called SysUpdate to spy on the unnamed telecom company and Asian government body.

Suspected China-based hackers target Middle Eastern telecom, Asian government

Warning

Progress Software, the maker of the MOVEit Transfer file-sharing platform recently exploited in widespread data theft attacks, warned customers to patch a maximum severity vulnerability in its WS_FTP Server software.

Progress warns of maximum severity WS_FTP Server vulnerability

Warning

The FBI has warned about a new trend in ransomware attacks where multiple strains are deployed on victims' networks to encrypt systems in under two days.

FBI: Dual ransomware attack victims now get hit within 48 hours

Back to Top