• 12/6/2023

  Dragos Launches Program to Provide Water, Electric Utilities With Free Cybersecurity Tools Following Attacks Navy Contractor Austal USA Confirms Cyberattack After Data Leak …‘No Impact on Operations’ The Binance Crackdown Will Be an ‘Unprecedented’ Bonanza for Crypto Surveillance Police Can Spy on Your iOS and Android Push Notifications Krebs: ICANN Launches Service to Help With WHOIS Lookups Police Arrest 1000 Suspected Money Mules A Year On, CISA Realizes Debunked Vuln Actually a Dud and Removes It From Must-Patch List 23andMe Hack Is a Wake-Up Call for Your Password Habits Strategy, Harmony & Research: Triaging Priorities for OT Cybersecurity Alert: Threat Actors Can Leverage AWS STS to Infiltrate Cloud Accounts

  Nissan Is Investigating Cyberattack and Potential Data Breach Schools in Maine, Indiana and Georgia Contend With Ransomware Attacks Advantis Global Confirms Recent Data Breach in Filing with the Office of the California Attorney General Trojan-Proxy Threat Expands Across macOS, Android and Windows Qualcomm Releases Details on Chip Vulnerabilities Exploited in Targeted Attacks Sierra:21 – Flaws in Sierra Wireless Routers Expose Critical Sectors to Cyber Attacks Millions of Patient Scans and Health Records Spilling Online Thanks to Decades-Old Protocol Bug: DICOM Just About Every Windows and Linux Device Vulnerable to New LogoFAIL Firmware Attack Atlassian Releases Critical Software Fixes to Prevent Remote Code Execution

• 12/5/2023

  Sellafield Nuclear Site Hacked by Groups Linked to Russia and China …Britain Says No Evidence of Sellafield Nuclear Site Hacking Hackers Breach U.S. Gov’t Agencies Using Adobe ColdFusion Exploit U.S. Federal Agencies Miss Deadline for Incident Response Requirements Disney+ Cyber Scheme Exposes New Impersonation Attack Tactics Russia’s AI-Powered Disinformation Operation Targeting Ukraine, U.S., and Germany A New Trick Uses AI to Jailbreak AI Models—Including GPT-4 Due to AI, “We Are About to Enter the Era of Mass Spying,” Says Bruce Schneier Japanese Tech Lobby Warns Against EU Cybersecurity Labelling Scheme BlackCat Ransomware Crims Threaten to Directly Extort Victim’s Customers

  Hackers Claim to Breach Israeli Defense Force Medical Data HTC Global Services Confirms Cyberattack After Data Leaked Online Threat Actors Target Austal USA in Ransomware Attack, U.S. Navy Data at Risk DePauw University Warns of Data Breach as Ransomware Attacks on Colleges Surge …WGRE Reports DePauw Attacked by Black Suit Ransomware Gang SpyLoan Scams Target Android Users With Deceptive Apps Warning for iPhone Users: Experts Warn of Sneaky Fake Lockdown Mode Attack 15,000 Go Module Repositories on GitHub Vulnerable to Repojacking Attack Multiple NFT Collections at Risk by Flaw in Open-Source Library Kali Linux 2023.4 Released with GNOME 45 and 15 New Tools

• 12/4/2023

  U.S. Confirms Iranian Attacks on Water Companies: IRGC’s ‘CyberAv3ngers’ …St. Johns River Water Management District (FL) Latest to Confirm Cyber Incident as Feds Warn of Nation-State Attacks New AeroBlade Hackers Target Aerospace Sector in the U.S. Russian Hackers Exploiting Outlook Bug to Hijack Exchange Accounts Establishing New Rules for Cyber Warfare EU Council and Parliament Reach Agreement on Cyber Resilience Act Fake WordPress Security Advisory Pushes Backdoor Plugin Exposed Hugging Face API Tokens Offered Full Access to Meta’s Llama 2

  Tipalti Investigates Claims of 256GB of Data Stolen, including From Roblox and Twitch, in ALPHV Ransomware Attack Hershey Phishes! – Crooks Snarf Chocolate Lovers’ Creds 23andMe Confirms Hackers Stole Ancestry Data on 6.9 Million Users Long Beach (CA) Says City Data Was Compromised in Cyber Attack Microsoft Warns of Malvertising Scheme Spreading CACTUS Ransomware Rust-Based Botnet P2Pinfect Targets MIPS Architecture Two New Versions of OpenZFS Fix Long-Hidden Corruption Bug December Android Updates Fix Critical Zero-Click RCE Flaw

• 12/1-3/2023

  Meta Will Enforce Ban on AI-Powered Political Ads in Every Nation, No Exceptions French Government Recommends Against Using Foreign Chat Apps NCSC Urges UK Water Companies to Secure Control Systems U.S. Health Dept Urges Hospitals to Patch Critical Citrix Bleed Bug Chinese Hackers Using SugarGh0st RAT to Target South Korea and Uzbekistan Agent Racoon Backdoor Targets Organizations in Middle East, Africa, and U.S. How to Not Get Hacked by a QR Code Russian Hacker Vladimir Dunaev Convicted for Creating TrickBot Malware Google Chrome’s New Cache Change Could Boost Performance

  Scores of U.S. Credit Unions Offline After Ransomware Infects Backend Cloud Outfit 23andMe Says Hackers Accessed ‘Significant Number’ of Files About Users’ Ancestry Blue Shield of California Members’ Data Stolen — ‘A Gold Mine for Thieves’ New Proxy Malware Targets Mac Users Through Pirated Software UEFI Flaws Allow Bootkits to Pwn Potentially Hundreds of Devices Using Images Over 20,000 Vulnerable Microsoft Exchange Servers Exposed to Attacks Linux Version of Qilin Ransomware Focuses on VMware ESXi VMware Fixes Critical Cloud Director Auth Bypass Unpatched for 2 Weeks

• 11/30/2023

  NATO Holds Cyber Defense Exercise as Wartime Hacking Threats Rise U.S., Partners Target North Korea (and Kimsuky) With Sanctions Following Satellite Launch …North Korean Hackers Amass $3bn in Cryptocurrency Heists Bad Password May Have Led to Pennsylvania Water System Hack Google Unveils RETVec – Gmail’s New Defense Against Spam and Malicious Emails WhatsApp’s New Secret Code feature Hides Your Locked Chats 8 Tips on Leveraging AI Tools Without Compromising Security Fewer Cybersecurity Professionals Losing Their Jobs in Breach ‘Blame’ Game Law Firms & Legal Departments Singled Out for Cyberattacks

  Capital Health Hospitals Hit by Cyberattack Causing IT Outages Staples Confirms Cyberattack Behind Service Outages, Delivery Issues Booking.com Hackers Increase Attacks on Customers Forward Bank (WI) Notifies 46,019 Customers of Recent Data Breach FjordPhantom Android Malware Targets Banks With Virtualization CACTUS Ransomware Exploits Cloud Analytics Qlik Sense Vulnerabilities in Targeted Attacks RedLine Stealer Malware Deployed Via ScrubCrypt Evasion Tool Zyxel Warns of Multiple Critical Vulnerabilities in NAS Devices Google Fixes a Seventh Zero-Day Flaw in Chrome—Update Now Apple Fixes Two New iOS Zero-Days in Emergency Updates

• 11/29/2023

  Hackers Breach U.S. Water Facility via Exposed Unitronics PLCs …Cybersecurity Agency Warns That Water Utilities Are Vulnerable to Hackers After Pennsylvania Attack U.S. Dept of Treasury Seizes Sinbad Cryptocurrency Mixer Used by North Korean Lazarus Hackers Google Researchers’ Attack Prompts ChatGPT to Reveal Its Training Data How to Find Your Forgotten Gmail Accounts Keeping Children Safe in a Rapidly Changing Digital Landscape SIM Swapper Gets 8 Years in Prison for Account Hacks, Crypto Theft How a Teenage Saudi Hacker Went From Lockpicking to Ransomware

  Krebs: Okta Breach Affected All Customer Support Users …Okta Hack Update Shows Challenges in Rapid Cyber Disclosures Japanese Space Agency JAXA Hacked in Summer Cyberattack Dollar Tree Hit by Third Party Data Breach at Zeroed-In Technologies Impacting 2 Million People Hendersonville (NC) Targeted in Cyber Attack, Employee Data Potentially Compromised Black Basta Ransomware Made Over $100 Million From Extortion DJVU Ransomware’s Latest Variant ‘Xaro’ Disguised as Cracked Software GoTitan Botnet and PrCtrl RAT Exploit Apache Vulnerability

• 11/28/2023

  Ransomware Hackers ‘Wreaking Havoc’ Arrested in Ukraine …‘Kingpin Arrests’ N. Korean Hackers ‘Mixing’ macOS Malware Tactics to Evade Detection Americans Receive Two Billion Spam Calls Per Month How Hackers Phish for Your Users’ Credentials and Sell Them AI Tools Such as ChatGPT Are Generating a Mammoth Increase in Malicious Phishing Emails Cybercriminals Hesitant About Using Generative AI Deepfake Digital Identity Fraud Surges Tenfold, Sumsub Report Finds Krebs: ID Theft Service Resold Access to USInfoSearch Data Reminder: Google Is About to Start Purging Inactive Accounts The Hundred-Year Battle for India’s Radio Airwaves India’s CERT Given Exemption From Right to Information Requests Splunk Beats Quarterly Revenue Estimates on Robust Cybersecurity Demand Former Uber CISO Speaks Out, After 6 Years, on Data Breach, SolarWinds

  Municipal Water Authority of Aliquippa (PA) Victim of Cyberattack …Federal Officials Investigating Pro-Iran Group Undetected Android Trojan Expands Attack on Iranian Banks DP World Confirms Data Stolen in Cyberattack, No Ransomware Used Qilin Ransomware Claims Attack on Automotive Giant Yanfeng Egyptian E-Payment Vendor Fawry Recovering From LockBit Ransomware Attack Proliance Surgeons (WA) Announces Cyber Attack Resulting in Data Breach Gloucester City Council Spent £1.1 Million Recovering From Ransomware Attack New BLUFFS Attack Lets Attackers Hijack Bluetooth Connections Hackers Start Exploiting Critical ownCloud Flaw, Patch Now Design Flaw in Google Workspace Could Let Attackers Gain Unauthorized Access Google Chrome Emergency Update Fixes 6th Zero-Day Exploited in 2023

• 11/27/2023

  Hackers Targeting Israeli Businesses Say They Will Pause as Fighting Stops Ukraine Says It Hacked Russian Aviation Agency, Leaks Data Leader of Pro-Russia DDoS Crew Killnet ‘Unmasked’ by Russian State Media Beijing Fosters Foreign Influencers to Spread Its Propaganda General Electric, DARPA Hack Claims Raise National Security Concerns A Controversial U.S. Surveillance Program May Get Slipped Into a ‘Must-Pass’ Defense Bill U.S., Britain, Other Countries Ink Agreement to Make AI ‘Secure by Design’ …AI Threat Demands New Approach to Security Designs -U.S. Official OpenAI’s Board Might Have Been Dysfunctional–but They Made the Right Choice; In the Battle Between AI profits and Ethics, It’s No Contest …The Decision to Restore Altman and Appoint a New Board of Directors Is a Victory for Both OpenAI and Microsoft Cyber Insurers Warn Catastrophic Hacks Will Require Government Help What a Failed Attack Against ColdFusion Revealed About Ransomware Tools and Tactics

  Ardent Hospital ERs Disrupted in 6 States After Ransomware Attack Meow Ransomware hits Vanderbilt University Medical Center Healthcare Giant Henry Schein Hit Twice by BlackCat Ransomware Slovenia’s Largest Power Provider HSE Hit by Ransomware Attack Clear Spring Life and Annuity Company (IN) Announces Data Breach Following Ransomware Attack Ransomware ‘Catastrophe’ at Fidelity National Financial Causes Panic With Homeowners and Buyers Ransomware Attack on Indie Game Maker Gellyberry Studios Wiped All ‘Ethyrial: Echoes of Yore’ MMORPG Player Accounts British Library Hack: Customer Data Offered for Sale on Dark Web Some Lee County (FL) Student Laptops Reportedly Hacked …‘Prank’ Microsoft Deprecates Defender Application Guard for Office The Power of Storytelling in Cybersecurity Training

• 11/24-26/2023

  Hamas-Linked Cyberattacks Using Rust-Powered SysJoker Backdoor Against Israel New ‘HrServ.dll’ Web Shell Detected in APT Attack Targeting Afghan Government East Texas Hospital Network Can’t Receive Ambulances Because of Potential Cybersecurity Incident Cybercriminals Using Telekopye Telegram Bot to Craft Phishing Scams on a Grand Scale Gmail Hackers Leave Vital Clues Behind—Check These 3 Things Now Facebook vs. The Free Press

  CTS Cyber-Attack Disrupts UK Property Deals General Electric Investigates Claims of Cyber Attack, Data Theft Gulf Air Exposed to Data Breach, ‘Vital Operations Not Affected’ Kubernetes Secrets of Fortune 500 Companies Exposed in Configuration Upload to Public Repositories Critical Bug in ownCloud File Sharing App Exposes Admin Passwords OpenCart Owner Turns Air Blue After Researcher Discloses Serious Vuln

• 11/23/2023

  EU Mulls Wider Scope for Cybersecurity Certification Scheme Industry Piles in on North Korea for Sustained Rampage on Software Supply Chains Rug Pull Schemes: Crypto Investor Losses Near $1M OpenAI Researchers Warned Board of AI Breakthrough Ahead of CEO Ouster Nvidia Sued After Video Call Mistake Showed ‘Stolen’ Data Cyber Security Professionals Are Exhausted, and It’s Putting Firms at Greater Risk of Attack

  $115 Million Stolen From Two Crypto Firms Linked to Justin Sun After Hack BlackCat Claims It Is Behind Fidelity National Financial Ransomware Shakedown New Relic Warns Customers It’s Experienced a Cyber … Something Nassau Bay (TX) Attacked by Akira Ransomware Gang Alert: New WailingCrab Malware Loader Spreading via Shipping-Themed Emails InfectedSlurs Botnet Resurrects Mirai With Zero-Days

• 11/22/2023

  Australia Beefs up Cyber Defences After Major Breaches Microsoft: Lazarus Hackers Breach CyberLink in Supply Chain Attack New Flaws in Fingerprint Sensors Let Attackers Bypass Windows Hello Login Scattered Spider Hops Nimbly From Cloud to On-Prem in Complex Attack OpenAI Says Sam Altman to Return as CEO …Behind the Scenes of Sam Altman’s Showdown at OpenAI …Ilya Sutskever: The OpenAI Genius Who Told Sam Altman He Was Fired 3 Ways to Stop Unauthorized Code From Running in Your Network U.S. Cybercops Take On ‘Pig Butchering’ Org, Return $9M in Scammed Crypto

  Open-Source Blender Project Battling DDoS Attacks Since Saturday Welltok Data Breach Exposes Data of 8.5 Million U.S. Patients Cyberattackers Leaked Data of 27,000 NYC Bar Association Members Kansas Courts Confirm Data Theft, Ransom Demand After Cyberattack HTX Exchange Loses $13.6m in Hot Wallet Hack Retool Data Breach Affects MG Stover and Multiple Investment Funds ClearFake Campaign Expands to Target Mac Systems with Atomic Stealer New Botnet Malware Exploits Two Zero-Days to Infect NVRs and Routers

• 11/21/2023

  U.S. Cybersecurity Lab Suffers Major Data Breach …SiegedSec Bahrain Government Websites Briefly Inaccessible After Cyberattack Over Israel-Hamas War Mustang Panda Hackers Targets Philippines Government Amid South China Sea Tensions Konni Campaign Deploys Advanced RAT With UAC Bypass Capabilities North Koreans Use Fake Names, Scripts to Land Remote IT Work for Cash Majority in New Survey Worried About Being Tricked by Scammer How Multi-Stage Phishing Attacks Exploit QRs, CAPTCHAs, and Steganography DOJ Charges Binance With Vast Money-Laundering Scheme and Sanctions Violations Ex-CEO of NSO Group Raises $33.6 Million for Israeli Cyber Startup Tor Project Removes Relays Because of For-Profit, Risky Activity

  Sumo Logic Wrestles With Security Breach, Pins Down Customer Data Auto Parts Giant AutoZone Warns of MOVEit Data Breach Owens Group Hit by Ransomware Cyber Attack Prestige Care Data Breach Affects an Unknown Number of Residents and Employees New Agent Tesla Malware Variant Using ZPAQ Compression in Email Attacks Lumma Malware Can Allegedly Restore Expired Google Auth Cookies Play Ransomware Goes Commercial – Now Offered as a Service to Cybercriminals Citrix Warns Admins to Kill NetScaler User Sessions to Block Hackers CISA Orders Federal Agencies to Patch Looney Tunables Linux Bug Microsoft Launches Defender Bounty Program With $20,000 Rewards

• 11/20/2023

  Indian Hack-for-Hire Group Targeted U.S., China, and More for Over 10 Years Gamaredon’s LittleDrifter USB malware spreads beyond Ukraine Secretive White House Surveillance Program Gives Cops Access to Trillions of U.S. Phone Records CISA Unveils Healthcare Cybersecurity Guide NHS Secretary Fined For Accessing Scores of Patient Records Canadian Government Discloses Data Breach After Contractor Hacks Cybersecurity Firm Executive Pleads Guilty to Hacking Hospitals Sam Altman to Join Microsoft Following OpenAI Ouster …More Than 700 of 770 OpenAI Employees Employees Threaten to Quit Unless Board Resigns Ukraine Sacks Top Cybersecurity Officials in Corruption Probe Involving Software Purchases

  MOVEit Victim Count Latest: 2.6K+ Orgs Hit, 77M+ People’s Data Stolen Greater Paris Wastewater Agency Dealing With Cyberattack Rhysida Ransomware Gang Claims British Library Cyberattack NetSupport RAT Infections on the Rise – Targeting Government and Business Sectors DarkGate and PikaBot Malware Resurrect QakBot’s Tactics in New Phishing Attacks Infostealer Lumma Evolves With New Anti-Sandbox Method VX-Underground Malware Collective Framed by Phobos Ransomware Kinsing Malware Exploits Apache ActiveMQ RCE to Plant Rootkits How the Evolving Role of the CISO Impacts Cybersecurity Startups

• 11/17-19/2023

  Black Friday: Scammers Exploit Luxury Brands to Lure Victims FCC Adopts New Rules to Protect Consumers From SIM-Swapping Attacks FCC Proposes 3-Year Cybersecurity Pilot for Schools, Libraries Russian Cyber Espionage Group Deploys LitterDrifter USB Worm in Targeted Attacks Russian Hackers Use Ngrok Feature and WinRAR Exploit to Attack Embassies Google: Hackers Exploited Zimbra Zero-Day in Attacks on Gov’t Orgs A Spy Agency Leaked People’s Data Online—Then the Data Was Stolen LockBit Gang Says ICBC Paid Ransom Over Hack That Disrupted U.S. Treasury Market …How a Hack Shook Wall Street’s Multitrillion-Dollar Foundations Ransomware Targets Will Pay One Way or Another Companies Are Building Their Defenses Against AI Hackers, Says TrustedSec’s David Kennedy OpenAI Ousted CEO Sam Altman, but Is Reportedly Reconsidering the Move How an Indian Startup Hacked the World The Cybersecurity Lawsuit That Boards Are Talking About

  Multiple Colleges, K-12 Schools Facing Outages After Cyberattacks ‘Sex Life Data’ Stolen From UK Government Among Record Number of Ransomware Attacks Yamaha Motor Confirms Ransomware Attack on Philippines Subsidiary British Library: Ongoing Outage Caused by Ransomware Attack Stanley Steemer Hack Breached Data of Almost 67K Customers Mt. Graham Regional Medical Center (AZ) Confirms Data Breach from Ransomware Attack Bloomberg Crypto X Account Snafu Leads to Discord Phishing Attack 8Base Group Deploying New Phobos Ransomware Variant via SmokeLoader Beware: Malicious Google Ads Trick WinSCP Users into Installing Malware Exploit for CrushFTP RCE Chain Released, Patch Now CISA Warns of Actively Exploited Windows, Sophos, and Oracle Bugs Researchers Extract RSA Keys From SSH Server Signing Errors Hands Off the Security Budget! Find Efficiencies to Reduce Risk Cybersecurity: It’s Not A Job—It’s A Mission

• 11/16/2023

  Russian Hackers Linked to ‘Largest Ever Cyber Attack’ on Danish Critical Infrastructure FBI Warns on Scattered Spider Hackers, Urges Victims to Come Forward U.S. Congress Report Calls for Privacy Reforms After FBI Surveillance ‘Abuses’ Krebs: Alleged Extortioner of Psychotherapy Patients Faces Trial Cyber-Criminals Exploit Gaza Crisis With Fake Charity Most Overused Passwords in the World — Make Sure Yours Isn’t on the List 3 Ways Behavioral Economics Obstructs Cybersecurity How to Opt Out of Facebook’s Latest Two-Factor Authentication Change Running Signal Will Soon Cost $50 Million a Year AI Risks Force Corporate Privacy Officers to Expand Oversight European Police Take Down $9m Vishing Gang BlackCat Ransomware Group Reports Victim to SEC …MeridianLink Confirms Cyberattack

  Toyota Confirms Breach After Medusa Ransomware Threatens to Leak Data Long Beach, California Turns off IT Systems After Cyberattack St. Lucie County (FL) Tax Collector Hacked by Ransomware Attacker ‘Dark Cat’ Rivers Casino (IL) Customers, Employees Targeted by Data Breach MySQL Servers Targeted by ‘Ddostf’ DDoS-as-a-Service Botnet Experts Uncover DarkCasino: New Emerging APT Threat Exploiting WinRAR Flaw Hackers Could Exploit Google Workspace and Cloud Platform for Ransomware Attacks Zero-Day Flaw in Zimbra Email Software Exploited by Four Hacker Groups Fortinet Warns of Critical Command Injection Bug in FortiSIEM Consumer Software Security Assessment: Should We Follow NHTSA’s Lead? CSA Launches First Zero Trust Certification Almost Half of Ransomware Groups Operating in 2023 Are New

• 11/15/2023

  Australia Says Hacks Surging, State-Sponsored Groups Targeting Critical Infrastructure European Firms Urge China to Give More Clarity on Data Transfer Laws U.S. Cloud Providers Create Special Localized Security Services for Europe U.S. Government Unveils First AI Roadmap For Cybersecurity Cyber Experts Worry AI Could Create a World of Haves and Have-Nots Social Media Sleuths, Armed With AI, Are Identifying Dead Bodies Google’s New Titan Security Keys Are Ready for a World Without Passwords Microsoft Debuts New Unified Security Solution With Security Copilot FBI Director: FISA Section 702 Warrant Requirement a ‘De Facto Ban’

  Samsung Hit by New Data Breach Impacting UK Store Customers Perry Johnson & Associates (PJ&A) Says Cyberattack Exposed Data of Nearly 9 Million Patients Toronto Public Library Confirms Data Stolen in Ransomware Attack Major Canadian Fintech Moneris Claimed by Medusa Ransomware BlackCat Ransomware Gang Targets Businesses Via Google Ads FBI and CISA Warn of Opportunistic Rhysida Ransomware Attacks Fraudsters Make $50,000 a Day by Spoofing Crypto Researchers New PoC Exploit for Apache ActiveMQ Flaw Could Let Attackers Fly Under the Radar Krebs: Microsoft Patch Tuesday, November 2023 Edition Teenager Who Allegedly Bragged ‘Fraud Is Fun’ Pleads Guilty To Sports Betting Hack

• 11/14/2023

  Biden Meets With Indonesia President Ahead of Xi Summit The Top U.S. Cybersecurity Agency Has a New Plan for Weaponized AI FBI Struggled to Disrupt Dangerous Casino Hacking Gang, Cyber Responders Say Ransomware Royale: U.S. Confirms Royal, BlackSuit Are Linked Here’s the Proof There’s No Government Alien Conspiracy Around Roswell Russia Man Arrested in Florida Pleads Guilty to Building Now-Dismantled IPStorm Proxy Botnet Teens With “Digital Bazookas” Are Winning the Ransomware War, Researcher Laments LockBit Ransomware Exploits Citrix Bleed in Attacks, 10K Servers Exposed Did LockBit Ransomware Mess up by Attacking U.S. Arm of China’s Biggest Bank?

  New Campaign Targets Middle East Governments with IronWind Malware Vietnamese Ducktail Hackers Using New Delphi-Powered Malware to Target Indian Marketers B2B Pharmacy Provider Truepill Reports Data Breach Impacting 2.3 Million Customers Cyberattack on Bladen County (NC) Allowed Hackers to Access Data WP Fastest Cache Plugin Bug Exposes 600K WordPress Sites to Attacks VMware Discloses Critical VCD Appliance Auth Bypass with No Patch CacheWarp Attack: New Vulnerability in AMD SEV Exposes Encrypted VMs Intel Out-Of-Band Patch Addresses Privilege Escalation Flaw Microsoft Fixes Critical Azure CLI Flaw That Leaked Credentials in Logs

• 11/13/2023

  EU Formalizes Cybersecurity Support For Ukraine LockBit Gang Says ICBC Paid Ransom Over Hack That Disrupted U.S. Treasury Market Chinese Hackers Launch Covert Espionage Attacks on 24 Cambodian Organizations China Proposes Cybersecurity Check for Auditors if National Security Involved Zelle Banks Have Been Paying Back Scam Victims After Government Pressure In a First, Cryptographic Keys Protecting SSH Connections Stolen in New Attack Inside Denmark’s Hell Week as Critical Infrastructure Orgs Faced Cyberattacks U.S. Privacy Groups Urge Senate Not to Ram Through NSA Spying Powers New York Plans Cyber Rules for Hospitals

  New BiBi-Windows Wiper Targets Windows Systems in Pro-Hamas Attacks Australia Ports Operator Back Online After Cyber Incident Canadian Banking Tech Giant Moneris Says It Prevented Ransomware Attack Automotive Supplier Yanfeng Hit by Cyberattack, Disrupting Stellantis Production Huber Heights (OH) Hit by Ransomware Cyber Attack Python Malware Poses DDoS Threat Via Docker API Misconfiguration FBI: Royal Ransomware Asked 350 Victims to Pay $275 Million Ethereum Feature Abused to Steal $60 Million From 99K Victims CISA Warns of Actively Exploited Juniper Pre-Auth RCE Exploit Chain Introducing the Tech That Keeps the Lights On

• 11/10-12/2023

  Australia Ports Operator DP World Australia Suffers ‘Cybersecurity Incident’, Suspends Operations …Australia Says Ports Operator Cyber Incident ‘Serious’ ICBC Puts Capital Into U.S. Unit, Seeks Cyber Review After Hack The NSA Seems Pretty Stressed About the Threat of Chinese Hackers in U.S. Critical Infrastructure Senate Leaders Plan to Prolong NSA Surveillance Using a Must-Pass Bill Microsoft Warns of Sapphire Sleet’s Fake Skills Assessment Portals Targeting IT Job Seekers Microsoft: BlueNoroff Hackers Plan New Crypto-Theft Attacks Krebs: It’s Still Easy for Anyone to Become You at Experian Strangely Enough, No One Wants to Buy a Ransomware Group That Has Cops’ Attention Police Takes Down BulletProftLink Large-Scale Phishing Provider

  Iran-Linked Imperial Kitten Cyber Group Targeting Middle East’s Tech Sectors Impatient LockBit Says It’s Leaked 50GB of Stolen Boeing Files After Ransom Fails to Land Poloniex Crypto-Exchange Offers 5% Cut to Thieves if They Return That $120M They Nicked McLaren Health Care Says Data Breach Impacted 2.2 Million People Millions of Northwell Health Patients Potentially Caught in Perry Johnson & Associates Data Breach York Region School Board (ON) Dealing With a Cyber Attack Hackers Breach Healthcare Orgs via ScreenConnect Remote Access Alert: ‘Effluence’ Backdoor Persists Despite Patching Atlassian Confluence Servers Microsoft Extends Windows Server 2012 ESUs to October 2026 Navigating Tech Risks in Modern M&A Waters

• 11/9/2023

  Ransomware Attack on China’s ICBC Disrupts Treasury Market Trades …LockBit MuddyC2Go: New C2 Framework Iranian Hackers Using Against Israel Sandworm Hackers Caused Another Blackout in Ukraine—During a Missile Strike Signature Techniques of Asian APT Groups Revealed Generative AI Will Level up Cyber Attacks, According to New Google Report OpenAI Reveals ChatGPT Is Being DDoS-ed Signal Tests Usernames So You Can Avoid Sharing Your Phone Number Omegle Is Shutting Down Notorious Video Chat Service as Scrutiny Grows SolarWinds Denies SEC Charges Over Cyber Disclosures Downfall Fallout: Intel Knew AVX Chips Were Insecure and Did Nothing, Lawsuit Claims

  Kyocera AVX Says Ransomware Attack Impacted 39,000 Individuals Mr. Cooper Says Customer Data Exposed During Cyberattack Maine Government Says MOVEit Data Breach Affects 1.3 Million Residents Law Firm Allen & Overy Hit by ‘Data Incident’ Suspected Ransomware Attack Hits Scottish Council Tri-City Medical Center in Oceanside (CA) Hit by Cybersecurity Attack Harris County (TX) Public Mental Health Provider Recovering From Apparent Cyber Attack New Kamran Spyware Targets Urdu-Speaking Users in Pakistan New Malvertising Campaign Uses Fake Windows News Portal to Distribute Malicious Installers CISA Alerts: High-Severity SLP Vulnerability Now Under Active Exploitation Zero-Day Alert: Lace Tempest Exploits SysAid IT Support Software Vulnerability

• 11/8/2023

  Microsoft Warns of Election Threats in 2024 …Meta Says It Will Label Political Ads That Use AI-Generated Imagery U.S. Urges Critical Infrastructure Firms to Get “Shields Ready” FBI Warns of Emerging Ransomware Initial Access Techniques Predator AI ChatGPT Integration Poses Risk to Cloud Services WhatsApp Can Now Hide Your IP Address During Calls for Added Security Fortinet, Rivals Fall on Concerns Around Cybersecurity Spending Microsoft Drops SMB1 Firewall Rules in New Windows 11 Build

  Russian State-Owned Sberbank Hit by 1 Million RPS DDoS Attack Popular Lego Marketplace BrickLink Went Offline After a ‘Ransom’ Demand Sumo Logic Discloses Security Breach, Advises API Key Resets AvidXchange Reports Data Breach After Unauthorized Access Researchers Uncover Undetectable Crypto Mining Technique on Azure Automation Ransomware Mastermind Uncovered After Oversharing on Dark Web …Threat Actor Farnetwork Linked to Five Ransomware Schemes Beware, Developers: BlazeStealer Malware Discovered in Python Packages on PyPI

• 11/7/2023

  North Korea’s New BlueNoroff Malware Variant Targets Cryptocurrency Exchanges SideCopy Exploiting WinRAR Flaw in Attacks Targeting Indian Government Entities A New U.S. Privacy Bill Seeks to End Warrantless Police and FBI Spying Data Broker’s “Staggering” Sale of Sensitive Info Exposed in Unsealed FTC Filing Google, Meta, Discord, and More Team Up to Fight Child Abuse Online Woman Jailed After rentahitman.com Assassin Turned Out to Be – Surprise – FBI Bradford Ethical Hacker Honoured With Record-Breaking Work Microsoft Authenticator Now Blocks Suspicious MFA Alerts by Default

  Japan Aviation Electronics (JAE) Breached By ALPHV Cook County (IL) Health: Data Breach Potentially Affected up to 1.2 Million Patients Data Breach at Singapore’s Marina Bay Sands Affects 665,000 Customers TransForm Says Ransomware Data Breach Affects 267,000 Patients Dakota Eye Institute Files Notice of Data Breach Affecting More Than 107k Pulaski County (VA) Public Schools Investigating Cyber Attack Fake Ledger Live App in Microsoft Store Steals $768,000 in Crypto GootBot Implant Heightens Risk of Post-Infection Ransomware

• 11/6/2023

  Iranian Hackers Launches Destructive Cyberattacks on Israeli Tech and Education Sectors U.S. Slaps Sanctions on Accused Fave Go-to Money Launderer of Russia’s Rich and Ryuk Ransomware U.S., Japan and South Korea Unite to Counter North Korean Cyber Activities U.S. Law Firms Rethink China Future Amid Economic Woes, Data Crackdown Siemens, Ericsson Warn EU Cybersecurity Rules May Disrupt Supply Chains How Will the SEC’s Pursuit of SolarWinds Affect Cyber Chiefs? Readers Weigh In Google Warns How Hackers Could Abuse Calendar Service as a Covert C2 Channel Krebs: Who’s Behind the SWAT USA Reshipping Service? AI Fake Nudes Are Booming. It’s Ruining Real Teens’ Lives. Meet Your New Cybersecurity Auditor: Your Insurer

  DDoS Attack Revealed as Cause of Online Service Outage at Public Healthcare Institutions Spy Trojan SpyNote Unveiled in Attacks on Gamers SecuriDropper: New Android Dropper-as-a-Service Bypasses Google’s Defenses New Jupyter Infostealer Version Emerges with Sophisticated Stealth Tactics Critical Atlassian Confluence Bug Exploited in Cerber Ransomware Attacks TellYouThePass Ransomware Joins Apache ActiveMQ RCE Attacks Hackers Exploit Looney Tunables Linux Bug, Steal Cloud Creds Veeam Warns of Critical Bugs in Veeam ONE Monitoring Platform QNAP Releases Patch for 2 Critical Flaws Threatening Your NAS Devices Microsoft Will Roll Out MFA-Enforcing Policies for Admin Portal Access

• 11/3-5/2023

  Healthcare Data Breaches Impact 88 Million Americans Discord File Links Will Expire After a Day to Fight Malware Google Play Store Introduces ‘Independent Security Review’ Badge for Apps NodeStealer Malware Hijacking Facebook Business Accounts for Malicious Ads Apple ‘Find My’ Network Can Be Abused to Steal Keylogged Passwords Flipper Zero: This Tiny Device Is Sending Updated iPhones Into a Never-Ending DoS Loop, Rending Them Useless Sam Bankman-Fried Is Convicted of Fraud in FTX Collapse ‘Corrupt’ Cop Jailed for Tipping off Pal to EncroChat Dragnet Dutch Hacker Jailed for Extortion, Selling Stolen Data on RaidForums

  American Airlines Pilot Union Hit by Ransomware Attack Infosys Subsidiary Hit by Cyber Security Attack–Investigation Launched to Identify Overall Impact Okta’s Recent Customer Support Data Breach Impacted 134 Customers 81K People’s Sensitive Info Feared Stolen From Hilb After Email Inboxes Ransacked Socks5Systemz Proxy Service Infects 10,000 Systems Worldwide Kinsing Actors Exploiting Recent Linux Flaw to Breach Cloud Environments New Microsoft Exchange Zero-Days Allow RCE, Data Theft Attacks Atlassian Warns of Exploit for Confluence Data Wiping Bug, Get Patching

• 11/2/2023

  Krebs: Russian Reshipping Service ‘SWAT USA Drop’ Exposed Israeli Entities Under Attack By MuddyWater’s Advanced Tactics Russia’s Wagner Group Plans to Send Air Defenses to Hezbollah, U.S. Says The UN Hired an AI Company to Untangle the Israeli-Palestinian Crisis Brave Responds to Bing and ChatGPT With a New ‘Anonymous and Secure’ AI Chatbot Microsoft Is Overhauling Its Software Security After Major Azure Cloud Attack What to Know About New Federal and State Cyber Rules Infosec Pros Can Secure IT, but Have Harder Time Securing Job Satisfaction Do Government Sanctions Against Ransomware Groups Work?

  Cloudflare Dashboard and APIs Down After Data Center Power Outage Mortgage Giant Mr. Cooper Hit by Cyberattack Impacting IT Systems Okta Tells 5,000 of Its Own Staff That Their Data Was Accessed in Third-Party Breach Ace Hardware Says 1,202 Devices Were Hit During Cyberattack Boeing Acknowledges Cyberattack on Parts and Distribution Biz Confidential Student Data Exposed in Fairfax County Public Schools Breach BlackCat Ransomware Claims Breach of Healthcare Giant Henry Schein HelloKitty Ransomware Group Exploiting Apache ActiveMQ Vulnerability Spy Module Discovered in WhatsApp Mods

• 11/1/2023

  North Korean Hackers Target macOS Crypto Engineers With Kandykorn Palo Alto Reveals New Features in Russian APT Turla’s Kazuar Backdoor Mysterious Kill Switch Shuts Down Mozi IoT Botnet FSB Arrests Russian Hackers Working for Ukrainian Cyber Forces Feds Collar Suspected Sanctions-Busting Russian Smugglers of U.S. Tech New York Adds Stiffer Requirements to Cybersecurity Rules Clorox Bets on Strong Inventory to Help Overcome Cyber Attack Hitting Operations Splunk to Lay Off Nearly 7% Of Its Workforce Amid Economic Woes Chainguard, an Open-Source Security Firm, Raises $61 Million 3 Ways to Close the Cybersecurity Skills Gap — Now

  Hackers Use Citrix Bleed Flaw in Attacks on Gov’t Networks Worldwide Iranian Cyber Espionage Group Targets Financial and Government Sectors in Middle East Mexico’s Querétaro Intercontinental Airport Confirms Cyberattack Toronto Public Library Outages Caused by Black Basta Ransomware Attack Data Breach Reported at Meals on Wheels Central Texas Postmeds Data Breach Impacts Hundreds of Thousands of Consumers Nationwide Authorities Confirm Town of Iowa (LA) Target of Cyberattack Alert: F5 Warns of Active Attacks Exploiting BIG-IP Vulnerability 3,000 Apache ActiveMQ Servers Vulnerable to RCE Attacks Exposed Online New CVSS 4.0 Vulnerability Severity Rating Standard Released

• 10/31/2023

  Canada Bans WeChat and Kaspersky Apps On Government Devices Meta Launches Paid Ad-Free Subscription in Europe to Satisfy Privacy Laws White House Hosts Counter Ransomware Initiative Summit, With a Focus on Not Paying Hackers …Dozens of Countries Will Pledge to Stop Paying Ransomware Gangs …Why Ransomware Victims Can’t Stop Paying off Hackers Apple Alert: India Opposition Says Government Tried to Hack Phones In Cyberattacks, Iran Shows Signs of Improved Hacking Capabilities Krebs: .US Harbors Prolific Malicious Link Shortening Service LastPass Breach Linked to Theft of $4.4 Million in Crypto Cyber Chiefs Worry About Personal Liability as SEC Sues SolarWinds, Executive …Budget Cuts, Layoffs Add to Pressure on Cyber Teams …Half of Execs Request Security Bypass Over Past Year Florida Man Jailed After Draining $1M From Victims in Crypto SIM Swap Attacks Now Russians Accused of Pwning JFK Taxi System to Sell Top Spots to Cabbies

  Ace Holed: Hardware Store Empire Felled by Cyberattack Cybersecurity Snafu Sends British Library Back to the Dark Ages SW Ontario Hospitals Confirm Patient Data Compromised in Cyberattack Flipper Zero Bluetooth Spam Attacks Ported to New Android App Scarred Manticore Targets Middle East With Advanced Malware Arid Viper Campaign Targets Arabic-Speaking Users Trojanized PyCharm Software Version Delivered via Google Search Ads Malicious NuGet Packages Caught Distributing SeroXen RAT Malware Exploit Released for Critical Cisco IOS XE Flaw, Many Hosts Still hacked Atlassian Warns of New Critical Confluence Vulnerability Threatening Data Loss Apple, Google, and Microsoft Just Patched Some Spooky Security Flaws Avast Confirms It Tagged Google App as Malware on Android Phones Samsung Galaxy Gets New Auto Blocker Anti-malware Feature

• 10/30/2023

  BiBi-Linux: Pro-Hamas Hacktivists Targeting Israeli Entities with Wiper Malware Huawei, Vivo Phones Tag Google App as TrojanSMS-PA Malware China Plans to Take ‘Hack-Proof’ Quantum Satellite Technology to New Heights Biden Issues Executive Order on Safe, Secure AI FTC Orders Non-Bank Financial Firms to Report Breaches in 30 Days Hackers Accessed 632,000 Email Addresses at U.S. Justice, Defense Departments Budget Cuts at CISA Could Affect Enterprise Cybersecurity U.S. SEC Sues SolarWinds, Top Cyber Executive for Fraud Google Chrome Now Auto-Upgrades to Secure Connections for All Users

  Toronto Public Library Services Down Following Weekend Cyberattack Dallas County (TX) Investigating ‘Cybersecurity Incident’ Months After City Ransomware Attack Six Rivers Media (TN) Hit by Cyber-Attack Over the Weekend New Hunters International Ransomware Possible Rebrand of Hive Hackers Using MSIX App Packages to Infect Windows PCs with GHOSTPULSE Malware EleKtra-Leak Cryptojacking Attacks Exploit AWS IAM Credentials Exposed on GitHub Urgent: New Security Flaws Discovered in NGINX Ingress Controller for Kubernetes RCE Exploit for Wyze Cam v3 Publicly Released, Patch Now Google Promises a Rescue Patch for Android 14’s “Ransomware” Bug

• 10/27-29/2023

  N. Korean Lazarus Group Targets Software Vendor Using Known Flaws Ukrainian Hackers Disrupt Internet Providers in Russia-Occupied Territories UK National Cyber Security Centre Rolls Out Protective DNS for Schools King Charles III Signs off on UK Online Safety Act, With Unenforceable Spying Clause The Hunt for Crypto’s Most Famous Fugitive. ‘Everyone Is Looking for Me.’ Pirate IPTV Network in Austria Dismantled and $1.74 Million Seized Google Expands Its Bug Bounty Program to Tackle Artificial Intelligence Threats What Lurks in the Dark: Taking Aim at Shadow AI

  Boeing Assessing Lockbit Hacking Gang Threat of Sensitive Data Leak Stanford University Investigating Cyberattack After Ransomware Claims Hackers Email Stolen Clark County School District (NV) Student Data to Parents Researchers Uncover Wiretapping of XMPP-Based Instant Messaging Service F5 Issues Warning: BIG-IP Vulnerability Allows Remote Code Execution Hackers Earn Over $1 Million for 58 Zero-Days at Pwn2Own Toronto HackerOne Paid Ethical Hackers Over $300 Million in Bug Bounties Android 14’s User-Profile Data Bug Seems Indistinguishable From Ransomware

• 10/26/2023

  France Says Russian State Hackers Breached Numerous Critical Networks China Rushes to Swap Western Tech With Domestic Options as U.S. Cracks Down Iranian Group Tortoiseshell Launches New Wave of IMAPLoader Malware Attacks YoroTrooper: Researchers Warn of Kazakhstan’s Stealthy Cyber Espionage Group Humanity Could ‘Lose Control’ of AI, UK PM Warns, as Britain Seeks Leading Role in the Tech UK Parliament Opens Inquiry into Cyber-Resilience Oldham Council Facing 10,000 Cyber Attacks a Day, Report Says Microsoft Warns as Scattered Spider Expands from SIM Swaps to Ransomware Forget the Outside Hacker, the Bigger Threat Is Inside by the Coffee Machine Nigerian Police Dismantle Cybercrime Recruitment, Mentoring Hub Maine Mass Shooting Disinformation Floods Social Media as Suspect Remains at Large

  Chilean Telecom Giant GTD Hit by the Rorschach Ransomware Gang Akumin Files Notice of Data Breach with the Securities and Exchange Commission Longhorn Imaging Center (TX) Data Breach Affects Patients’ Sensitive Medical Information StripedFly Malware Framework Infects 1 Million Windows, Linux Hosts Android Adware Apps on Google Play Amass Two Million Installs Record-Breaking 100 Million RPS DDoS Attack Exploits HTTP/2 Rapid Reset Flaw Critical Flaw in NextGen’s Mirth Connect Could Expose Healthcare Data iLeakage: New Safari Exploit Impacts Apple iPhones and Macs with A and M-Series CPUs Apple Drops Urgent Patch Against Obtuse TriangleDB iPhone Malware ServiceNow Quietly Addresses Unauthenticated Data Exposure Flaw From 2015 Samsung Galaxy S23 Hacked Two More Times at Pwn2Own Toronto

• 10/25/2023

  Pro Russia Winter Vivern: Zero-Day XSS Exploit Targets Roundcube Servers LinkedIn Tests Generative AI to Field Cybersecurity Questions From Employees and Suppliers Proton’s Password Manager Now Lets You Securely Share Logins Amazon Launches European ‘Sovereign’ Cloud as EU Data Debate Rages The AI-Generated Child Abuse Nightmare Is Here States Sue Meta Alleging Harm to Young People on Instagram, Facebook Cybersecurity Awareness Doesn’t Cut It; It’s Time to Focus on Behavior Flipper Zero Can Now Spam Android, Windows Users With Bluetooth Alerts

  Seiko “BlackCat” Data Breach: 60,000 Records on the Line Fellowship Village (NJ) Files Notice of Recent Data Breach with the Federal Government Malvertising Campaign Targets Brazil’s PIX Payment System with GoPIX Malware Citrix Bleed Exploit Lets Hackers Hijack NetScaler Accounts VMware Fixes Critical Code Execution Flaw in vCenter Server Microsoft Tests Windows 11 Encrypted DNS Server Auto-Discovery Windows 11 to Let Admins Mandate SMB Encryption for Outbound Connections Samsung Galaxy S23 Hacked Twice on First Day of Pwn2Own Toronto

• 10/24/2023

  Hackers Backdoor Russian State, Industrial Orgs for Data Theft Irish Cops Data Debacle Exposes Half a Million Motorist Records 1Password Detects Suspicious Activity Following Okta Support Breach They Cracked the Code to a Locked USB Drive Worth $235 Million in Bitcoin. Then It Got Weird. Generative AI Can Save Phishers Two Days of Work A Powerful Tool U.S. Spies Misused to Stalk Women Faces Its Potential Demise A Controversial Plan to Scan Private Messages for Child Abuse Meets Fresh Scandal Automakers and Suppliers Spar Over Car Data Ex-NSA Employee Pleads Guilty to Leaking Classified Data to Russia Decentralized Matrix Messaging Network Says It Now Has 115M Users RTX, the Company Formerly Known as Raytheon, to Sell Its Cybersecurity Business for $1.3B

  Cyberattack on Health Services Provider TransForm Impacts 5 Canadian Hospitals ASVEL Basketball Team Confirms Data Breach After Ransomware Attack Hopewell Area School District (PA) Targeted by Ransomware Attack Over 9,500 Bank of Canton Customers May Have Had Personal Information Exposed Due to Fiserv Breach Ukraine Cyber Officials Warn of a ‘Surge’ in Smokeloader Attacks on Financial, Government Entities New Grandoreiro Malware Variant Targets Spain Meet Rhysida, a New Ransomware Strain That Deletes Itself Backdoor Implant on Hacked Cisco Devices Modified to Evade Detection iOS Zero-Day Attacks: Experts Uncover Deeper Insights into Operation Triangulation VMware Warns Admins of Public Exploit for vRealize RCE Flaw API Security Flaw Impacted Grammarly, Vidio and Bukalapak

• 10/23/2023

  Ukraine Security Services Involved in Hack of Russia’s Largest Private Bank DC Elections Agency Warns Entire Voting Roll May Have Been Stolen U.S. Energy Firm Shares How Akira Ransomware Hacked Its Systems QNAP Takes Down Server Behind Widespread Brute-Force Attacks Palestine Crypto Donation Scams Emerge Amid Israel-Hamas War The Hamas Threat of Broadcasting Hostage Execution Videos Looms Large Over Social Media Krebs: NJ Man Hired Online to Firebomb, Shoot at Homes Gets 13 Years in Prison Spain Arrests 34 Cybercriminals Who Stole Data of 4 Million People Okta Cybersecurity Breach Wipes Out More Than $2 Billion in Market Cap Change From Within: 3 Cybersecurity Transformation Traps for CISOs to Avoid

  City of Philadelphia Discloses Data Breach After Five Months University of Michigan Employee, Student Data Stolen in Cyberattack Cyber Attacks Hit NY State Casino Operation, Two Hudson Valley Hospitals Orange County DA’s Office Hit by Computer Breach; Communications System Taken Down Cadre Services (WI) Targeted in Ransomware Attack; Hackers Leak Stolen Data, Including SSNs DoNot Team’s New Firebird Backdoor Hits Pakistan and Afghanistan QuasarRAT Deploys Advanced DLL Side-Loading Technique Cisco Patches IOS XE Zero-Days Used to Hack Over 50,000 Devices Citrix Warns Admins to Patch NetScaler CVE-2023-4966 Bug Immediately Google Chrome’s New “IP Protection” Will Hide Users’ IP Addresses

• 10/20-22/2023

  Krebs: Hackers Stole Access Tokens from Okta’s Support Unit International Criminal Court Systems Breached for Cyber Espionage New TetrisPhantom Hackers Steal Data From Secure USB Drives on Gov’t Systems DarkGate Malware Campaigns Linked to Vietnam-Based Cybercriminals Irish-Linked Spyware Used in Brazen Attacks Cyberattacks Intensify on Israeli and Palestinian Human Rights Groups The Dangerous Mystery of Hamas’ Missing ‘Suicide Drones’ ENISA Warns of Rising AI Manipulation Ahead of Upcoming European Elections Ragnar Locker Ransomware Developer Arrested in France 20 Years Of Cybersecurity Awareness Month: Leveling Up The Basics How an Explosion of ‘Smart’ Devices Is Threatening U.S. Households — And National Security Microsoft Announces Security Copilot Early Access Program

  Kwik Trip Finally Confirms Cyberattack Was Behind Ongoing Outage American Family Insurance Confirms Cyberattack Is Behind IT Outages PennyMac Files Notice of Data Breach That Leaked Thousands of SSNs Fake Corsair Job Offers on LinkedIn Push DarkGate Malware ExelaStealer: A New Low-Cost Cybercrime Weapon Emerges Cisco Zero-Day Exploited to Implant Malicious Lua Backdoor on Thousands of Devices …Cisco Discloses New IOS XE Zero-Day Exploited to Deploy Malware Implant …Over 40,000 Cisco IOS XE Devices Infected with Backdoor Using Zero-Day …Number of Hacked Cisco IOS XE Devices Plummets From 50K to Hundreds Critical RCE Flaws Found in SolarWinds Access Audit Solution

• 10/19/2023

  Iran-Linked OilRig Targets Middle East Governments in 8-Month Cyber Campaign Cyberspace Has No Boundaries — That’s Why Global Cooperation on Security Is Crucial: UK Official Amazon, Microsoft, and India Crack Down on Tech Support Scams Republican Congressman Says Labor Crunch Biggest Threat to U.S. Cybersecurity QR Codes Used in 22% of Phishing Attacks U.S. Charge Man With Running Stolen Credentials Marketplace Europol Knocks RagnarLocker Offline in Second Major Ransomware Bust This Year Valve Enhances Steam Security With SMS Verification

  Casio Keyed up After Data Loss Hits Customers in 149 Countries Data Breach Hits Saint Louis University Students and Employees, School Says Atlas Healthcare Confirms Recent Data Breach Affecting Residents’ Social Security Numbers Sophisticated MATA Framework Strikes Eastern European Oil and Gas Companies Fake KeePass Site Uses Google Ads and Punycode to Push Malware BlackCat Ransomware Uses New ‘Munchkin’ Linux VM in Stealthy Attacks Hacker Group GhostSec Unveils New Generation Ransomware Implant Microsoft Extends Purview Audit Log Retention After July Breach

• 10/18/2023

  Ukraine Says Joint Mission With U.S. Derailed Moscow’s Cyberattacks Google Links WinRAR Exploitation to Russian, Chinese State Hackers Critical Citrix NetScaler Flaw Exploited to Target from Government, Tech Firms Twitter Glitch Allows CIA Informant Channel to Be Hijacked Federal Cyber Chief Tells Agencies to Tap Brakes on AI AI Adoption Surges But Security Awareness Lags Behind Krebs: The Fake Browser Update Scam Gets a Makeover Google Bulks up Android’s Malware Defenses to Combat New Tricks, Including AI: Play Protect Dutch Consumer Group Sues Amazon Over Data Tracking FBI: Hackers Are Extorting Plastic Surgery Patients Ex-Navy IT Head Gets 5 Years for Selling People’s Data on Darkweb

  Ukrainian Activists Hack Trigona Ransomware Gang, Wipe Servers Lazarus Group Targeting Defense Experts with Fake Interviews via Trojanized VNC Apps North Korean Hackers Lazarus and Andariel Exploit Critical TeamCity Flaw to Breach Networks MATA Malware Framework Exploits EDR in Attacks on Defense Firms Hacker Leaks Millions of New 23andMe Genetic Data Profiles Qubitstrike Targets Jupyter Notebooks with Crypto Mining and Rootkit Campaign New Admin Takeover Vulnerability Exposed in Synology’s DiskStation Manager What CISOs Should Exclude From SEC Cybersecurity Filings Major Cyber Attack Could Cost the World $3.5 Trillion -Lloyd’s of London

• 10/17/2023

  TetrisPhantom: Persistent Espionage Campaign Targets APAC Governments Ransomware Comes Back in Vogue for Cybercriminals Fake Browser Updates Used in Malware Distribution Huge Increase in ‘Spear Phishing’ Ever Since ChatGPT’s Rise, Says Japanese Cybersecurity Firm Google Password Manager Could Ease Your Transition to Passkeys Amazon Quietly Rolls Out Support for Passkeys, With a Catch Over 40,000 Admin Portal Accounts Use ‘Admin’ as a Password Insiders Say X’s Crowdsourced Anti-Disinformation Tool Is Making the Problem Worse Krebs: Tech CEO Sentenced to 5 Years in IP Address Scheme New Calculator Aims to Measure Companies’ Cyberattack Damages

  Chilean Government Warns of Black Basta Ransomware Attacks After Customs Incident D-Link Confirms Data Breach After Employee Phishing Attack KwikTrip All but Says IT Outage Was Caused by a Cyberattack Crum & Forster Notifies Nearly 14k Consumers of Recent Data Breach Leaking Their SSNs SpyNote Android Malware Spreads via Fake Volcano Eruption Alerts Malicious Notepad++ Google Ads Evade Detection for Months Over 10,000 Cisco Devices Hacked in IOS XE Zero-Day Attacks Critical Vulnerabilities Uncovered in Open Source CasaOS Cloud Software Experts Warn of Severe Flaws Affecting Milesight Routers and Titan SFTP Servers

• 10/16/2023

  Russian Sandworm Hackers Breached 11 Ukrainian Telcos Since May Pro-Russian Hackers Exploiting Recent WinRAR Vulnerability in New Campaign BLOODALCHEMY Provides Backdoor to Southeast Asian nations’ Secrets Fake ‘RedAlert’ Rocket Alert App for Israel Installs Android Spyware Healthcare Sector Warned About New Ransomware Group NoEscape Your Organization Has Suffered a Data Incident: Now Here Are the Regulators It Will Likely Encounter Deepfake Porn Is Out of Control WhatsApp Turns on Passwordless Logins With Passkeys for Android Users What the Hollywood Writers Strike Resolution Means for Cybersecurity

  We’re Not in e-Kansas Anymore: State Courts Reel From ‘Unauthorized Incursion’ Taylored Services Parent Co Cyber Attack and Possible Data Breach Affects Current and Former Employees Henry Schein Announces Data Breach SpyNote: Beware of This Android Trojan that Records Audio and Phone Calls Discord Still a Hotbed of Malware Activity — Now APTs Join the Fun Hackers Exploit Critical Flaw in WordPress Royal Elementor Plugin CISA, FBI Urge Admins to Patch Atlassian Confluence Immediately Cisco Warns of New iOS XE Zero-Day Actively Exploited in Attacks Signal Disputes Alleged Zero-Day Flaw

• 10/13-15/2023

  Billboards in Israel Were Briefly Hacked to Display Pro-Hamas Messages as Cyberwar Ramps Up New PEAPOD Cyberattack Campaign Targeting Women Political Leaders …Women Political Leaders Summit Targeted in Romcom Malware Phishing AI algorithm Detects MitM Attacks on Unmanned Military Vehicles Chinese Embassy Criticizes Costa Rica for 5G Company Restrictions UK Regulator Fines Equifax £11m for 2017 Data Breach Security Pros Warn That EU’s Vulnerability Disclosure Rule Is Risky Australia Fines X, Formerly Twitter, for Not Answering Questions on Child Abuse Content

  Hackers Hit Aid Groups Responding to Israel and Gaza Crisis Kwik Trip IT Systems Outage Caused by Mysterious ‘Network Incident’ FBI, CISA Warn of Rising AvosLocker Ransomware Attacks Against Critical Infrastructure DarkGate Malware Spreading via Messaging Services Posing as PDF Files Hackers Use Binance Smart Chain Contracts to Store Malicious Scripts CISA Shares Vulnerabilities, Misconfigs Used by Ransomware Gangs Steam Enforces SMS Verification to Curb Malware-Ridden Updates Microsoft to Phase Out NTLM in Favor of Kerberos for Stronger Authentication

• 10/12/2023

  Chinese APT ToddyCat Targets Asian Telecoms, Governments Israel Sees Cyber Incursions Across Digital Systems Microsoft Defender Thwarts Large-Scale Akira Ransomware Attack Everest Ransomware Cybercriminals Offer Corporate Insiders Cold, Hard Cash for Remote Access Shadow PC Warns of Data Breach as Hacker Tries to Sell Gamers’ Info The Cyberwar Between the East and the West Goes Through Africa New Clues Suggest Stolen FTX Funds Went to Russia-Linked Money Launderers AMC CEO Was Target of Blackmail and Extortion Plot California Enacts “Delete Act” For Data Privacy

  Malicious NuGet Package Targeting .NET Developers with SeroXen RAT ShellBot Uses Hex IPs to Evade Detection in Attacks on Linux SSH Servers Ransomware Attacks Now Target Unpatched WS_FTP Servers Ransomware Victims Continue to Pay Up, While Bracing for AI-Enhanced Attacks Hyped up Curl Vulnerability Falls Short of Expectations Apple Fixes iOS Kernel Zero-Day Vulnerability on Older iPhones New Microsoft Bug Bounty Program Focuses on AI-Powered Bing 6 Simple Cybersecurity Rules You Can Apply Now

• 10/11/2023

  Initial U.S. Intelligence Suggests Iran Was Surprised by the Hamas Attack on Israel Gaza Conflict: How Israeli Cybersecurity Will Respond Israelis Form Citizen Cyber Brigades Amid Mounting Digital Attacks Microsoft Warns of Nation-State Hackers Exploiting Critical Atlassian Confluence Vulnerability U.S. Navy Sailor Pleads Guilty to Accepting $15,000 in Bribes From China U.S. Government Issues Open-Source Security Guidance for Critical Infrastructure SEC is Investigating MOVEit Mass-Hack, Says Progress Software The UN Risks Normalizing Internet Censorship Microsoft Defender Now Auto-Isolates Compromised Accounts

  Simpson Manufacturing Shuts Down IT Systems After Cyberattack West Texas Gas Files Notice of Data Breach Affecting Over 56,000 People BianLian Extortion Group Claims Recent Air Canada Breach LinkedIn Smart Links Attacks Return to Target Microsoft Accounts U.S. Cybersecurity Agency Warns of Actively Exploited Adobe Acrobat Reader Vulnerability CD-Indexing Cue Files Are the Core of a Serious Linux Remote Code Exploit New WordPress Backdoor Creates Rogue Admin to Hijack Websites Krebs: Patch Tuesday, October 2023 Edition …From Chaos to Cadence: Celebrating Two Decades of Microsoft’s Patch Tuesday

• 10/10/2023

  Israel Was Prepared for a Different War …Iran’s Khamenei Lauds Hamas Attack on Israel, Again Denies Involvement …Israeli Startup Community, at Home and Abroad, Prepares to Fight New Threat Actor “Grayling” Blamed For Espionage Campaign Cloudflare, Google, and Amazon Explain What’s Behind the Largest DDoS Attacks Ever Krebs: Phishers Spoof USPS, 12 Other Natl’ Postal Services Google Begins Prompting Users to Create Passwordless Passkeys by Default AI Isn’t Just About Risk, Says Splunk’s Cyber Chief New Report: Child Sexual Abuse Content and Online Risks to Children on the Rise Arctic Wolf Acquires Cybersecurity Automation Platform Revelstoke

  Air Europa Data Breach: Customers Warned to Cancel Credit Cards ALPHV Ransomware Gang Claims Attack on Florida Circuit Court Walmart, Inc. Files Notice of Data Breach Indicating Over 85k Victims Community First Medical Center In Portage Park (IL) Suffers Large-Scale Data Breach IZ1H9 Botnet Targets IoT Devices With New Exploits D-Link WiFi Range Extender Vulnerable to Command Injection Attacks New Critical Citrix NetScaler Flaw Exposes ‘Sensitive’ Data Microsoft October 2023 Patch Tuesday Fixes 3 Zero-Days, 104 Flaws Microsoft Exchange Gets ‘Better’ Patch to Mitigate Critical Bug Microsoft to Kill Off VBScript in Windows to Block Malware Delivery

• 10/9/2023

  Vietnam Agents Tried to Plant Spyware on Phones of U.S. Lawmakers and Journalists: Probe Gaza-Linked Cyber Threat Actor Targets Israeli Energy and Defense Sectors Hacktivist Attacks Erupt in Middle East Following Hamas Assault on Israel X, Formerly Twitter, Amplifies Disinformation Amid the Israel-Hamas Conflict Cybercriminals Using EvilProxy Phishing Kit to Target Senior Executives in U.S. Firms HelloKitty Ransomware Source Code Leaked on Hacking Forum Inside FTX’s All-Night Race to Stop a $1 Billion Crypto Heist DOJ: Ex-Soldier Tried to Pass Secrets to China After Seeking a ‘Subreddit About Spy Stuff’ Cybersecurity Talent in America: Bridging the Gap

  Datacenter Cabling Biz Volex Confirms Digital Break-in Hackers Modify Online Stores’ 404 Pages to Steal Credit Cards Hackers Hijack Citrix NetScaler Login Pages to Steal Credentials PEACHPIT: Massive Ad Fraud Botnet Powered by Millions of Hacked Android and iOS Over 17,000 WordPress Sites Hacked in Balada Injector Attacks Last Month GNOME Linux Systems Exposed to RCE Attacks via File Downloads High-Severity Flaws in ConnectedIO’s 3G/4G Routers Raise Concerns for IoT Security Security Patch for Two New Flaws in Curl Library Arriving on October 11 Navigating the Patchwork of U.S. Privacy and Cybersecurity Laws: Summer 2023 Regulatory Updates

• 10/6-8/2023

  Israel at War With Hamas After Unprecedented Attacks …Israel’s Security Forces Face Questions After Hamas Attack …Israel’s Failure to Stop the Hamas Attack Shows the Danger of Too Much Surveillance …Iran Helped Plot Attack on Israel Over Several Weeks Israel’s Government, Media Websites Hit With Cyberattacks Ukraine Cyber-Conflict: Hacking Gangs Vow to De-Escalate Apple’s Encryption Is Under Attack by a Mysterious Group Snap AI Chatbot Investigation Launched in UK Over Teen-Privacy Concerns FTC Warns of ‘Staggering’ Losses to Social Media Scams Since 2021 MGM Didn’t Pay Up After Hackers Broke Into Its System and Stole Customer Data …MGM Resorts Ransomware Attack Led to $100 Million Loss, Data Theft Bounty Offered for Secret NSA Seeds Behind NIST Elliptic Curves Algo

  North Korea’s Lazarus Group Launders $900 Million in Cryptocurrency Host of EU Summit Spain Target of DDoS Cyberattacks D.C. Board of Elections Confirms Voter Data Stolen in Site Hack Hackers Are Selling the Data of Millions Lifted From 23andMe’s Genetic Database CDW Data to Be Leaked Next Week After Negotiations With LockBit Break Down Florida Circuit Court Pauses Many Proceedings Following Cyberattack Lyca Mobile Says Customer Data Was Stolen During Cyberattack Third Flagstar Bank Data Breach Since 2021 Affects 800,000 Customers Supermicro’s BMC Firmware Found Vulnerable to Multiple Critical Vulnerabilities GitHub’s Secret Scanning Feature Now Covers AWS, Microsoft, Google, and Slack Microsoft 365 Admins Warned of New Google Anti-spam Rules

• 10/5/2023

  China-Linked Cyberspies Backdoor Semiconductor Firms With Cobalt Strike China Poised to Disrupt U.S. Critical Infrastructure with Cyber-Attacks, Microsoft Warns Hackers With AI Are Harder to Stop, Microsoft Says South Korea Accuses North of Phish and Ships Attack Scammers Impersonate Companies to Steal Cryptocurrency from Job Seekers CISA and NSA Tackle IAM Security Challenges in New Report NSA and CISA Reveal Top 10 Cybersecurity Misconfigurations U.S. Government Proposes SBOM Rules for Contractors Court Rules in Favor of Auto-Repair Companies in Car-Data Dispute Blackbaud Settles Data Breach With 49 States, DC for $50 Million Lorenz Ransomware Crew Bungles Blackmail Blueprint by Leaking Two Years of Contacts

  Guyana Governmental Entity Hit by DinodasRAT in Cyber Espionage Attack GoldDigger Android Trojan Drains Victim Bank Accounts Analysis and Config Extraction of Lu0Bot, a Node.js Malware with Considerable Capabilities QakBot Threat Actors Still in Action, Using Ransom Knight and Remcos RAT in Latest Attacks CISA Warns of Active Exploitation of JetBrains and Windows Vulnerabilities Critical Glibc Bug Puts Linux Distributions at Risk Amazon to Make MFA Mandatory for ‘Root’ AWS Accounts by Mid-2024 Beyond Cybersecurity Awareness Month: Finding A Signal In The Noise Could Cybersecurity Breaches Become Harmless in the Future? Zero-Days for Hacking WhatsApp Are Now Worth Millions of Dollars

---

Follow The Cyber Beat

Get news delivered directly to your inbox.