January 2024: Biggest Cyber Attacks, Data Breaches, Ransomware Attacks

Date: 1 February 2024

The year has started with a bang quite literally, at least in the world of cybersecurity. Check out our monthly compilation of the biggest cyber attacks in January 2024 along with ransomware attacks, data breaches and new malware and vulnerabilities discovered. 

Microsoft announced a massive nation-state attack on its systems. But sadly, that wasn't all. The Twitter/X accounts of behemoths like the U.S. SEC and Mandiant allegedly got hacked. Hewlett Packard Enterprise, Energy giant Schneider Electric, Aviation leasing company AerCap, Mortgage lender loanDepot, health tech firm HealthEC were amongst the other big names who were all impacted by major attacks in the month gone by.  

  1. Ransomware Attacks in January 2024
  2. Cyber Attacks in January 2024
  3. Data Breaches in January 2024
  4. New Malware, Vulnerabilities & Patches 
  5. Advisories issued, reports, analysis etc. in January 2024

Every new year is an occasion to undo the past years' mistakes. And a look at the experiences of others can really help pave a better way forward for everyone. The lists below and the historical perspective that our Cyber Attack Timelines offer are aimed at one single objective - to encourage and inspire businesses across the globe to get their cyber resilience in order in 2024.  

Let's be honest - there is no getting away from cyber crime in 2024. But what you can do is kick off the year with better preparation against cyber attacks, ransomware attacks and data breaches. This doesn't have to be overwhelming or daunting. There are a few simple ways to achieve this. 

First, get your Cyber Incident Response Plan and Incident Response Playbook in order. Review and re-evaluate whether they are still relevant in the current threat landscape. If you need help in getting these documents professionally reviewed and refreshed, reach out to our expert cybersecurity consultants. Our Virtual Cyber Assistants and Virtual Cyber Consultants can help you enhance your cybersecurity maturity at a pace and budget that suits your exact requirements. 

But remember, plans, cybersecurity policy documents and ransomware response playbooks are of little value if they aren't tested and practised. Your team needs to know what's in them. They need to build muscle memory for these plans and processes. That's the only way to ensure effective response and robust cybersecurity leadership in the face of a crisis. The only way to achieve this is through regular Cyber Crisis Tabletop Exercises. If you can't hire an expert facilitator, our experts have created these invaluable free resources that you can use immediately.  

  1. Top Cyber Tabletop Exercise Scenarios 
  2. Cyber Security Tabletop Exercise Template
  3. Cyber Tabletop Exercise PPT
  4. Cyber Crisis Tabletop Exercise Checklist

Finally,  remember that the human element is the weakest link in the chain. It is highly advisable to invest in cybersecurity awareness training for all your staff. Key members who are responsible for organisational response during a cyber attack must be at least familiar with Cyber Incident Planning and Response and Cyber Incident Response Playbooks

Building cyber resilience is an ongoing journey. It requires a cocktail of constant awareness-building and consistent efforts at improving cybersecurity preparedness. It's not easy but it's not impossible. 

Ransomware Attacks in January 2024

Date

Victim

Summary

Threat Actor

Business Impact

Source Link

January 01, 2024

Australia's Court Services Victoria (CSV)

Victoria court recordings exposed in reported ransomware attack

Qilin ransomware attack

CSV said it detected a cyber attack on December 21, 2023, that allowed hackers to disrupt operations and access its audio-visual archive containing sensitive hearing recordings. CSV detailed that recordings of some hearings in courts between 1 November and 21 December 2023 were accessed and impacted the operations of Supreme Court, County Court, Magistrates' Court, Children's Court, Coroners Court.

Australia's Court Services Victoria (CSV) ransomware attack

January 02, 2024

Museum software solutions provider Gallery Systems

Online museum collections down after cyber attack on service provider

Unknown

In a customer notification, Gallery Systems said it suffered a ransomware attack causing the company to take systems offline to prevent further devices from being encrypted.

Ransomware attack on a Museum software solutions provider Gallery Systems

January 02, 2024

Xerox

Xerox says subsidiary XBS U.S. breached after ransomware gang leaks data

INC Ransom ransomware

The U.S. division of Xerox Business Solutions (XBS) was compromised by hackers with a limited amount of personal information possibly exposed, according to a statement by the parent company, Xerox Corporation. The ransomware gang added the corporation to its extortion portal on December 29, claiming to have stolen sensitive data and confidential documents.

Xerox ransomware attack

January 08, 2024

Toronto Zoo

Toronto Zoo says ransomware attack had no impact on animal wellbeing

Unknown

Toronto Zoo, the largest zoo in Canada, said that a ransomware attack that hit its systems had no impact on the animals, its website, or its day-to-day operations.

Toronto Zoo ransomware attack

January 08, 2024

Capital Health

Capital Health attack claimed by LockBit ransomware, risk of data leak

LockBit ransomware

The LockBit ransomware operation has claimed responsibility for a November 2023 cyber attack on the Capital Health hospital network and threatens to leak stolen data and negotiation chats.

Capital Health ransomware attack update

January 08, 2024

US mortgage lender loanDepot

US mortgage lender loanDepot confirms ransomware attack

Unknown

Mortgage lender loanDepot said that approximately 16.6 million people had their personal information stolen in a ransomware attack disclosed earlier in the month. loanDepot suffered an attack that caused the company to take IT systems offline, preventing online payments against loans.

US mortgage lender loanDepot ransomware attack

January 08, 2024

Douglas County Libraries

Douglas County Libraries hacked by overseas criminal group

A hacker group called Playcrypt

Douglas County Libraries became the victim of an international cyber attack and remained stuck in negotiations with the criminal group. There were alarms set off on the Library network, and the entire system, from the online catalogue to placing holds and even checking out books was affected.

Ransomware attack on Douglas County Libraries

January 08, 2024

Tigo Business

Paraguay warns of Black Hunt ransomware attacks after Tigo Business breach

Black Hunt Ransomware

Tigo Business suffered a cyber attack impacting cloud and hosting services in the company's business division.

Ransomware attack on Paraguay’s Tigo Business

January 17, 2024

Aviation leasing company AerCap

Aviation leasing company AerCap investigates ransomware incident

A new cybercrime group called Slug

AerCap, a global company that leases aircraft, engines and helicopters, reported that it was responding to a ransomware attack.

AerCap ransomware attack

January 21, 2024

Majorca city Calvià

Majorca city Calvià hit by ransomware attack

Unknown

The Calvià City Council in Majorca announced it was targeted by a ransomware attack, which impacted municipal services. A source learned that the ransom set by the cybercriminals is allegedly €10,000,000, approximately $11M.

Majorca city Calvià ransomware attack

January 21, 2024

Finnish IT services and enterprise cloud hosting provider Tietoevry

Tietoevry ransomware attack causes outages for Swedish firms, cities

Akira Ransomware

The Akira ransomware attack encrypted the company's virtualization and management servers used to host the websites or applications for a wide range of businesses in Sweden as the attack prevented online purchases of movie tickets through the website or mobile app.

Ransomware attack on a Finnish IT services provider Tietoevry

January 23, 2024

Southern Water UK

Southern Water UK hit with a ransomware attack 

Black Basta ransomware 

Hackers stole data from some of Southern Water’s IT systems

Southern Water UK ransomware attack

January 23, 2024

Veolia North America

Water services giant Veolia North America hit by ransomware attack

Unknown

The ransomware attack impacted systems of its Municipal Water division and disrupted its bill payment systems.

Veolia North America ransomware attack

January 24, 2024

Bucks County, Pennsylvania

Local governments in Colorado, Pennsylvania and Missouri dealing with ransomware

Unknown

Bucks County, Pennsylvania — home to nearly 650,000 people — said that it has faced a cybersecurity incident that has knocked out the Emergency Communications’ Department’s computer-aided dispatch (CAD) system. This system is used by the local fire department, police department and emergency services.

Bucks County, Pennsylvania ransomware attack

January 24, 2024

Kansas City public transportation

Kansas City public transportation authority hit by ransomware

Medusa ransomware

KCATA announced that it suffered a ransomware attack that impacted all its communication systems. The threat actors have apparently given KCATA 10 days to negotiate a resolution, and their financial demands were set to a payment of $2,000,000. They also offered the option to extend the deadline for making the stolen data available to the public for $100,000/day.

Kansas City public transportation ransomware attack

January 29, 2024

Energy company Schneider

Energy giant Schneider Electric hit by Cactus ransomware attack

Cactus ransomware

Energy management and automation giant Schneider Electric suffered a Cactus ransomware attack leading to the theft of corporate data. The attack hit the company's Sustainability Business division, and disrupted some of Schneider Electric's Resource Advisor cloud platform. The ransomware gang reportedly stole terabytes of corporate data and is now  threatening to leak the stolen data if a ransom demand is not paid.

Schneider ransomware attack


 
Back to Top 

New call-to-action

Cyber Attacks in January 2024

Date

Victim

Summary

Threat Actor

Business Impact

Source Link

January 02, 2024

Blockchain platform Orbit Chain

Orbit Chain loses $86 million in fintech hack 

Sophisticated state-sponsored attackers believed to be based out of North Korea

Orbit Chain has experienced a security breach that has resulted in a loss of $86 million in cryptocurrency, particularly Ether, Dai, Tether, and USD Coin as Orbit Chain's balance went from $115M to $29M instantly, meaning that the losses are estimated to be about $86,000,000.

Orbit Chain data breach

January 03, 2024

Mandiant Cyber Security

Mandiant’s account on X hacked to push cryptocurrency scam

Drainer-as-a-Service (DaaS) gang

The Twitter account of American cybersecurity firm and Google subsidiary Mandiant was hijacked to impersonate the Phantom crypto wallet and perpetrate a cryptocurrency scam.

Cyber attack on Mandiant in January 2024

January 03, 2024

Orange Spain

Hacker hijacks Orange Spain RIPE account to cause BGP havoc

Unknown

Orange Spain suffered an internet outage after a hacker breached the company's RIPE account to misconfigure BGP routing and an RPKI configuration.

Cyber attack on Orange Spain

January 04, 2024

KyivStar Telecommunication

Russian hackers wiped thousands of systems in KyivStar attack

Solntsepek group (believed to be linked to the Sandworm Russian military hacking group)

The Russian hackers behind a December breach of Kyivstar, Ukraine's largest telecommunications service provider, have wiped all systems on the telecom operator's core network as Kyivstar's mobile and data services went down, leaving most of its 25 million mobile and home internet subscribers without an internet connection.

KyivStar Telecommunication cyber attack update

January 08, 2024

Netgear and Hyundai

Netgear, Hyundai latest X accounts hacked to push crypto drainers

Unknown

Hackers targeted the official Netgear and Hyundai MEA Twitter/X accounts (together with over 160,000 followers) to push scams designed to infect potential victims with cryptocurrency wallet drainer malware.

Cyber attack on Netgear and Hyundai’s X accounts

January 17, 2024

Docker

Docker hosts hacked in ongoing website traffic theft scheme

Unknown

A new hacking campaign targeting vulnerable Docker services deploys an XMRig miner and the 9hits viewer app on compromised hosts, allowing a dual monetization strategy.

Cyber attack on Docker hosts

January 18, 2024

Kansas State University

Kansas State University cyber attack disrupts IT network and services

Unknown

Kansas State University (K-State) announced it was managing a cybersecurity incident that has disrupted certain network systems, including VPN, K-State Today emails, and video services on Canvas and Mediasite.

Kansas State University cyber attack

January 21, 2024

Ukraine’s popular online bank, Monobank

Ukrainian mobile bank sees a spike in ‘non-stop’ DDoS incidents

A hacker group tracked as UAC-0006

Ukraine’s popular online bank, Monobank, was targeted by a distributed denial-of-service (DDoS) attack - its largest attack ever, with 580 million service requests over three days.

Monobank cyber attack

January 22, 2024

U.S. Securities and Exchange Commission

SEC confirms X account was hacked in SIM swapping attack

Unknown

The U.S. Securities and Exchange Commission confirmed that its X account was hacked through a SIM-swapping attack on the cell phone number associated with the account. The account was hacked to issue a fake announcement that the agency had finally approved Bitcoin ETFs on security exchanges.

SEC cyber attack

January 24, 2024

Washington County, PA

Washington County government, courthouse hit by cyber attack

Unknown

All telephones and computers throughout Washington County’s government offices and courthouse were shut down by county officials as a proactive measure after malware “phishing activity” was detected on the systemwide server. The breach of the county’s main server meant government and courthouse workers were unable to use their office phones and computers, although the Department of Public Safety apparently was not affected by the situation.

Washington County cyber attack

January 25, 2024

The Parkovy facility in Kyiv, The state-owned energy company Naftogaz

National postal service provider Ukrposhta

State railway Ukrzaliznytsia

DSBT, the agency responsible for transport safety

The state television channel created for residents of the occupied areas of Ukraine.

Kyiv data centre says some services restored after attack affecting state-owned clients

Pro-Russian threat actor known as Free Civilian (allegedly associated with a hacking group identified as UAC-0056 or SaintBear)

A Ukrainian data centre serving several state-owned companies brought back some of its services after a cyber attack disrupted operations for customers the day before.

Cyber attack on a Ukrainian data centre serving government companies


Back to Top 

cyber tabletop scenarios

Data Breaches in January 2024

Date

Victim

Summary

Threat Actor

Business Impact

Source Link

January 02, 2024

HealthEC tech solutions provider

Data breach at healthcare tech firm impacts 4.5 million patients

Unknown

The total number of affected individuals was 4,452,782. 17 healthcare service providers and state-level health systems were impacted by the cyber attack on the HealthEC tech solutions provider. Some major organisations listed in the notice include Corewell Health, HonorHealth, the University Medical Center of Princeton Physicians' Organization, and the Alliance for Integrated Care of New York.

HealthEC tech solutions provider data breach

January 10, 2024

M9com, a major internet service provider (ISP) in Russia

Pro-Ukraine hackers breach Russian ISP in revenge for KyivStar attack

The Blackjack hacker group

The Blackjack hacker group announced on Telegram that they had breached M9com, a major internet service provider (ISP) in Moscow. The hacktivists claimed that they not only managed to disrupt M9com’s internet services but also stole confidential data from the company. The group shared a Tor URL for three ZIP archives with images that allegedly prove their access to M9com’s systems, texts with account credentials of employees and customers, and 50 GB of call data.

Revenge data breach attack on Russia’s M9com

January 10, 2024

Fidelity National Financial

Fidelity National Financial: Hackers stole data of 1.3 million people

BlackCat Ransomware

Fidelity National Financial (FNF) has confirmed that a November cyber attack has exposed the data of 1.3 million customers.

Fidelity National Financial data breach

January 10, 2024

Framework Computer

Framework discloses data breach after accountant gets phished

Unknown

Framework Computer said a Keating Consulting accountant was tricked on January 11 by a threat actor impersonating Framework's CEO into sharing a spreadsheet containing customers' personally identifiable information (PII) "associated with outstanding balances for Framework purchases."

Framework Computer data breach

January 17, 2024

Athletics clothing company Halara

Halara probes breach after hacker leaks data for 950,000 people

The hacker named 'Sanggiero' on BreachForums 

The leaked data allegedly contained 1M unique addresses, first names, last names, phone numbers, country, home addresses, zip codes, provinces, cities etc.

Clothing company Halara data breach

January 17, 2024

Hardware cryptocurrency wallet vendor Trezor

Trezor support site breach exposes personal data of 66,000 customers

Unknown

In this attack, a subset of 66,000 users who have interacted with Trezor Support since December 2021 may have had their names or usernames, and email addresses exposed to an unauthorised party.

Cryptocurrency wallet vendor Trezor data breach

January 18, 2024

VF Corporation, the company behind brands like Vans, Timberland, The North Face, Dickies, and Supreme

Vans, North Face owner says ransomware breach affects 35 million people

Unknown

VF Corporation said that more than 35 million customers had their personal information stolen in a December ransomware attack. The footwear giant said that the affected customers' social security numbers, bank account information, or payment card information was not impacted since it doesn't store such data on its systems.

VF corporation ransomware attack

January 19, 2024

Financial Services Platform Payoneer

Payoneer accounts in Argentina hacked in 2FA bypass attacks

Sombraman1919-(BreachForums name)

Numerous Payoneer users in Argentina reported waking up to finding that their 2FA-protected accounts were hacked and funds stolen after receiving SMS OTP codes while they were sleeping.

Payoneer data breach

January 19, 2024

Microsoft corporate emails

Russian hackers stole Microsoft corporate emails in month-long breach

Midnight Blizzard/ Nobelium or APT29

Microsoft warned that some of its corporate email accounts were breached and data stolen by a Russian state-sponsored hacking group known as Midnight Blizzard. Microsoft said the threat actors breached their systems in November 2023 when they conducted a password spray attack to access a legacy non-production test tenant account.

Microsoft corporate emails data breach

January 22, 2024

Fintech firm EquiLend

Global fintech firm EquiLend offline after recent cyber attack

LockBit ransomware representative, LockBitSupp

A global financial technology firm EquiLend said its operations were disrupted after some systems were taken offline in a cyber attack. Following the incident, the  company also detected unauthorised access to its network and is now working to restore all affected services.

Fintech firm EquiLend data breach

January 23, 2024

Jason’s Deli

Jason’s Deli says customer data exposed in credential stuffing attack

Unknown

In a data breach notification sent to customers, Jason's Deli said hackers obtained credentials of member accounts at Jason's Deli from other sources and, on December 21, 2023, used them in a credential stuffing attack against the restaurant's website.

Jason’s Deli data breach

January 23, 2024

Trello API

Trello API abused to link email addresses to 15 million accounts

Hacker with a title “Emo” (Used on BreachForums)

An exposed Trello API allows linking private email addresses with Trello accounts, enabling the creation of millions of data profiles containing both public and private information. The News of the Trello data leak came in when a person using the alias 'emo' attempted to sell the data of 15,115,516 Trello members on a popular hacking forum.

Trello API data breach

January 24, 2024

Hewlett Packard Enterprise (HPE)

HPE: Russian hackers breached its security team’s email accounts

Midnight Blizzard

Hewlett Packard Enterprise (HPE) disclosed that suspected Russian hackers known as Midnight Blizzard gained access to the company's Microsoft Office 365 email environment to steal data from its cybersecurity team and other departments.

Hewlett Packard Enterprise (HPE) data breach

January 25, 2024

Russian Center for Space Hydrometeorology, aka "planeta"

Hack wiped 2 petabytes of data from Russian research centre

Cyber volunteers known as the "BO Team" 

The Main Intelligence Directorate of Ukraine's Ministry of Defense claims that pro-Ukrainian hacktivists breached the Russian Center for Space Hydrometeorology, aka "planeta" (планета), and wiped 2 petabytes of data. In another case of state-affiliated hacking, Ukraine said cyber volunteers known as the "BO Team" successfully breached Planeta's Far Eastern branch (the largest of the three). The Ukrainian government does not state if they were involved in the attack. They claim the hackers destroyed 280 servers used by the research centre, which held 2 petabytes of data (2000 terabytes).

Data breach attack on Russian Center for Space Hydrometeorology, aka "planeta"

January 25, 2024

Microsoft’s Exchange Online accounts

Microsoft reveals how hackers breached its Exchange Online accounts

Midnight Blizzard (aka Nobelium, or APT29)

Microsoft discovered that Russian hackers breached its systems in November 2023 and stole email from their leadership, cybersecurity, and legal teams. Some of these emails contained information about the hacking group itself, allowing the threat actors to learn what Microsoft knew about them.

Data breach attack on Microsoft’s Exchange Online accounts

January 25, 2024

23andMe

23andMe data breach: Hackers stole raw genotype data, health reports

Addka72424-(A name on BreachForums)

Genetic testing provider 23andMe confirmed that hackers stole health reports and raw genotype data of customers affected by a credential stuffing attack that went unnoticed for five months, from April 29 to September 27 as the credentials used by the attackers to breach the customers' accounts were stolen in other data breaches or used on previously compromised online platforms.

23andMe data breach update

January 29, 2024

California-based insurance brokerage and consulting firm Keenan

Keenan warns 1.5 million people of data breach after summer cyber attack

Unknown

Keenan & Associates has sent notices of a data breach to 1.5 million customers, warning that hackers accessed their personal information in a recent cyber attack as the company submitted a notification to the Office of the Maine Attorney General, warning that 1,509,616 people were impacted by a data breach incident that occurred in the summer of 2023.

Keenan data breach


Back to Top 

New call-to-action

 

Back to Top 

New Malware/Vulnerabilities Discovered & Patches released in January 2024

Date

New Malware /Flaws/Fixes

Summary

Source Link

January 02, 2024

CVE-2023-7024 and CVE-2023-7101

The U.S. Cybersecurity and Infrastructure Security Agency has added two vulnerabilities to the Known Exploited Vulnerabilities catalogue, a recently patched flaw in Google Chrome and a bug affecting an open-source Perl library for reading information in an Excel file called Spreadsheet::ParseExcel.

CISA warns of actively exploited bugs in Chrome and Excel parsing library

January 02, 2024

CVE-2023-48795

Almost 11 million internet-exposed SSH servers are vulnerable to the Terrapin attack that threatens the integrity of some SSH connections. 

Nearly 11 million SSH servers vulnerable to new Terrapin attacks

January 02, 2024

CVE-2023-39336

Ivanti fixed a critical remote code execution (RCE) vulnerability in its Endpoint Management software (EPM) that can let unauthenticated attackers hijack enrolled devices or the core server.

Ivanti warns critical EPM bug lets hackers hijack enrolled devices

January 09, 2024

CVE-2023-27524,

CVE-2023-23752,

CVE-2023-41990,

CVE-2023-38203,

CVE-2023-29300,

CVE-2016-20017

The U.S. Cybersecurity and Infrastructure Security Agency has added to its Known Exploited Vulnerabilities catalogue six vulnerabilities that impact products from Apple, Adobe, Apache, D-Link, and Joomla.

CISA warns agencies of fourth flaw used in Triangulation spyware attacks

January 10, 2024

CVE-2024-20272

Cisco has patched a critical Unity Connection security flaw that can let unauthenticated attackers remotely gain root privileges on unpatched devices.

Cisco says critical Unity Connection bug lets attackers get root

January 16, 2024

CVE-2023-22527

Atlassian Confluence Data Center and Confluence Server are vulnerable to a critical remote code execution (RCE) vulnerability that impacts versions released before December 5, 2023, including out-of-support releases.

Atlassian warns of critical RCE flaw in older Confluence versions

January 16, 2024

CVE-2024-0519

Google has released security updates to fix the first Chrome zero-day vulnerability exploited in the wild since the start of the year.

Google fixes first actively exploited Chrome zero-day of 2024

January 16, 2024

CVE-2024-0200

GitHub rotated keys potentially exposed by a vulnerability patched in December that could let attackers access credentials within production containers via environment variables. 

GitHub rotates keys to mitigate impact of credential-exposing flaw

January 17, 2024

CVE-2023-4969

A new vulnerability dubbed 'LeftoverLocals' affecting graphics processing units from AMD, Apple, Qualcomm, and Imagination Technologies allows retrieving data from the local memory space.

AMD, Apple, Qualcomm GPUs leak AI data in LeftoverLocals attacks

January 17, 2024

CVE-2023-6548, CVE-2023-6549

CISA ordered U.S. federal agencies to secure their systems against three recently patched Citrix NetScaler and Google Chrome zero-days actively exploited in attacks, pushing for a Citrix RCE bug to be patched within a week. 

CISA pushes federal agencies to patch Citrix RCE within a week

January 17, 2024

MediaPl malware

Microsoft says that a group of Iranian-backed state hackers are targeting high-profile employees of research organisations and universities across Europe and the United States in spear phishing attacks pushing new backdoor malware.

Microsoft: Iranian hackers target researchers with new MediaPl malware

January 18, 2024

CVE-2023-35082

CISA warns that a critical authentication bypass vulnerability in Ivanti's Endpoint Manager Mobile (EPMM) and MobileIron Core device management software (patched in August 2023) is now under active exploitation.

CISA: Critical Ivanti auth bypass bug now actively exploited

January 18, 2024

Spica Backdoor Malware

Google says the ColdRiver Russian-backed hacking group is pushing previously unknown backdoor malware using payloads masquerading as a PDF decryption tool.

Google: Russian FSB hackers deploy new Spica backdoor malware

January 19, 2024

CVE-2023-34048

A Chinese hacking group has been exploiting a critical vCenter Server vulnerability (CVE-2023-34048) as a zero-day since at least late 2021.

Chinese hackers exploit VMware bug as zero-day for two years

January 22, 2024

CVE-2023-46805, CVE-2024-21887

Ivanti warned admins to stop pushing new device configurations to appliances after applying mitigations because this will leave them vulnerable to ongoing attacks exploiting two zero-day vulnerabilities.

Ivanti: VPN appliances vulnerable if pushing configs after mitigation

January 22, 2024

CVE-2024-23222

Apple released security updates to address this year's first zero-day vulnerability exploited in attacks that could impact iPhones, Macs, and Apple TVs.

Apple fixes first zero-day bug exploited in attacks this year

January 23, 2024

CVE-2024-0204

Fortra warned of a new authentication bypass vulnerability impacting GoAnywhere MFT (Managed File Transfer) versions before 7.4.1 that allows an attacker to create a new admin user.

Fortra warns of new critical GoAnywhere MFT auth bypass

January 25, 2024

CVE-2024-20253

Cisco is warning that several of its Unified Communications Manager (CMs) and Contact Center Solutions products are vulnerable to a critical severity remote code execution security issue.

Cisco warns of critical RCE flaw in communications software

January 25, 2024

CVE-2023-6933

Malicious activity targeting a critical severity flaw in the ‘Better Search Replace’ WordPress plugin has been detected, with researchers observing thousands of attempts in the past 24 hours. 

Hackers target WordPress database plugin active on 1 million sites

January 29, 2024

CVE-2023-23897

Researchers found roughly 45,000 Jenkins instances exposed online that are vulnerable to CVE-2023-23897, a critical remote code execution (RCE) flaw for which multiple public proof-of-concept (PoC) exploits are in circulation.

45k Jenkins servers exposed to RCE attacks using public exploits

 Back to Top 

Ransomware Incident Response Playbook

Warnings/Advisories/Reports/Analysis

News Type

Summary

Source Link

Report

A threat actor announced on a cybercrime forum that they sold the source code and a cracked version of the Zeppelin ransomware builder for just $500.

Zeppelin ransomware source code sold for $500 on hacking forum

Report

A crypto wallet service co-founder shares with the world his agony after losing $125,000 to a crypto scam as the startup CEO, who at the time believed he was on a legitimate cryptocurrency airdrop website, realised after his loss that the domain he'd gone on was setup for the purposes of phishing unsuspecting users.

Crypto wallet founder loses $125,000 to fake airdrop website

Report

A Nigerian national was arrested in Ghana and is facing charges related to business email compromise (BEC) attacks that caused a charitable organisation in the United States to lose more than $7.5 million.

Nigerian hacker arrested for stealing $7.5M from charities

Report

Adult media giant Aylo has blocked access to many of its websites, including PornHub, to visitors from Montana and North Carolina as new age verification laws go into effect.

PornHub blocks North Carolina, Montana over new age verification laws

Report

LastPass notified customers that they are now required to use complex master passwords with a minimum of 12 characters to increase their accounts' security.

LastPass now requires 12-character master passwords for better security

Report

Hackers are increasingly targeting verified accounts on X (formerly Twitter) belonging to government and business profiles and marked with 'gold' and 'grey' check marks to promote cryptocurrency scams, phishing sites, and sites with crypto drainers.

Hackers hijack govt and business accounts on X for crypto scams

Report

A group of financially motivated Turkish hackers targets Microsoft SQL (MSSQL) servers worldwide to encrypt the victims' files with Mimic (N3ww4v3) ransomware as these ongoing attacks are tracked as RE#TURGENCE and have been directed at targets in the European Union, the United States, and Latin America.

Hackers target Microsoft SQL servers in Mimic ransomware attacks

Analysis

Researchers analysed that the Turkish state-backed cyber espionage group tracked as Sea Turtle has been carrying out multiple spying campaigns in the Netherlands, focusing on telcos, media, internet service providers (ISPs), and Kurdish websites.

Turkish hackers Sea Turtle expand attacks to Dutch ISPs, telcos

Report

T-Mobile faced an outage that prevented customers from logging into their accounts and using the company's mobile app.

Major T-Mobile outage takes down account access, mobile app

Analysis

Some organisations victimised by the Royal and Akira ransomware gangs have been targeted by a threat actor posing as a security researcher who promised to hack back the original attacker and delete stolen victim data.

Ransomware victims targeted by fake hack-back offers

Report

A Chinese state-backed research institute claims to have discovered how to decrypt device logs for Apple's AirDrop feature, allowing the government to identify phone numbers or email addresses of those who shared content.

China claims it cracked Apple's AirDrop to find numbers, email addresses

Report

A little over 6,700 WordPress websites using a vulnerable version of the Popup Builder plugin have been infected with the Balada Injector malware in a campaign that launched in mid-December.

New Balada Injector campaign infects 6,700 WordPress sites

Report

Security researchers found that infections with high-profile spyware Pegasus, Reign, and Predator could be discovered on compromised Apple mobile devices by checking Shutdown.log, a system log file that stores reboot events.

iShutdown scripts can help detect iOS spyware on your iPhone

Report

A previously unknown cybercrime syndicate named 'Bigpanzi' has been making significant money by infecting Android TV and eCos set-top boxes worldwide since at least 2015.

Bigpanzi botnet infects 170,000 Android TV boxes with malware

Report

Ransomware actors are again using TeamViewer to gain initial access to organisation endpoints and attempt to deploy encryptors based on the leaked LockBit ransomware builder. 

TeamViewer abused to breach networks in new ransomware attacks

Report

The U.S. Federal Trade Commission (FTC) continues to target data brokers, this time in a settlement with InMarket Media, which bans the company from selling Americans' precise location data.

FTC bans one more data broker from selling your location info

Report

Instagram’s parent company said it would not remove fake Instagram profiles from the platform.  

Meta won't remove fake Instagram profiles that are clearly catfishing

Report

A German court has charged a programmer investigating an IT problem with hacking and fined them €3,000 ($3,265) for what it deemed was unauthorised access to external computer systems and spying on data.

Court charges developer with hacking after cybersecurity issue disclosure

Report

The Australian, US, and UK governments have announced sanctions for Aleksandr Gennadievich Ermakov, a Russian national considered responsible for the 2022 Medibank hack and a member of the REvil ransomware group.

US, UK, Australia sanction REvil hacker behind Medibank data breach (23Jan)

Report

The threat actor tracked  as 'Blackwood' is using sophisticated malware called NSPX30 in cyberespionage attacks against companies and individuals as the adversary has been active since at least 2018 utilising the NSPX30 malware, an implant with a codebase rooted in a simple backdoor from 2005, following adversary-in-the-middle (AitM) attacks.

Blackwood hackers hijack WPS Office update to install malware

Report

Numerous iOS apps are using background processes triggered by push notifications to collect user data about devices, potentially allowing the creation of fingerprinting profiles used for tracking.

iPhone apps abuse iOS push notifications to collect user data

Report

Financially motivated hackers are infecting systems with malware known as AllaKore RAT to steal banking credentials and unique authentication information as this threat actor has been persistently targeting Mexican entities for the purposes of financial gain.

Large Mexican companies targeted by financially motivated hacking campaign

Report

Microsoft is investigating an issue that prevents Outlook and other email clients from connecting when using an Outlook.com account as some users have reported that signing in with an App Password works to connect but later goes back into a disconnected state.

Microsoft says Outlook apps can’t connect to Outlook.com

Warning

The FBI warned about courier services being used to collect money and valuables from victims of tech support and government impersonation scams.

FBI: Tech support scams now use couriers to collect victims' money

Report

The number of ransomware victims paying ransom demands has dropped to a record low of 29% in the final quarter of 2023, according to ransomware negotiation firm Coveware.

Ransomware payments drop to record low as victims refuse to pay

Report

Three former Department of Homeland Security (DHS) employees were sentenced to prison for stealing proprietary U.S. government software and databases containing the personal data of 200,000 federal employees.

DHS employees jailed for stealing data of 200K U.S. govt workers

Report

Microsoft is investigating a second outage affecting Microsoft Teams users across North and South America in the last three days as affected customers again report having connectivity issues and experiencing delays when sending and receiving messages in mobile and desktop Teams clients.

Microsoft Teams hit by second outage in three days

Back to Top 

New call-to-action

New call-to-action

Get Email Updates on our Latest News

Simply enter you details in the form below to subscribe:

  • Or call us on:
  • +44 (0) 203 189 1422
yt-1