Date: 1 September 2023
Our monthly roundup of the Biggest Cyber Attacks, Ransomware Attacks and Data Breaches is here for the month of August 2023. Healthcare, educational institutions, VPN products, city administrations continue to dominate the list of victims. Big names like American Express, the Metropolitan Police, Toyota and Microsoft Teams were also amongst those impacted by cyber crime in the month gone by.
- Ransomware Attacks in August 2023
- Data Breaches in August 2023
- Cyber-Attacks in August 2023
- New Ransomware/Malware Detected in August 2023
- Vulnerabilities/Patches
- Advisories issued, reports, analysis etc. in August 2023
If you check the tables below carefully, you'll know that there was a news piece on a cyber attack, ransomware attack, data breach or a new vulnerability being exploited almost every day of August 2023. Unfortunately, this month was no different from the earlier 7 months of the year.
While we, as a community, were just about wrapping our heads around the MoveIT and Barracuda attacks that have done widespread damage, news of the Ivanti zero-day vulnerability started making headlines. Amongst the few things that are certain in this world is the fact that there isn't a moment of rest in the world of cybersecurity.
It is hard to match pace with the advanced criminal, but there are certain things you can do as a business to keep yourself as protected as possible. Our Virtual Cyber Assistants can help you get your technology infrastructure in order, audit your existing cybersecurity health, help you achieve compliance, recommend enhancements on your existing Information Security Management System and much more.
Importantly, our highly experienced cyber consultants will help you create or review and update your Cyber Incident Response Plans - a critical component of your cyber resilience strategy in the vicious threat landscape we inhabit today. Because let's face it - sooner or later, almost everyone is going to be attacked. What can save you, however, is better preparation to control the damage when it's your time.
Ransomware Attacks in August 2023
|
Date |
Victim |
Summary |
Threat Actor |
Business Impact |
Source Link |
|
August 01, 2023 |
Mattress giant Tempur Sealy |
Mattress giant Tempur Sealy hit with cyber rattack forcing system shutdown |
AlphV/Black Cat Ransomware group |
The attack forced the company to shut down its systems as hackers claimed to have access to sensitive documents. |
|
|
August 02, 2023 |
West Oaks School, in Leeds, England |
Russia-linked cyber criminals target school for children with learning difficulties |
LockBit Ransomware |
The stolen information is unknown but the ransomware group has warned that if the school remains unable to pay the ransom, the group will publish stolen data. |
Ransomware attack on West Oaks School, a school for children with learning difficulties |
|
August 05, 2023 |
FBI investigating ransomware attack crippling hospitals across 4 states |
Rhysida Ransomware |
When Prospect Medical Hospitals network faced issues at its hospitals nationwide, it took its systems offline and diverted patients to other facilities and stopped operation at its affected hospitals. |
||
|
August 08, 2023 |
Israeli hospital redirects new patients following ransomware attack |
Unknown |
The ransomware attack shut down the medical centre's administrative computer systems but didn’t affect the medical gear. The hospital advised new patients and those needing emergency care to visit other medical centres. |
||
|
August 14, 2023 |
Germany’s national bar association investigates ransomware attack |
NoEscape Ransomware group |
German Federal Bar (BRAK) Association's Brussels office fell victim to a criminal cyber attack, which led to a failure of the IT systems. The hackers allegedly encrypted BRAK’s mail server and exfiltrated 160 gigabytes of data. |
Ransomware attack on German Federal Bar (BRAK) Association's Brussels office |
|
|
August 16, 2023 |
Tennessee school hit with ransomware as gangs ramp up attacks ahead of new academic year |
Unknown |
The ransomware attack affected 5% of faculty and staff devices and the school printers remained down. |
||
|
August 17, 2023 |
French town of Sartrouville |
French town of Sartrouville recovering from cyber attack claimed by ransomware gang |
Medusa Ransomware |
Hackers targeted IT systems of hospitals, small businesses, schools, and local communities in the French town of Sartrouville as the town hall of Sartrouville (Yvelines) was paralyzed by a cyber attack, carried out by hackers who demanded a ransom. The intranet computer system of the town hall simply stopped as all data was encrypted and a ransomware-type virus named "Medusa" infected the municipality's work and backup servers. |
|
|
August 18, 2023 |
Ransomware gang threatens Raleigh Housing Authority months after devastating attack |
Black Basta Ransomware gang |
The ransomware gang started posting sensitive personal information connected to a devastating attack on the Raleigh Housing Authority (RHA) that disrupted the organisation for weeks in May as the attack crashed the organisation’s entire system and stopped its ability to function for several days — seven cybersecurity officials from the National Guard were sent to help the organisation recover with additional assistance from the FBI. |
||
|
August 22, 2023 |
The Public Center for Social Action (CPAS) in Charleroi, Belgium |
Cyberattack on Belgian social service centres forces them to close |
Unknown |
The cyber attack forced the Public Center for Social Action (CPAS) in Charleroi, Belgium, to close its social branches including its debt mediation service and Energy House service. |
Ransomware attack on Belgium’s Public Center for Social Action (CPAS) |
|
August 22, 2023 |
Danish Cloud Hosting firms CloudNordic and AzeroCloud |
The firm, which owns both entities, says it lost all customer data after the ransomware attacks |
Unknown |
The ransomware attacks caused the loss of the majority of customer data forcing the hosting providers to shut down all systems, including websites, email, and customer sites. |
|
|
August 22, 2023 |
Akira ransomware targets Cisco VPNs to breach organisations |
Akira Ransomware |
Akira ransomware targets Cisco VPN (virtual private network) products as an attack vector to breach corporate networks, steal, and eventually encrypt data. |
||
|
August 24, 2023 |
English council warns residents after suspected ransomware attack |
Unknown |
The ransomware attack affected internal systems of St Helens Borough Council. |
||
|
August 25, 2023 |
Thousands have SSNs leaked after ransomware attack on Ohio state archive organisation |
Unknown |
When the victim society refused to pay the ransom demand, hackers leaked the names, addresses and Social Security numbers of people employed by the organisation from 2009-2023. Hackers also accessed documents related to OHC vendors, checks provided to OHC by donors since 2020. |
||
|
August 27, 2027 |
Rhysida claims ransomware attack on Prospect Medical, threatens to sell data |
Rhysida Ransomware |
Hackers claimed to have stolen 500,000 social security numbers, corporate documents, and patient records. |
||
|
August 28, 2023 |
PurFoods, which conducts business as 'Mom's Meals' |
Mom’s Meals discloses data breach impacting 1.2 million people |
Unknown |
Hackers stole and encrypted personal information of 1.2 million customers and employees of Mom’s Meals. |
Data Breaches in August 2023
|
Date |
Victim |
Summary |
Threat Actor |
Business Impact |
Source Link |
|
August 01, 2023 |
Retail chain Hot Topic |
American apparel Retailer, Hot Topic, discloses wave of credential-stuffing attacks |
Unknown |
Hackers used stolen account credentials and accessed the Rewards platform multiple times, potentially stealing customer data. The information that may have been exposed to hackers includes: Full name, Email address, Order history, Phone number, Date of birth, Shipping address, last digits of saved payment cards etc. |
|
|
August 02, 2023 |
US govt contractor Serco discloses data breach after MoveIT attacks |
Clop Ransomware |
The attackers stole the personal information of over 10,000 individuals from a third-party vendor's MoveIT managed file transfer (MFT) server. |
||
|
August 10, 2023 |
Largest switching and terminal railroad in US investigating ransomware data theft |
Akira Ransomware gang |
The ransomware gang claimed to have stolen 85 GB of data. |
||
|
August 10, 2023 |
California city investigating data theft after ransomware group’s claims |
LockBit Ransomware gang |
The City Manager Will Provost said they were aware that cybercriminals alleged to have taken data from certain City of El Cerrito systems and were threatening to post the information to a website outside the confines of traditional internet. |
||
|
August 17, 2023 |
Tesla blames data breach affecting 75,000 on ‘insider wrongdoing’ |
Insider Error (Human Error) |
The data breach affected more than 75,000 current and former employees after two insiders allegedly shared information taken from its internal systems with a German newspaper. Tesla blamed “insider wrongdoing” for the breach which included compromised personal data and Social Security numbers. |
||
|
August 18, 2023 |
Illinois hospital notifies patients, employees of data breach after Royal Ransomware attack |
Royal Ransomware |
In this data breach, about 250,000 people potentially had their personal information exposed which included names, addresses, dates of birth, social security numbers, medical record numbers and account numbers, and diagnostic codes of current and former healthcare patients and employees at Morris Hospital. |
||
|
August 18, 2023 |
Siemens Healthineers responds to alleged data theft by LockBit ransomware gang |
LockBit Ransomware |
In this attack, LockBit ransomware group stole data related to the Varian business segment of Siemens Healthineers and published it on the group's leak site. |
||
|
August 21, 2023 |
Ukrainian hackers claim to leak emails of Russian parliament deputy chief |
Ukrainian hacking group “Cyber Resistance” |
Ukrainian hackers claimed to have broken into the email account of a senior Russian politician and exposed documents that allegedly prove his involvement in money laundering and sanction evasion schemes. The threat actors calling themselves Cyber Resistance leaked 11 GB of emails allegedly belonging to Alexander Babakov, a deputy chairman of Russia’s parliament. |
||
|
August 21, 2023 |
Watchmaker Seiko |
BlackCat ransomware gang takes credit for Seiko data breach |
AlphV/BlackCat Ransomware |
The ransomware gang shared screenshots of the stolen data that included spreadsheets and presentations. |
|
|
August 21, 2023 |
An organisation that manages Australia’s internet domain .au known as auDA |
Australia’s .au domain administrator denies data breach after ransomware posting |
NoEscape Ransomware |
The NoEscape ransomware gang claimed to have attacked the organisation and stolen 15 GB of sensitive data that included personal information and more. |
Data breach attack on an Australia’s .au domain administrator |
|
August 23, 2023 |
University of Minnesota confirms data breach |
Unknown |
The University of Minnesota confirmed that the sensitive personal information of students, faculty and employees was leaked in a data breach. |
||
|
August 25, 2023 |
France's government unemployment registration and financial aid agency, Pôle emploi |
Data breach at French govt agency exposes information of 10 million people |
Clop Ransomware (This agency became victim of MOVEit data breach) |
The data breach exposed data belonging to 10 million individuals. |
|
|
August 25, 2023 |
Leaseweb is restoring ‘critical’ systems after security breach |
Unknown |
Leaseweb took down some of the impacted systems to mitigate security risks and says that its teams are now working to restore critical systems affected in this incident. |
||
|
August 25, 2023 |
Financial and risk advisory company Kroll |
Kroll data breach exposes info of FTX, BlockFi, Genesis creditors |
Unknown |
Hackers stole the Kroll employee's phone number and used it to gain access to some files with personal data of bankruptcy claimants. |
|
|
August 25, 2023 |
American Express Confirms Data Leak Of APAC Employee Details |
Former Employee |
A former employee gained access to employee data after accidentally being given access to a third-party payroll company. The data reportedly involved bank account details, names and addresses, payment histories, and tax file numbers. |
||
|
August 26, 2023 |
Metropolitan Police on red alert after details of officers and staff hacked in massive security breach |
Unknown |
All 47,000 personnel were warned of the risk that their photos, names and ranks had been stolen when cyber crooks penetrated the IT systems of a contractor printing warrant cards and staff passes. |
||
|
August 27, 2023 |
Hospital Sisters Health System Confirms “Temporary System Outage,” Raising Concerns of Possible Data Breach |
Unknown |
Due to system outage, patients remained unable to access either company’s phone system, and MyChart and MyPrevea communications were not available. |
||
|
August 28, 2023 |
Trading Paints Data Breach Exposes Usernames and Passwords |
Unknown |
Trading Paints, a platform used for customised liveries in iRacing, has experienced a data breach, exposing over 270,000 usernames and passwords. |
||
|
August 28, 2023 |
Blue Cross and Blue Shield of Illinois |
Blue Cross and Blue Shield of Illinois Files Notice of Recent Third-Party Data Breach |
Unknown |
The incident resulted in an unauthorised party being able to access consumers’ sensitive information, which includes their names, addresses, email addresses, phone numbers, dates of birth, Social Security Numbers, claim numbers, bank account numbers and medical service information. |
|
|
August 29, 2023 |
CLEAResult |
CLEAResult Data Breach Investigation |
Clop ransomware |
The CLEAResult data breach resulted in the names, Social Security numbers and financial account numbers of certain individuals being compromised. |
|
|
August 29, 2023 |
Energy provider Eversource |
Eversource confirms data breached due to vendor CLEAResult being exposed to software vulnerability |
Clop ransomware |
Eversource's vendor CLEAResult was impacted by MOVEit vulnerability, potentially exposed customer data. Information like energy usage, names and addresses may have been part of the exposure. |
|
|
August 29, 2023 |
New York Life Clients become latest victims of massive MOVEit data breach |
Clop ransomware |
Almost 26,000 New York Life customers had their names and Social Security numbers exposed to a data breach. |
||
|
August 29, 2023 |
Chevron Federal Credit Union |
Chevron Federal Credit Union Files Notice of Data Breach Affecting Over 90k Consumers |
Clop ransomware |
The incident resulted in an unauthorised party being able to access consumers’ sensitive information, which includes their names and financial account information. |
|
|
August 30, 2023 |
Entertainment company Paramount Global |
Paramount discloses data breach following security incident |
Unknown |
During this breach, attackers gained access to personally identifiable information (PII) including name, date of birth, Social Security number or other government-issued identification number and information related to the relationship with Paramount. The company has said that less than 100 individuals were apparently affected. |
|
|
August 31, 2023 |
Clothing company Forever 21 |
Hackers accessed information of 500,000 current and former employees |
Unknown |
Hackers had intermittent access to Forever21's systems between Jan and March 2023 and they have potentially exposed personal information of 539,207 individuals including Full name, Social Security Number (SSN), Date of Birth, Bank Account Number, Forever 21 Health Plan information etc. |
Cyber Attacks in August 2023
|
Date |
Victim |
Summary |
Threat Actor |
Business Impact |
Source Link |
|
August 02, 2023 |
Russian hackers target govt orgs in Microsoft Teams phishing attacks |
Hacking group APT29 |
According to Microsoft, the campaign affected fewer than 40 unique global organisations as the organisations targeted in this activity likely indicated specific espionage objectives by Midnight Blizzard directed at government, non-government organisations (NGOs), IT services, technology, discrete manufacturing, and media sectors. |
||
|
August 02, 2023 |
The websites of at least five banks, including Intesa Sanpaolo |
Pro-Russian hackers claim attacks on Italian banks |
The group, NoName057(16) |
A pro-Russian hacking group has claimed responsibility for cyber attacks on Italian banks, businesses, and government agencies. The attacks flooded networks and disrupted services. |
DDoS attack on the websites of at least five banks, including Intesa Sanpaolo |
|
August 03, 2023 |
The National Science Foundation’s National Optical-Infrared Astronomy Research Laboratory – also known as NOIRLab |
Hawai'i's Gemini North observatory suspends operations following cyber attack |
Unknown |
The cyber attack hindered the operations of an observatory in Hawai'i. |
|
|
August 04, 2023 |
The government, financial, and transportation industries in India and Israel |
Bangladeshi hacktivists target India, Israel with DDoS attacks |
Mysterious Team Bangladesh |
Mysterious Team Bangladesh launched more than 750 distributed denial-of-service attacks (DDoS) that overwhelm websites with junk traffic, as well as over 70 defacement attacks that change website appearances to show unauthorised content. Thirty-four percent of those targeted India, while 18 percent focused on Israel. |
|
|
August 12, 2023 |
A South African Power Generator with an undisclosed name |
Southern African power generator targeted with DroxiDat malware |
Unknown |
The hackers used a Cobalt Strike tool and DroxiDat (a new variant of the SystemBC payload) to profile compromised systems and establish remote connections on the electric utility. |
|
|
August 14, 2023 |
Prince George's County Public Schools |
Suburban DC school district responds to cyber attack |
Unknown |
The broad network outage knocked out email and other services as the district released a statement saying 4,500 of the system’s 180,000 accounts were impacted. |
|
|
August 14, 2023 |
Cleaning product giant Clorox |
Clorox takes servers offline, notifies law enforcement after ‘unauthorised activity’ detected |
Unknown |
The cybersecurity incident forced Clorox to take several of its systems offline. |
|
|
August 18, 2023 |
Hackers compromise Zimbra email accounts in phishing campaign |
Unknown |
According to a report from Slovak software company ESET, the attackers have been gathering credentials of Zimbra account users since at least April. The hackers appear to be targeting organisations largely at random, with Zimbra use being the only common factor among them. |
||
|
August 20, 2023 |
Ecuador’s national election agency says cyber attacks caused absentee voting issues |
Unknown |
The cyber attacks originating from seven different countries disturbed the voting process which comes under Ecuador’s national election council for citizens living abroad. |
||
|
August 21, 2023 |
Australian software provider Energy One |
Australian software provider Energy One hit by cyber attack |
Unknown |
The incident affected Energy One’s systems in Australia and the U.K. |
|
|
August 21, 2023 |
Hong Kong based organisations |
Carderbee hacking group hits Hong Kong organisations in supply chain attack |
Carderbee hacking group |
A previously unidentified APT hacking group named 'Carderbee' was observed attacking organisations in Hong Kong and other regions in Asia, using legitimate software to infect targets' computers with the PlugX malware. |
Carderbee hacking group’s attack on organisations based in Hong Kong |
|
August 21, 2023 |
Major Mississippi hospital system takes services offline after cyber attack |
Unknown |
Cyber attack forced Singing River Health System to take certain internal computer systems offline. |
||
|
August 23, 2023 |
South African News Website says it faced cyber attack after publishing a news report on Indian Prime Minister, Narendra Modi |
Unknown |
Due to a DDoS attack from Indian servers the news website remained down for hours. |
||
|
August 27, 2023 |
Poland investigates cyber-attack on rail network |
Unknown |
Hackers broke into railway frequencies to disrupt traffic in the north-west of the country overnight as the signals were interspersed with a recording of Russia's national anthem and a speech by President Vladimir Putin. |
||
|
August 29, 2023 |
University of Michigan shuts down network after cyber attack |
Unknown |
The University took all of its systems and services offline to deal with a cybersecurity incident that caused a widespread impact on online services the night before classes started. The outage disrupted access to vital online services, including Google, Canvas, Wolverine Access, and email. |
||
|
August 29, 2023 |
All 14 Toyota factories in Japan halt operations due to massive glitch |
Unknown |
Toyota Motor Corp said it halted operations at all 14 of its factories in Japan due to a system glitch as it affected fourteen vehicle factories and 25 lines that remained unable to process orders for parts. |
New Ransomware/Malware Discovered in August 2023
|
New Ransomware |
Summary |
Source Link |
|
A new malware belonging to the 'FourteenHi' malware family |
Chinese state-sponsored hackers have been targeting industrial organisations with new malware that can steal data from air-gapped systems. |
Hackers use new malware to breach air-gapped devices in Eastern Europe |
|
MMRat Malware |
A novel Android banking malware named MMRat utilizes a rarely used communication method, protobuf data serialization, to more efficiently steal data from compromised devices. |
New Android MMRat malware uses Protobuf protocol to steal your data |
|
Qakbot Botnet |
Qakbot, one of the largest and longest-running botnets to date, was taken down following a multinational law enforcement operation spearheaded by the FBI, known as Operation 'Duck Hunt.' |
Qakbot botnet dismantled after infecting over 700,000 computers |
|
DreamBus Malware |
A new version of the DreamBus botnet malware exploits a critical-severity remote code execution vulnerability (tracked as CVE-2023-33246) in RocketMQ servers to infect devices. |
|
|
Whiffy malware |
This malware uses scans of Wi-Fi access points within range of infected machines to geolocate them. |
|
|
New malicious framework named ‘Infamous Chisel' |
Hackers working for the Main Directorate of the General Staff of the Armed Forces of the Russian Federation, more commonly known as the GRU, have been targeting Android devices in Ukraine with a new malicious framework named ‘Infamous Chisel'. |
GRU hackers attack Ukrainian military with new Android malware |
Vulnerabilities/Patches Discovered in August 2023
|
Date |
Flaws/Fixes |
Summary |
Source Link |
|
August 01, 2023 |
CVE-2023-35078 |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said that state hackers have been exploiting two flaws in Ivanti's Endpoint Manager Mobile (EPMM), formerly MobileIron Core, since April. |
CISA issues new warning on actively exploited Ivanti MobileIron bugs |
|
August 02, 2023 |
CVE-2023-20583 |
A new software-based power side-channel attack called 'Collide+Power' was discovered, impacting almost all CPUs and potentially allowing data to leak as the researchers warned that the flaw is low-risk and will likely not be used in attacks on end users. |
New Collide+Power side-channel attack impacts almost all CPUs |
|
August 02, 2023 |
CVE-2023-3519 |
Hundreds of Citrix Netscaler ADC and Gateway servers have already been breached and backdoored in a series of attacks targeting a critical remote code execution (RCE) vulnerability. |
Over 640 Citrix servers backdoored with web shells in ongoing attacks |
|
August 02, 2023 |
CVE-2023-35082 |
IT software company Ivanti disclosed a new critical security vulnerability in its MobileIron Core mobile device management software. |
Ivanti discloses new critical auth bypass bug in MobileIron Core |
|
August 04, 2023 |
CVE-2023-39143 |
PaperCut recently fixed a critical security vulnerability in its NG/MF print management software that allows unauthenticated attackers to gain RCE on unpatched Windows servers. |
New PaperCut critical bug exposes unpatched servers to RCE attacks |
|
August 22, 2023 |
CVE-2023-38035 |
IT giant Ivanti is advising some customers to make changes to dodge a new zero-day vulnerability affecting one of its products. |
|
|
August 23, 2023 |
CVE-2023-32315 |
Thousands of Openfire servers remain vulnerable to CVE-2023-32315, an actively exploited and path traversal vulnerability that allows an unauthenticated user to create new admin accounts. |
|
|
August 23, 2023 |
CVE-2023-38831 |
A WinRar zero-day vulnerability was actively exploited to install malware when clicking on harmless files in an archive, allowing the hackers to breach online cryptocurrency trading accounts. |
WinRAR zero-day exploited since April to hack trading accounts |
|
August 24, 2023` |
CVE-2022-47966 |
The North Korean state-backed hacker group tracked as Lazarus has been exploiting a critical vulnerability in Zoho's ManageEngine ServiceDesk to compromise an internet backbone infrastructure provider and healthcare organisations. |
Hackers use public ManageEngine exploit to breach internet org |
|
August 29, 2023 |
CVE-2023-36846 and CVE-2023-36845 |
Hackers are using a critical exploit chain to target Juniper EX switches and SRX firewalls via their Internet-exposed J-Web configuration interface. |
Hackers exploit critical Juniper RCE bug chain after PoC release |
Warnings/Advisories/Reports/Analysis
|
News Type |
Summary |
Source Link |
|
Report |
Hackers are using a fake Android app named 'SafeChat' to infect devices with spyware malware that steals call logs, texts, and GPS locations from phones. |
Hackers steal Signal, WhatsApp user data with fake Android chat app |
|
Report |
Researchers have found that an Iranian technology company is providing infrastructure services to ransomware gangs and an array of nation-state hackers. |
Iranian cloud company accused of hosting cybercriminals, nation-state hackers |
|
Report |
Hackers exploited a zero-day vulnerability in Salesforce's email services and SMTP servers to launch a sophisticated phishing campaign targeting valuable Facebook accounts. |
Hackers exploited Salesforce zero-day in Facebook phishing attack |
|
Report |
Slack is investigating an ongoing incident preventing users from accessing the instant messaging platform and making shared images blurry for those already logged in. |
|
|
Report |
A site impersonating Flipper Devices promises a free Flipper Zero after completing an offer but only leads to shady browser extensions and scam sites. |
Fake FlipperZero sites promise free devices after completing offer |
|
Report |
Hacktivist groups that operate for political or ideological motives employ a broad range of funding methods to support their operations. |
Hacktivists fund their operations using common cybercrime tactics |
|
Report |
The Federal Communications Commission (FCC) has announced a record-breaking $299,997,000 fine imposed on an international network of companies for placing five billion robocalls to more than 500 million phone numbers over three months in 2021. |
Extended warranty robocallers fined $300 million after 5 billion scam calls |
|
Report |
According to a senior official, ransomware attacks targeting Finnish organisations have increased fourfold since the Nordic country began the process of joining NATO last year. |
Finland sees fourfold spike in ransomware attacks since joining NATO, senior cyber official says |
|
Warning |
The FBI warned of fraudsters posing as Non-Fungible Token (NFT) developers to prey upon NFT enthusiasts and steal their cryptocurrency and NFT assets. |
FBI warns of scammers posing as NFT devs to steal your crypto |
|
Report |
The phishing-as-a-service platform 16shop was taken down as part of a global investigation led by Interpol. Law enforcement arrested a 21-year-old Indonesian man accused of administering the platform, along with two other individuals involved in its operation — one in Indonesia and one in Japan. |
Interpol takes down phishing-as-a-service platform used by 70,000 people |
|
Warning |
Researchers have found that threat actors have been using the phishing toolkit EvilProxy to take control of cloud-based Microsoft 365 accounts belonging to executives at prominent companies. |
Attackers use EvilProxy phishing kit to take over executives’ Microsoft 365 accounts |
|
Warning |
Germany’s domestic intelligence service published a cyber espionage warning that Iranian dissident organisations and individuals in the country were being targeted by a suspected state-sponsored threat group. |
Iranian cyber spies are targeting dissidents in Germany, warns intelligence service |
|
Report |
Researchers have discovered multiple zero days affecting major cryptocurrency platforms like Coinbase and Binance. |
|
|
Report |
DHS said the Cyber Safety Review Board will focus its attention on the malicious targeting of cloud computing environments, including the recent intrusion into Microsoft Exchange Online by China-based hackers. |
Microsoft Exchange hack is focus of cyber board’s next review |
|
Report |
Rep. Don Bacon (R-NE), a member of the House Armed Services Committee said his personal and political emails had been stolen by the same suspected Chinese hackers that breached the inboxes of the U.S. State and Commerce departments. |
|
|
Report |
Cybersecurity researchers at the DEF CON security conference disclosed details this weekend on three vulnerabilities in popular transportation software Mooveit that could allow people to obtain free public transit rides. |
Researchers discover vulnerabilities in Moovit software allowing free subway rides |
|
Report |
Popular online file hosting platform AnonFiles has shut down, with administrators saying they were fed up with “the extreme volumes” of abuse of its services. |
‘Extreme’ user abuse leads AnonFiles operators to shut down hosting service |
|
Warning |
U.S. intelligence agencies are warning of increasing cyberattacks targeting U.S.-based space companies by unnamed foreign intelligence services. |
FBI, Air Force warn of cyberattacks on space industry by ‘foreign intelligence operations’ |
|
Report |
On average, every 72 hours for the past three months, cyber experts inside one of the United Kingdom’s security and intelligence services have detected the beginnings of a new ransomware attack against a British organisation and then tipped off the target in a bid to prevent the attack from being executed. |
British intelligence is tipping off ransomware targets to disrupt attacks |
|
Report |
The scraped data of 2.6 million DuoLingo users was leaked on a hacking forum, allowing threat actors to conduct targeted phishing attacks using the exposed information. |
Scraped data of 2.6 million Duolingo users released on hacking forum |
|
Report |
Discord has been reaching out to users affected by a data breach disclosed earlier this year to let them know what Personal Identifying Information (PII) was exposed in the incident. |
Discord starts notifying users affected by March data breach |
|
Warning |
The Federal Bureau of Investigation warned that patches for a critical Barracuda Email Security Gateway (ESG) remote command injection flaw are "ineffective," and patched appliances are still being compromised in ongoing attacks. |
FBI warns of patched Barracuda ESG appliances still being hacked |
|
Warning |
The National Police of Spain warned of an ongoing 'LockBit Locker' ransomware campaign targeting architecture companies in the country through phishing emails. |
|
|
Report |
Internet shutdowns in the central African country of Gabon have continued into their third day after officials cut off networks in an effort to limit the spread of information during the election season. |
Internet shutdown in Gabon continues into third day following national elections |
|
Report |
Suspected Chinese hackers disproportionately targeted and breached government and government-linked organisations worldwide in recent attacks targeting a Barracuda Email Security Gateway (ESG) zero-day, with a focus on entities across the Americas. |
|
|
Report |
The gang, which operates through a blog called Ransomed, tells victims that if they don’t pay to protect stolen files, they will face fines under data protection laws like the EU’s GDPR. |
Pay the ransom instead of a GDPR fine, cybercrime gang tells its targets |
