Cyber Security Blog

December 2023: Biggest Cyber Attacks, Data Breaches Ransomware Attacks

Written by Aditi Uberoi | 2 January 2024

Toyota Financial services, Idaho National Laboratory, Nissan Oceania, Yakult Australia, Norton Healthcare, Apparels Giant VF, Mr. Cooper, Xfinity, Panasonic Aviation, EasyPark, HTC Global Services. Wondering what's common amongst these names? They've all been compromised by cyber crime in the last month of 2023. 

  1. Ransomware Attacks in December 2023
  2. Cyber Attacks in December 2023
  3. Data Breaches in December 2023
  4. New Ransomware/Malware Detected in December 2023
  5. Vulnerabilities/Patches 
  6. Advisories issued, reports, analysis etc. in December 2023

The year may be ending but the cyber attacks didn't stop. Businesses across verticals and organisations from libraries to healthcare institutions continued to be impacted by the rise in cyber crime. Like every month, we're back with our compilation of the biggest cyber attacks, ransomware attacks and data breaches for December 2023.  

Worried how to protect your organisation against this rampant rise in cyber threats? Remember that preparation is the only protection today. Get your cybersecurity incident response plans and Incident Response Playbooks in order. 

Test the effectiveness of your plans and processes with Cybersecurity Tabletop Exercises. If you can't hire an expert facilitator, use the below resources to get started on your cyber drills immediately.  

  1. Top Cyber Tabletop Exercise Scenarios 
  2. Cyber Security Tabletop Exercise Template
  3. Cyber Tabletop Exercise PPT
  4. Cyber Crisis Tabletop Exercise Checklist

These invaluable free resources have been created by the leading expert in tabletop exercise facilitation worldwide. They are designed to assist you in conducting a successful and efficient incident response tabletop exercise on your own.

Ransomware Attacks in December 2023

Date

Victim

Summary

Threat Actor

Business Impact

Source Link

December 03, 2023

Tipalti

Accounting Software Technology company, Tipalti, investigates claims of data stolen in ransomware attack

ALPHV/BlackCat Ransomware

The threat actors claimed to have stolen 265 GB of data, including data for Twitch and Roblox, which they said they will extort separately.

Tipalti ransomware attack

December 04, 2023

HTC Global Services

HTC Global Services confirms cyber attack after data leaked online

ALPHV/BlackCat

HTC Global Services confirmed that it suffered a cyber attack after the ALPHV ransomware gang began leaking screenshots of stolen data. The leaked data included passports, contact lists, emails, and confidential documents allegedly stolen during the attack.

HTC Global Services ransomware attack

December 08, 2023

Americold

Nearly 130,000 affected by ransomware attack on cold storage company Americold

Unknown

A ransomware attack in April on cold storage giant Americold, affected nearly 130,000 people, the company announced in a breach report to regulators in Maine. 

Americold ransomware attack

December 08, 2023

Norton Healthcare

Kentucky healthcare giant says 2.5 million people affected by May ransomware attack

ALPHV/Black Cat Ransomware

A ransomware attack in May exposed 2.5 million patients of hospitals connected to healthcare giant Norton Healthcare. The company said the data of current and former patients, employees, as well as employee dependents and beneficiaries were leaked as a result of the attack. 

Ransomware Attack Update Norton Healthcare

December 14, 2023

Sony’s Insomniac Games

Sony investigating potential ransomware attack on Insomniac Games unit

Rhysida Ransomware

The Rhysida ransomware gang claimed to have attacked Insomniac Games, giving the video game developer six days to respond to their undisclosed ransom demand.

Ransomware attack on Sony’s Insomniac games unit

December 14, 2023

Kraft Heinz

Kraft Heinz investigates hack claims, says systems ‘operating normally’

Snatch Team

In a post on Snatch extortion group's data leak site, the threat actors claimed that they breached Kraft Heinz.

Kraft Heinz ransomware attack

December 14, 2023

Delta Dental California

Delta Dental of California data breach exposed information of 7 million people

Clop Ransomware (MOVEit breach)

The data breach impacted 6,928,932 customers of Delta Dental of California, who had their names, financial account numbers, and credit/debit card numbers, including security codes, exposed.

Delta Dental California data breach

December 20, 2023

Tech giant HCL

Indian tech giant HCL investigating ransomware attack

Unknown

The company said it has become aware of a ransomware incident in an isolated cloud environment for one of its projects and there has been no impact observed due to this incident on the overall HCLTech network. 

Ransomware attack on Indian tech giant HCL

December 21, 2023

Bladen County Public Library

Bladen County Public Library is on the list of MEOW ransomware gang victims

MEOW Ransomware

The ransomware gang claimed an attack on North Carolina’s Bladen County Public Library. County leaders announced that their systems were affected by a cyber attack, and the incident was so damaging that the North Carolina National Guard was called in to help with the recovery effort.

Bladen County Public Library ransomware attack

December 21, 2023

Toronto Public Library

Toronto Public Library ‘remains a crime scene’ after ransomware attack

Unknown

Toronto City Librarian Vickery Bowles said they’ve spent weeks trying to restore services but library accounts online were still not accessible and public computers as well as printers were not available. The librarian said the attack has been devastating for  people who rely on the city’s libraries as their primary source of internet access — particularly low income city residents and school children.

Toronto Public Library ransomware attack update

December 22, 2023

Mint Mobile

Mint Mobile discloses new data breach exposing customer data

Threat actor named “Blue” on BreachForums

Mint Mobile disclosed a new data breach that exposed the personal information of its customers, including data that can be used to perform SIM swap attacks.

Mint mobile data breach

December 26, 2023

Yakult Australia

Yakult Australia confirms 'cyber incident' after 95 GB data leak

DragonForce

Yakult Australia confirmed experiencing a "cyber incident" in a statement to BleepingComputer as both the company's Australian and New Zealand IT systems were affected, and DragonForce which claimed responsibility for the cyber attack leaked 95 GB of data that it stated, belongs to the company.

Yakult Australia ransomware attack

December 27, 2023

German hospital network Katholische Hospitalvereinigung Ostwestfalen (KHO)

Lockbit ransomware disrupts emergency care at German hospitals

Lockbit Ransomware

German hospital network Katholische Hospitalvereinigung Ostwestfalen (KHO) confirmed that recent service disruptions at three hospitals were caused by a Lockbit ransomware attack. 

Ransomware attack on German hospital network Katholische Hospitalvereinigung Ostwestfalen (KHO)

December 27, 2023

Ohio Lottery

Ohio Lottery hit by cyber attack claimed by DragonForce ransomware

DragonForce Ransomware

The Ohio Lottery was forced to shut down some key systems after a cyber attack affected an undisclosed number of internal applications on Christmas Eve as  the attackers claimed to have encrypted devices and stolen data during the attack, including Social Security Numbers and dates of birth.

Ohio Lottery Ransomware Attack

December 27, 2023

Trinidad and Tobago social security agency

Trinidad and Tobago social security agency hit with post-Christmas ransomware attack

Unknown

A key government agency in Trinidad and Tobago said it was hit with a ransomware attack that will limit its operations for at least the rest of the year.

Trinidad and Tobago social security agency ransomware attack

 Back to Top 


Cyber Attacks in December 2023

Date

Victim

Summary

Threat Actor

Business Impact

Source Link

December 07, 2023

The Greater Richmond Transit Company (GRTC)

Central Virginia transit system affected by cyber incident

Play Ransomware

The Greater Richmond Transit Company (GRTC) that runs the transit system for central Virginia faced a computer network disruption due to a cyber attack around the Thanksgiving holiday.

Cyber attack on Central Virginia’s Greater Richmond Transit Company (GRTC)

December 11, 2023

A private group water scheme in the rural Erris area of County Mayo in Ireland that uses vulnerable Unitronics tool 

Two-day water outage in remote Irish region caused by pro-Iran hackers

Cyber Av3ngers Group

The incident affected a private group water scheme by exploiting a vulnerability (CVE-2023-6448) in an Israel-made Unitronics tool used by a water body in the rural Erris area of County Mayo. The attack resulted in outages for approximately 160 households over two days, and was as a result of the exploitation of a vulnerability in a particular type of programmable logic controller.

Cyber attack on an Irish water supply system 

December 11, 2023

Central Bank of Lesotho

Central Bank of Lesotho faces outages after cyber attack

Unknown

The central bank of the southern African country Lesotho faced severe outages due to a cyber attack that forced it to shut down its systems. 

Central Bank of Lesotho cyber attack

December 12, 2023

Russian Federal Taxation Service (FNS)

Ukraine’s intelligence claims cyber attack on Russia’s state tax service

Ukraine's security services (SBU)

Ukraine's defence intelligence directorate (GUR) said it infected thousands of servers belonging to Russia's state tax service with malware, and destroyed databases and backups. During the operation, Ukraine's military spies said they managed to break into one of the "key well-protected central servers" of Russia's federal tax service (FNS) as well as more than 2,300 regional servers throughout Russia and occupied Crimea. The attack also affected a Russian tech company that operates FNS’s database.

Cyber attack on Russian tax service

December 12, 2023

Ukrainian mobile carrier Kyivstar

Ukraine's largest mobile carrier Kyivstar down following cyber attack

Unknown

The official website remained offline as the company informed subscribers via its social media channels that it was targeted by hackers, causing a technical failure that impacts mobile communications and internet access.

Cyber attack on Ukrainian mobile company Kyivstar

December 13, 2023

A district court of March in Switzerland

District court in Switzerland ‘victim of a cyber attack’

Unknown

A district court suffered a cyber attack and the entire IT systems were taken down to protect the data. The court’s telephone lines were down, however scheduled hearings in the court were expected to take place as planned.

Cyber attack on district court of March in Switzerland

December 13, 2023

The London Public Library, Ontario

Ontario public library shuts down most services due to cyber attack

Unknown

The library was forced to shut down most of its services due to a cyber attack. It posted an alert on its website that several branches would be closed indefinitely and its phones, email, WiFi, website, catalogues, printers, computers and digital resources were no longer accessible.

The London Public Library cyber attack

December 13, 2023

Ledger dApp

Ledger dApp supply chain attack steals $600K from crypto wallets

Unknown

Ledger warns users not to use web3 dApps after a supply chain attack on the 'Ledger dApp Connect Kit' library was found pushing a JavaScript wallet drainer that stole $600,000 in crypto and NFTs.

Ledger crypto cyber attack

December 17, 2023

WordPress hosting service Kinsta

WordPress hosting service Kinsta targeted by Google phishing ads

Unknown

WordPress hosting provider Kinsta warned customers that Google ads have been observed promoting phishing sites to steal hosting credentials. The attackers were supposedly using these Ads to target people who have visited kinsta.com or my.kinsta.com.

Cyber attack on Kinsta hosting

December 20, 2023

Liberty Hospital Kansas

Kansas City-area hospital transfers patients and reschedules appointments after cyber attack

Unknown

Kansas City, Missouri said it was struggling to provide care to patients after a cyber attack limited its systems. Liberty Hospital said it was still dealing with disruptions to its computer systems.

Liberty Hospital Kansas cyber attack

December 21, 2023

First American Insurance

First American becomes latest real estate industry giant to be hit by a cyber attack

Unknown

Insurance company First American confirmed that it is dealing with a cyber attack that forced it to shut down certain systems.

First American cyber attack

December 27, 2023

Albanian parliament and a telecom company

Albanian parliament, telecom company hit by cyber attacks

Iran-linked hacker group known as Homeland Justice

The Albanian parliament and a telecom company operating in the country were targeted by cyber attacks, the country’s cyber agency said in a statement. The attacks apparently originated from outside Albania.

Cyber attack on Albanian parliament and country’s telecom company

December 29, 2023

Eagers Automotive

Eagers Automotive halts trading in response to cyber attack

Unknown

Eagers Automotive suffered a cybe rattack and was forced to halt trading on the stock exchange as that attack forced it to halt all trading operations to manage disclosure obligations concerning the cybersecurity incident, and announced that the incident impacted several of its systems across Australia and New Zealand.

Eagers Automotive cyber attack

Back to Top 

Data Breaches in December 2023

Date

Victim

Summary

Threat Actor

Business Impact

Source Link

December 05, and 22,  2023

Nissan Oceania

Nissan is investigating a cyber attack and potential data breach claimed by Akira Ransomware

Akira Ransomware

The attack may have let hackers access personal information. In a new entry added to the operation's date leak blog on December 22, Akira says that its operators allegedly stole around 100 GB of documents from the automaker's systems.

Nissan Oceania data breach

December 06, 2023

U.S. Navy contractor Austal USA

Navy contractor Austal USA confirms cyber attack after data leak

The Hunters International Ransomware Group 

Austal USA, a shipbuilding company and a contractor for the U.S. Department of Defense (DoD) and the Department of Homeland Security (DHS) confirmed that it suffered a cyber attack and is currently investigating the impact of the incident. 

Data breach attack on U.S. Navy contractor Austal USA

December 10, 2023

Toyota Financial Services (TFS)

Toyota warns customers of data breach exposing personal, financial information

Medusa Ransomware

Toyota Financial Services (TFS) stated that sensitive personal and financial data was exposed in the attack. The threat actors demanded a payment of $8,000,000 to delete the stolen data and gave Toyota 10 days to respond to their demand, but Toyota has not negotiated a ransom payment with the cybercriminals. Currently, all data has been leaked on Medusa's extortion portal on the dark web.

Toyota Financial Services (TFS) ransomware attack

December 12, 2023

The Idaho National Laboratory (INL)

U.S. nuclear research lab data breach impacts 45,000 people

SiegedSec Hacktivists

The research lab said in breach notification letters filed with the Maine Attorney General's Office that the attackers exfiltrated the data of 45,047 current and former employees (including postdocs, graduate fellows, and interns), as well as their dependents and spouses. The breach has not, allegedly, affected employees hired after June 1, 2023.

The Idaho National Laboratory data breach

December 12, 2023

Apparel giant VF Corp. the makers of Timberland, Vans, North Face, and Jansport

Apparel giant VF reports cyber attack on first day of SEC disclosure rule

Unknown

One of the biggest apparel companies in the world reported a “material” cyber attack to the U.S. SEC on the first day that a new cyber incident reporting rule went into effect. VF Corporation said it detected unauthorised activity on a portion of its information technology systems on December 13 and was forced to shut down some systems.

Data breach attack on apparel company VF 

December 15, 2023

Mortgage company Mr. Cooper

October cyber attack leaked data of 14.7 million people, mortgage giant Mr. Cooper says

Unknown

According to a latest update, mortgage loan servicer Mr. Cooper said the information of nearly 14.7 million people was leaked during a cyber attack in October 2023.

Mr. Cooper data breach update

December 15, 2023

The Fred Hutchinson Cancer Center

Seattle cancer centre confirms cyber attack after ransomware gang threats

Hunters International Ransomware Group 

The ransomware group listed the Fred Hutchinson Cancer Center on its leak site, claiming to have stolen 533 GB of data. The group was apparently extorting individual patients as well.

The Fred Hutchinson cancer centre data breach

December 18, 2023

MongoDB

MongoDB says hackers accessed corporate systems containing customer information

Unknown

The company said a security incident involving unauthorised access targeted certain MongoDB corporate systems, which included exposure of customer account metadata and contact information.

MongoDB data breach

December 18, 2023

Xfinity

36 million people affected by data breach at Xfinity

Unknown

Cable TV and internet service provider Xfinity says a breach linked to a widespread vulnerability (CVE-2023-4966) in Citrix technology exposed data of about nearly 36 million people in mid-October.

Xfinity data breach

December 19, 2023

ESO Solutions

Nearly 3 million affected by ransomware attack on medical software firm

Unknown

Around 3 million people across the U.S. had their information exposed following a ransomware attack on ESO solutions that provides software to hospitals and emergency medical services.

Data breach attack on Austin-based ESO solutions

December 22, 2023

St Vincent’s Health Australia

Australian healthcare provider St. Vincent’s has had data stolen during a cyber attack

Unknown

Australia’s largest non-profit healthcare provider said an unknown cyber crime group targeted its systems and stole data.

St Vincent’s Health Australia data breach

December 22, 2023

Ubisoft gaming

Ubisoft says it's investigating reports of a new security breach

Unknown

Ubisoft suffered a breach after images of the company's internal software and developer tools were leaked online. Vx-underground said threat actors planned to exfiltrate around 900GB of data.

Ubisoft gaming data breach

December 22, 2023

Bharat Sanchar Nigam Limited (BSNL)

Threat actor breaches BSNL server database, puts up dataset on dark web

The threat actor, using the alias "Perell"

The threat actor released a sample dataset containing 32,000 lines of data, which included sensitive details of fibre and landline users of BSNL, on a dark web forum. The threat actor claimed that the total number of lines across all databases amounts to 2.9 million.

Bharat Sanchar Nigam Limited (BSNL) data breach

December 25, 2023

Grand Theft GTA 5

GTA 5 source code reportedly leaked online a year after RockStar hack

Lapsus$ Ransomware

​The source code for Grand Theft Auto 5 was reportedly leaked on Christmas Eve, a little over a year after the Lapsus$ threat actors hacked Rockstar games and stole corporate data.

Grand Theft GTA 5 data breach

December 26, 2023

Integris Health

Integris Health patients get extortion emails after cyber attack

Unknown

Integris Health patients in Oklahoma received blackmail emails stating that their data was stolen in a cyber attack on the healthcare network, and if they did not pay an extortion demand, the data would be sold to other threat actors. Hackers claimed they stole the personal data of over 2 million patients.

Integris Health data breach impact

December 26, 2023

Fidelity National Financial subsidiary LoanCare

Fidelity National Financial subsidiary says 1.3 million affected by November cyber attack

ALPHV/BlackCat Ransomware

LoanCare, a subsidiary of title insurance giant Fidelity National Financial reported a data breach to state regulators. It said that 1,316,938 people had information accessed by hackers who breached the parent company on or about November 19, 2023. Based on the investigation hackers may have obtained names, addresses, social security numbers, and loan numbers.

Fidelity National Financial data breach

December 27, 2023

Panasonic Avionics Corporation

Panasonic discloses data breach after December 2022 cyber attack

Unknown

Panasonic Avionics Corporation disclosed a data breach affecting an undisclosed number of individuals after its corporate network was breached more than one year ago.

Panasonic Avionics Corporation data breach

December 27, 2023

Entertainment giant National Amusements

Entertainment giant National Amusements says more than 82,000 affected by cyber attack

Unknown

National Amusements announced a data breach that affected more than 82,000 people as an investigation found that the hackers had access to files on the company’s systems between December 13 and December 15. 

National Amusements data breach

December 27, 2023

Corewell Health

Another Corewell Health data breach impacts more than 1 million patients

Unknown

For the second time in just a few months, more than 1 million Corewell Health patients in Southeast Michigan may have had their medical information exposed in a data breach. 

Second data breach attack on Corewell Health

December 28, 2023

Downfall game mode on Steam

Game mode on Steam breached to push password-stealing malware

Epsilon information stealer malware pushed by an unknown hacker

Downfall, a fan expansion for the popular Slay the Spire indie strategy game, was breached on Christmas Day to push Epsilon information stealer malware using the Steam update system. After the game is installed, it deploys the malware which runs in the background and steals the user's passwords, credit card details, and authentication cookies.

Data breach attack on Downfall game mode on Steam

December 28, 2023

EasyPark

EasyPark discloses data breach that may impact millions of users 

Unknown

Parking app developer EasyPark published a notice on its website warning of a data breach it discovered on December 10, 2023, which impacted an unknown number of its millions of users. 

EasyPark data breach

December 28, 2023

Risk and financial advisory company Kroll

Kroll reveals FTX customer information exposed in August data breach

Unknown

Kroll released additional details regarding the August data breach, which exposed the personal information of FTX bankruptcy claimants as Kroll said the exposed data included coin holdings and balances, which would allow threat actors to pinpoint attractive targets who invest heavily in the cryptocurrency markets.

Kroll data breach update

December 28, 2023

Cardiothoracic and Vascular Surgeons, P.A. (“CTVS”)

Cardiothoracic and Vascular Surgeons Files Notice of Data Breach Affecting an Unknown Number of Patient SSNs

Unknown

In this notice, CTVS explained that the incident resulted in an unauthorised party being able to access consumers’ sensitive information, which includes their names, Social Security Numbers, financial account information, driver’s licence numbers, dates of birth, medical record numbers, and health information.

Cardiothoracic and Vascular Surgeons, P.A. (“CTVS”) data breach


Back to Top 

New Ransomware/Malware Discovered in December 2023

New Ransomware

Summary

Source Link

Agent Raccoon malware

Hackers use a novel malware named 'Agent Raccoon' (or Agent Racoon) in cyber attacks against organisations in the United States, the Middle East, and Africa.

Hackers use new Agent Raccoon malware to backdoor US targets

A new proxy trojan malware

Cybercriminals are targeting Mac users with a new proxy trojan malware bundled with popular, copyrighted macOS software being offered on warez sites.

New proxy malware targets Mac users through pirated software

Linux version of Qilin ransomware

A sample of the Qilin ransomware gang's VMware ESXi encryptor has been found and it could be one of the most advanced and customisable Linux encryptors seen to date.

Linux version of Qilin ransomware focuses on VMware ESXi

A new hacking group named 'AeroBlade'

A previously unknown cyber espionage hacking group named 'AeroBlade' was discovered targeting organisations in the United States aerospace sector.

New AeroBlade hackers target aerospace sector in the U.S.

The latest variants of the P2Pinfect botnet

The latest variants of the P2Pinfect botnet are now focusing on infecting devices with 32-bit MIPS (Microprocessor without Interlocked Pipelined Stages) processors, such as routers and IoT devices.

Stealthier version of P2Pinfect malware targets MIPS devices

Krasue RAT malware

Security researchers discovered a remote access trojan they named Krasue that is targeting Linux systems of telecommunications companies. It managed to remain undetected since 2021.

Krasue RAT malware hides on Linux servers using embedded rootkits

New cybercrime market 'OLVX'

A new cybercrime marketplace, OLVX, has emerged and is quickly gaining new customers looking to purchase tools to conduct online fraud and cyber attacks.

New cybercrime market 'OLVX' gains popularity among hackers

BazarCall attacks

A new wave of BazarCall attacks uses Google Forms to generate and send payment receipts to victims, attempting to make the phishing attempt appear more legitimate.

BazarCall attacks abuse Google Forms to legitimise phishing emails

GambleForce

Researchers have uncovered a previously unknown hacker group that uses simple and dated attack methods to target governments and businesses in the Asia-Pacific region.

New hacker group uses old attack methods to breach Asian gambling companies

NKAbuse

A new Go-based multi-platform malware identified as 'NKAbuse' is the first malware abusing NKN (New Kind of Network) technology for data exchange, making it a stealthy threat.

New NKAbuse malware abuses NKN blockchain for stealthy comms

Rhadamanthys Stealer malware

The developers of the Rhadamanthys information-stealing malware have recently released two major versions to add improvements and enhancements across the board, including new stealing capabilities and enhanced evasion.

Rhadamanthys Stealer malware evolves with more powerful features

FalseFont malware

Microsoft says the APT33 Iranian cyber-espionage group is using recently discovered FalseFont backdoor malware to attack defence contractors worldwide.

Microsoft: Hackers target defence firms with new FalseFont malware

New Xamalicious Android malware

A previously unknown Android backdoor named 'Xamalicious' has infected approximately 338,300 devices via malicious apps on Google Play, Android's official app store.

New Xamalicious Android malware installed 330k times on Google Play

New MASEPIE malware

Ukraine's Computer Emergency Response Team (CERT) warned of a new phishing campaign that allowed Russia-linked hackers to deploy previously unseen malware on a network in under one hour.

Russian military hackers target Ukraine with new MASEPIE malware

Back to Top 

Vulnerabilities/Patches Discovered in December 2023

Date

Flaws/Fixes

Summary

Source Link

December 01, 2023

CVE-2023-34060

VMware has fixed a critical authentication bypass vulnerability in Cloud Director appliance deployments, a bug that was left unpatched for over two weeks since it was disclosed on November 14th.

VMware fixes critical Cloud Director auth bypass unpatched for 2 weeks

December 02, 2023

CVE-2023-4966

The U.S. Department of Health and Human Services (HHS) warned hospitals this week to patch the critical 'Citrix Bleed' Netscaler vulnerability actively exploited in attacks.

US Health Dept urges hospitals to patch critical Citrix Bleed bug

December 02, 2023

CVE-2020-0688

CVE-2021-26855

CVE-2021-27065

CVE-2022-41082

CVE-2023-21529

CVE-2023-36745

CVE-2023-36439

Tens of thousands of Microsoft Exchange email servers in Europe, the U.S., and Asia exposed on the public internet are vulnerable to remote code execution flaws.

Over 20,000 vulnerable Microsoft Exchange servers exposed to attacks

December 04, 2023

CVE-2023-45124

WordPress administrators are being emailed fake WordPress security advisories for a fictitious vulnerability tracked as CVE-2023-45124 to infect sites with a malicious plugin.

Fake WordPress security advisory pushes backdoor plugin

December 04, 2023

CVE-2023-40088

Google announced that the December 2023 Android security updates tackle 85 vulnerabilities, including a critical severity zero-click remote code execution (RCE) bug.

December Android updates fix critical zero-click RCE flaw

December 04, 2023

CVE-2023-23397

Microsoft's Threat Intelligence team issued a warning earlier about the Russian state-sponsored actor APT28 (aka "Fancybear" or "Strontium") actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts and steal sensitive information.

Russian hackers exploiting Outlook bug to hijack Exchange accounts

December 05, 2023

CVE-2023-26360

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning about hackers actively exploiting a critical vulnerability in Adobe ColdFusion identified as CVE-2023-26360 to gain initial access to government servers.

Hackers breach US govt agencies using Adobe ColdFusion exploit

December 05, 2023

CVE-2023-41101 

CVE-2023-38316

CVE-2023-40463

CVE-2023-40464

CVE-2023-40461

CVE-2023-40458

CVE-2023-40459

CVE-2023-40462

CVE-2023-40460

A set of 21 newly discovered vulnerabilities impact Sierra OT/IoT routers and threaten critical infrastructure with remote code execution, unauthorised access, cross-site scripting, authentication bypass, and denial of service attacks.

"Sierra:21" vulnerabilities impact critical infrastructure routers

December 06, 2023

CVE-2023-22522

CVE-2023-22523

CVE-2023-22524

CVE-2022-1471

Atlassian published security advisories for four critical remote code execution (RCE) vulnerabilities impacting Confluence, Jira, and Bitbucket servers, along with a companion app for macOS.

Atlassian patches critical RCE flaws across multiple products

December 07, 2023

CVE-2023-33043

CVE-2023-33044

CVE-2023-33042

CVE-2023-32842

CVE-2023-32844

CVE-2023-20702

CVE-2023-32846

CVE-2023-32841

CVE-2023-32843

CVE-2023-32845

A new set of vulnerabilities in 5G modems by Qualcomm and MediaTek, collectively called "5Ghoul," impact 710 5G smartphone models from Google partners (Android) and Apple, routers, and USB modems.

New 5Ghoul attack impacts 5G phones with Qualcomm, MediaTek chips

December 07, 2023

CVE-2023-23397

Russian APT28 military hackers used Microsoft Outlook zero-day exploits to target multiple European NATO member countries, including a NATO Rapid Deployable Corps.

Russian military hackers target NATO fast reaction corps

December 10, 2023

CVE-2021-44228

Roughly 38% of applications using the Apache Log4j library are using a version vulnerable to security issues, including Log4Shell, a critical vulnerability identified as CVE-2021-44228 that carries the maximum severity rating, despite patches being available for more than two years.

Over 30% of Log4J apps use a vulnerable version of the library

December 10, 2023

CVE-2023-6553

A critical severity vulnerability in a WordPress plugin with more than 90,000 installs can let attackers gain remote code execution to fully compromise vulnerable websites.

50K WordPress sites exposed to RCE attacks by critical bug in backup plugin

December 11, 2023

CVE-2023-42916 and CVE-2023-42917

Apple has issued emergency security updates to backport patches for two actively exploited zero-day flaws to older iPhones and some Apple Watch and Apple TV models.

Apple emergency updates fix recent zero-days on older iPhones

December 11, 2023

CVE-2023-50164

Hackers are attempting to leverage a recently fixed critical vulnerability (CVE-2023-50164) in Apache Struts that leads to remote code execution, in attacks that rely on publicly available proof-of-concept exploit code.

Hackers are exploiting critical Apache Struts flaw using public PoC

December 12, 2023

CVE-2022-3236

Sophos opted to backport a security update for CVE-2022-3236 for end-of-life (EOL) firewall firmware versions after discovering hackers actively exploiting the flaw in attacks.

Sophos backports RCE fix after attacks on unsupported firewalls

December 12, 2023

CVE-2023-42325

CVE-2023-42327

CVE-2023-42326

Roughly 1,450 pfSense instances exposed online are vulnerable to command injection and cross-site scripting flaws that, if chained, could enable attackers to perform remote code execution on the appliance.

Over 1,450 pfSense servers exposed to RCE attacks via bug chain

December 13, 2023

CVE-2023-50164

Hackers are attempting to leverage a recently fixed critical vulnerability (CVE-2023-50164) in Apache Struts that leads to remote code execution, in attacks that rely on publicly available proof-of-concept exploit code.

Hackers are exploiting critical Apache Struts flaw using public PoC

December 15, 2023

CVE-2023-49954

3CX CEO Nick Galea said the SQL injection flaw was discovered by independent security researcher Theo Stein in the 3CX CRM Integration and is now tracked as CVE-2023-49954.

3CX warns customers to disable SQL database integrations

December 19, 2023

CVE-2023-7024

Google Chrome has released an emergency security fix for a zero-day flaw that has been exploited in the wild.

Google discovers another Chrome zero-day exploited in the wild

December 27, 2023

CVE-2023-7102

Network and email security firm Barracuda said it remotely patched all active Email Security Gateway (ESG) appliances on December 21 against a zero-day bug exploited by UNC4841 Chinese hackers.

Barracuda fixes new ESG zero-day exploited by Chinese hackers

December 28, 2023

CVE-2023-38606

Researchers at the cybersecurity firm Kaspersky said they discovered an obscure hardware feature that was likely exploited by hackers during previously reported spyware attacks on iPhone users.

Spyware attack chain used previously unknown iPhone hardware feature, report says

December 28, 2023

CVE-2021-43890

Microsoft has again disabled the MSIX ms-appinstaller protocol handler after multiple financially motivated threat groups abused it to infect Windows users with malware.

Microsoft disables MSIX protocol handler abused in malware attacks

December 28, 2023

CVE-2023-49070

A critical Apache OFBiz pre-authentication remote code execution vulnerability is being actively exploited using public proof of concept (PoC) exploits. 

Apache OFBiz RCE flaw exploited to find vulnerable Confluence servers

 Back to Top 

Warnings/Advisories/Reports/Analysis

News Type

Summary

Source Link

Report

North Korean-backed state hackers have stolen an estimated $3 billion in a long string of hacks targeting the cryptocurrency industry over the last six years since January 2017.

North Korea's state hackers stole $3 billion in crypto since 2017

Report

As Genetic testing provider 23andMe faces multiple lawsuits for an October credential stuffing attack that led to the theft of customer data, the company has modified its Terms of Use to make it harder to sue the company.

23andMe updates user agreement to prevent data breach lawsuits

Warning

The UK National Cyber Security Centre (NCSC) and Microsoft warn that the Russian state-backed actor "Callisto Group" (aka "Seaborgium" or "Star Blizzard") is targeting organisations worldwide with spear-phishing campaigns used to steal account credentials and data.

UK and allies expose Russian FSB hacking group, sanction members

Warning

A vulnerability in an open-source library that is common across the Web3 space impacts the security of pre-built smart contracts, affecting multiple NFT collections, including Coinbase.

Multiple NFT collections at risk by flaw in open-source library

Report

The social media giant Meta announced that it had started rolling out end-to-end encryption (E2EE) as a default “for all personal chats and calls on Messenger and Facebook.”

As Meta rolls out end-to-end encryption, police warn keeping children safe ‘no longer possible’

Report

Amazon's Customer Protection and Enforcement team has taken legal action against an underground store refund scheme that has resulted in the theft of millions of dollars worth of products from Amazon's online platforms.

Amazon sues REKK fraud gang that stole millions in illicit refunds

Report

The FBI has published guidance on how companies can request a delay in disclosing cyber incidents to the Securities and Exchange Commission (SEC).

FBI explains how companies can delay SEC cyber incident disclosures

Report

Police in Lancashire in North West England have managed to return around £8 million ($10 million) in bitcoin to a man whose cryptocurrency was stolen back in 2017.

UK police return £8 million in bitcoin stolen by chronically ill bed-bound thief 

Warning

Because of the British government’s failures to tackle ransomware, there is a “high risk” the country faces a “catastrophic ransomware attack at any moment,” according to an unprecedentedly critical parliamentary report published Wednesday by the Joint Committee on the National Security Strategy (JCNSS).

UK government risking ‘catastrophic ransomware attack,' parliamentary report warns

Warning

CISA and partner cybersecurity agencies and intelligence services warned that the APT29 hacking group linked to Russia's Foreign Intelligence Service (SVR) has been targeting unpatched TeamCity servers in widespread attacks since September 2023.

CISA: Russian hackers target TeamCity servers since September

Report

A new wave of BazarCall attacks uses Google Forms to generate and send payment receipts to victims, attempting to make the phishing attempt appear more legitimate.

BazarCall attacks abuse Google Forms to legitimize phishing emails

Report

A new cybercrime marketplace, OLVX, has emerged and is quickly gaining new customers looking to purchase tools to conduct online fraud and cyberattacks.

New cybercrime market 'OLVX' gains popularity among hackers

Warning

CISA and partner cybersecurity agencies and intelligence services warned that the APT29 hacking group linked to Russia's Foreign Intelligence Service (SVR) has been targeting unpatched TeamCity servers in widespread attacks since September 2023.

CISA: Russian hackers target TeamCity servers since September

Report

Users of Ubiquiti networking devices, ranging from routers to security cameras, have reported seeing other people’s devices and notifications through the company's UniFi cloud services.

Ubiquiti users report having access to others’ UniFi routers, cameras

Report

This year has seen the emergence of ten new Android banking malware families, which collectively target 985 bank and fintech/trading apps from financial institutes across 61 countries.

Ten new Android banking trojans targeted 985 bank apps in 2023

Warning

Microsoft published warnings about the potential for gift card fraud and hackers abusing a popular authentication technology, and alongside the warnings, Microsoft said it recently used a court order to shut down a cybercrime marketplace where 750 million fraudulent Microsoft accounts were available for sale.

Microsoft disrupts credentials marketplace, warns of gift card fraud, OAuth abuse

Warning

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) urged technology manufacturers to stop providing software and devices with default passwords.

CISA urges tech manufacturers to stop using default passwords

Report

The ransomware gang behind several devastating attacks on major American cities has allegedly launched more than 300 successful incidents since June 2022, according to cybersecurity officials in the United States and Australia.

FBI: Play ransomware gang has attacked 300 orgs since 2022

Report

A group of hackers in recent months has attempted to steal personal and financial information from residents and visitors of the United Arab Emirates in a new text-based phishing campaign.

Cybercriminals target UAE residents, visitors in new info-stealing campaign

Report

A transnational cybercrime operation was taken down this week after law enforcement agencies from 34 countries coordinated on nearly 3,500 arrests and the seizure of about $300 million in stolen funds.

Global law enforcement seizes $300 million, arrests 3,500 involved in transnational cybercrime operation

Report

Google and Twitter ads are promoting sites containing a cryptocurrency drainer named 'MS Drainer' that has already stolen $59 million from 63,210 victims over the past nine months.

Crypto drainer steals $59 million from 63k people in Twitter ad push

Report

Europol notified over 400 websites that their online shops have been hacked with malicious scripts that steal debit and credit cards from customers making purchases.

Europol warns 443 online shops infected with credit card stealers

Report

A nearly four-year-long battle between Google and consumers in a class action lawsuit reached a preliminary settlement over allegations that Google deceives users about their privacy when browsing in the tech giant’s so-called Incognito mode.

Google to settle class action lawsuit alleging Incognito mode does not protect user privacy

Back to Top