Date: 1 February 2024
The year has started with a bang quite literally, at least in the world of cybersecurity. Check out our monthly compilation of the biggest cyber attacks in January 2024 along with ransomware attacks, data breaches and new malware and vulnerabilities discovered.
Microsoft announced a massive nation-state attack on its systems. But sadly, that wasn't all. The Twitter/X accounts of behemoths like the U.S. SEC and Mandiant allegedly got hacked. Hewlett Packard Enterprise, Energy giant Schneider Electric, Aviation leasing company AerCap, Mortgage lender loanDepot, health tech firm HealthEC were amongst the other big names who were all impacted by major attacks in the month gone by.
- Ransomware Attacks in January 2024
- Cyber Attacks in January 2024
- Data Breaches in January 2024
- New Malware, Vulnerabilities & Patches
- Advisories issued, reports, analysis etc. in January 2024
Every new year is an occasion to undo the past years' mistakes. And a look at the experiences of others can really help pave a better way forward for everyone. The lists below and the historical perspective that our Cyber Attack Timelines offer are aimed at one single objective - to encourage and inspire businesses across the globe to get their cyber resilience in order in 2024.
Let's be honest - there is no getting away from cyber crime in 2024. But what you can do is kick off the year with better preparation against cyber attacks, ransomware attacks and data breaches. This doesn't have to be overwhelming or daunting. There are a few simple ways to achieve this.
First, get your Cyber Incident Response Plan and Incident Response Playbook in order. Review and re-evaluate whether they are still relevant in the current threat landscape. If you need help in getting these documents professionally reviewed and refreshed, reach out to our expert cybersecurity consultants. Our Virtual Cyber Assistants and Virtual Cyber Consultants can help you enhance your cybersecurity maturity at a pace and budget that suits your exact requirements.
But remember, plans, cybersecurity policy documents and ransomware response playbooks are of little value if they aren't tested and practised. Your team needs to know what's in them. They need to build muscle memory for these plans and processes. That's the only way to ensure effective response and robust cybersecurity leadership in the face of a crisis. The only way to achieve this is through regular Cyber Crisis Tabletop Exercises. If you can't hire an expert facilitator, our experts have created these invaluable free resources that you can use immediately.
- Top Cyber Tabletop Exercise Scenarios
- Cyber Security Tabletop Exercise Template
- Cyber Tabletop Exercise PPT
- Cyber Crisis Tabletop Exercise Checklist
Finally, remember that the human element is the weakest link in the chain. It is highly advisable to invest in cybersecurity awareness training for all your staff. Key members who are responsible for organisational response during a cyber attack must be at least familiar with Cyber Incident Planning and Response and Cyber Incident Response Playbooks.
Building cyber resilience is an ongoing journey. It requires a cocktail of constant awareness-building and consistent efforts at improving cybersecurity preparedness. It's not easy but it's not impossible.
Ransomware Attacks in January 2024
|
Date |
Victim |
Summary |
Threat Actor |
Business Impact |
Source Link |
|
January 01, 2024 |
Australia's Court Services Victoria (CSV) |
Victoria court recordings exposed in reported ransomware attack |
Qilin ransomware attack |
CSV said it detected a cyber attack on December 21, 2023, that allowed hackers to disrupt operations and access its audio-visual archive containing sensitive hearing recordings. CSV detailed that recordings of some hearings in courts between 1 November and 21 December 2023 were accessed and impacted the operations of Supreme Court, County Court, Magistrates' Court, Children's Court, Coroners Court. |
|
|
January 02, 2024 |
Museum software solutions provider Gallery Systems |
Online museum collections down after cyber attack on service provider |
Unknown |
In a customer notification, Gallery Systems said it suffered a ransomware attack causing the company to take systems offline to prevent further devices from being encrypted. |
Ransomware attack on a Museum software solutions provider Gallery Systems |
|
January 02, 2024 |
Xerox says subsidiary XBS U.S. breached after ransomware gang leaks data |
INC Ransom ransomware |
The U.S. division of Xerox Business Solutions (XBS) was compromised by hackers with a limited amount of personal information possibly exposed, according to a statement by the parent company, Xerox Corporation. The ransomware gang added the corporation to its extortion portal on December 29, claiming to have stolen sensitive data and confidential documents. |
||
|
January 08, 2024 |
Toronto Zoo says ransomware attack had no impact on animal wellbeing |
Unknown |
Toronto Zoo, the largest zoo in Canada, said that a ransomware attack that hit its systems had no impact on the animals, its website, or its day-to-day operations. |
||
|
January 08, 2024 |
Capital Health attack claimed by LockBit ransomware, risk of data leak |
LockBit ransomware |
The LockBit ransomware operation has claimed responsibility for a November 2023 cyber attack on the Capital Health hospital network and threatens to leak stolen data and negotiation chats. |
||
|
January 08, 2024 |
US mortgage lender loanDepot confirms ransomware attack |
Unknown |
Mortgage lender loanDepot said that approximately 16.6 million people had their personal information stolen in a ransomware attack disclosed earlier in the month. loanDepot suffered an attack that caused the company to take IT systems offline, preventing online payments against loans. |
||
|
January 08, 2024 |
Douglas County Libraries hacked by overseas criminal group |
A hacker group called Playcrypt |
Douglas County Libraries became the victim of an international cyber attack and remained stuck in negotiations with the criminal group. There were alarms set off on the Library network, and the entire system, from the online catalogue to placing holds and even checking out books was affected. |
||
|
January 08, 2024 |
Paraguay warns of Black Hunt ransomware attacks after Tigo Business breach |
Black Hunt Ransomware |
Tigo Business suffered a cyber attack impacting cloud and hosting services in the company's business division. |
||
|
January 17, 2024 |
Aviation leasing company AerCap |
Aviation leasing company AerCap investigates ransomware incident |
A new cybercrime group called Slug |
AerCap, a global company that leases aircraft, engines and helicopters, reported that it was responding to a ransomware attack. |
|
|
January 21, 2024 |
Majorca city Calvià |
Majorca city Calvià hit by ransomware attack |
Unknown |
The Calvià City Council in Majorca announced it was targeted by a ransomware attack, which impacted municipal services. A source learned that the ransom set by the cybercriminals is allegedly €10,000,000, approximately $11M. |
|
|
January 21, 2024 |
Finnish IT services and enterprise cloud hosting provider Tietoevry |
Tietoevry ransomware attack causes outages for Swedish firms, cities |
Akira Ransomware |
The Akira ransomware attack encrypted the company's virtualization and management servers used to host the websites or applications for a wide range of businesses in Sweden as the attack prevented online purchases of movie tickets through the website or mobile app. |
Ransomware attack on a Finnish IT services provider Tietoevry |
|
January 23, 2024 |
Southern Water UK |
Southern Water UK hit with a ransomware attack |
Black Basta ransomware |
Hackers stole data from some of Southern Water’s IT systems |
|
|
January 23, 2024 |
Water services giant Veolia North America hit by ransomware attack |
Unknown |
The ransomware attack impacted systems of its Municipal Water division and disrupted its bill payment systems. |
||
|
January 24, 2024 |
Bucks County, Pennsylvania |
Local governments in Colorado, Pennsylvania and Missouri dealing with ransomware |
Unknown |
Bucks County, Pennsylvania — home to nearly 650,000 people — said that it has faced a cybersecurity incident that has knocked out the Emergency Communications’ Department’s computer-aided dispatch (CAD) system. This system is used by the local fire department, police department and emergency services. |
|
|
January 24, 2024 |
Kansas City public transportation authority hit by ransomware |
Medusa ransomware |
KCATA announced that it suffered a ransomware attack that impacted all its communication systems. The threat actors have apparently given KCATA 10 days to negotiate a resolution, and their financial demands were set to a payment of $2,000,000. They also offered the option to extend the deadline for making the stolen data available to the public for $100,000/day. |
||
|
January 29, 2024 |
Energy company Schneider |
Energy giant Schneider Electric hit by Cactus ransomware attack |
Cactus ransomware |
Energy management and automation giant Schneider Electric suffered a Cactus ransomware attack leading to the theft of corporate data. The attack hit the company's Sustainability Business division, and disrupted some of Schneider Electric's Resource Advisor cloud platform. The ransomware gang reportedly stole terabytes of corporate data and is now threatening to leak the stolen data if a ransom demand is not paid. |
Cyber Attacks in January 2024
|
Date |
Victim |
Summary |
Threat Actor |
Business Impact |
Source Link |
|
January 02, 2024 |
Blockchain platform Orbit Chain |
Orbit Chain loses $86 million in fintech hack |
Sophisticated state-sponsored attackers believed to be based out of North Korea |
Orbit Chain has experienced a security breach that has resulted in a loss of $86 million in cryptocurrency, particularly Ether, Dai, Tether, and USD Coin as Orbit Chain's balance went from $115M to $29M instantly, meaning that the losses are estimated to be about $86,000,000. |
|
|
January 03, 2024 |
Mandiant Cyber Security |
Mandiant’s account on X hacked to push cryptocurrency scam |
Drainer-as-a-Service (DaaS) gang |
The Twitter account of American cybersecurity firm and Google subsidiary Mandiant was hijacked to impersonate the Phantom crypto wallet and perpetrate a cryptocurrency scam. |
|
|
January 03, 2024 |
Hacker hijacks Orange Spain RIPE account to cause BGP havoc |
Unknown |
Orange Spain suffered an internet outage after a hacker breached the company's RIPE account to misconfigure BGP routing and an RPKI configuration. |
||
|
January 04, 2024 |
Russian hackers wiped thousands of systems in KyivStar attack |
Solntsepek group (believed to be linked to the Sandworm Russian military hacking group) |
The Russian hackers behind a December breach of Kyivstar, Ukraine's largest telecommunications service provider, have wiped all systems on the telecom operator's core network as Kyivstar's mobile and data services went down, leaving most of its 25 million mobile and home internet subscribers without an internet connection. |
||
|
January 08, 2024 |
Netgear, Hyundai latest X accounts hacked to push crypto drainers |
Unknown |
Hackers targeted the official Netgear and Hyundai MEA Twitter/X accounts (together with over 160,000 followers) to push scams designed to infect potential victims with cryptocurrency wallet drainer malware. |
||
|
January 17, 2024 |
Docker hosts hacked in ongoing website traffic theft scheme |
Unknown |
A new hacking campaign targeting vulnerable Docker services deploys an XMRig miner and the 9hits viewer app on compromised hosts, allowing a dual monetization strategy. |
||
|
January 18, 2024 |
Kansas State University cyber attack disrupts IT network and services |
Unknown |
Kansas State University (K-State) announced it was managing a cybersecurity incident that has disrupted certain network systems, including VPN, K-State Today emails, and video services on Canvas and Mediasite. |
||
|
January 21, 2024 |
Ukraine’s popular online bank, Monobank |
Ukrainian mobile bank sees a spike in ‘non-stop’ DDoS incidents |
A hacker group tracked as UAC-0006 |
Ukraine’s popular online bank, Monobank, was targeted by a distributed denial-of-service (DDoS) attack - its largest attack ever, with 580 million service requests over three days. |
|
|
January 22, 2024 |
SEC confirms X account was hacked in SIM swapping attack |
Unknown |
The U.S. Securities and Exchange Commission confirmed that its X account was hacked through a SIM-swapping attack on the cell phone number associated with the account. The account was hacked to issue a fake announcement that the agency had finally approved Bitcoin ETFs on security exchanges. |
||
|
January 24, 2024 |
Washington County, PA |
Washington County government, courthouse hit by cyber attack |
Unknown |
All telephones and computers throughout Washington County’s government offices and courthouse were shut down by county officials as a proactive measure after malware “phishing activity” was detected on the systemwide server. The breach of the county’s main server meant government and courthouse workers were unable to use their office phones and computers, although the Department of Public Safety apparently was not affected by the situation. |
|
|
January 25, 2024 |
The Parkovy facility in Kyiv, The state-owned energy company Naftogaz, National postal service provider Ukrposhta, DSBT, the agency responsible for transport safety, The state television channel created for residents of the occupied areas of Ukraine. |
Kyiv data centre says some services restored after attack affecting state-owned clients |
Pro-Russian threat actor known as Free Civilian (allegedly associated with a hacking group identified as UAC-0056 or SaintBear) |
A Ukrainian data centre serving several state-owned companies brought back some of its services after a cyber attack disrupted operations for customers the day before. |
Cyber attack on a Ukrainian data centre serving government companies |
Data Breaches in January 2024
|
Date |
Victim |
Summary |
Threat Actor |
Business Impact |
Source Link |
|
January 02, 2024 |
HealthEC tech solutions provider |
Data breach at healthcare tech firm impacts 4.5 million patients |
Unknown |
The total number of affected individuals was 4,452,782. 17 healthcare service providers and state-level health systems were impacted by the cyber attack on the HealthEC tech solutions provider. Some major organisations listed in the notice include Corewell Health, HonorHealth, the University Medical Center of Princeton Physicians' Organization, and the Alliance for Integrated Care of New York. |
|
|
January 10, 2024 |
M9com, a major internet service provider (ISP) in Russia |
Pro-Ukraine hackers breach Russian ISP in revenge for KyivStar attack |
The Blackjack hacker group |
The Blackjack hacker group announced on Telegram that they had breached M9com, a major internet service provider (ISP) in Moscow. The hacktivists claimed that they not only managed to disrupt M9com’s internet services but also stole confidential data from the company. The group shared a Tor URL for three ZIP archives with images that allegedly prove their access to M9com’s systems, texts with account credentials of employees and customers, and 50 GB of call data. |
|
|
January 10, 2024 |
Fidelity National Financial: Hackers stole data of 1.3 million people |
BlackCat Ransomware |
Fidelity National Financial (FNF) has confirmed that a November cyber attack has exposed the data of 1.3 million customers. |
||
|
January 10, 2024 |
Framework discloses data breach after accountant gets phished |
Unknown |
Framework Computer said a Keating Consulting accountant was tricked on January 11 by a threat actor impersonating Framework's CEO into sharing a spreadsheet containing customers' personally identifiable information (PII) "associated with outstanding balances for Framework purchases." |
||
|
January 17, 2024 |
Athletics clothing company Halara |
Halara probes breach after hacker leaks data for 950,000 people |
The hacker named 'Sanggiero' on BreachForums |
The leaked data allegedly contained 1M unique addresses, first names, last names, phone numbers, country, home addresses, zip codes, provinces, cities etc. |
|
|
January 17, 2024 |
Hardware cryptocurrency wallet vendor Trezor |
Trezor support site breach exposes personal data of 66,000 customers |
Unknown |
In this attack, a subset of 66,000 users who have interacted with Trezor Support since December 2021 may have had their names or usernames, and email addresses exposed to an unauthorised party. |
|
|
January 18, 2024 |
VF Corporation, the company behind brands like Vans, Timberland, The North Face, Dickies, and Supreme |
Vans, North Face owner says ransomware breach affects 35 million people |
Unknown |
VF Corporation said that more than 35 million customers had their personal information stolen in a December ransomware attack. The footwear giant said that the affected customers' social security numbers, bank account information, or payment card information was not impacted since it doesn't store such data on its systems. |
|
|
January 19, 2024 |
Financial Services Platform Payoneer |
Payoneer accounts in Argentina hacked in 2FA bypass attacks |
Sombraman1919-(BreachForums name) |
Numerous Payoneer users in Argentina reported waking up to finding that their 2FA-protected accounts were hacked and funds stolen after receiving SMS OTP codes while they were sleeping. |
|
|
January 19, 2024 |
Russian hackers stole Microsoft corporate emails in month-long breach |
Midnight Blizzard/ Nobelium or APT29 |
Microsoft warned that some of its corporate email accounts were breached and data stolen by a Russian state-sponsored hacking group known as Midnight Blizzard. Microsoft said the threat actors breached their systems in November 2023 when they conducted a password spray attack to access a legacy non-production test tenant account. |
||
|
January 22, 2024 |
Fintech firm EquiLend |
Global fintech firm EquiLend offline after recent cyber attack |
LockBit ransomware representative, LockBitSupp |
A global financial technology firm EquiLend said its operations were disrupted after some systems were taken offline in a cyber attack. Following the incident, the company also detected unauthorised access to its network and is now working to restore all affected services. |
|
|
January 23, 2024 |
Jason’s Deli |
Jason’s Deli says customer data exposed in credential stuffing attack |
Unknown |
In a data breach notification sent to customers, Jason's Deli said hackers obtained credentials of member accounts at Jason's Deli from other sources and, on December 21, 2023, used them in a credential stuffing attack against the restaurant's website. |
|
|
January 23, 2024 |
Trello API abused to link email addresses to 15 million accounts |
Hacker with a title “Emo” (Used on BreachForums) |
An exposed Trello API allows linking private email addresses with Trello accounts, enabling the creation of millions of data profiles containing both public and private information. The News of the Trello data leak came in when a person using the alias 'emo' attempted to sell the data of 15,115,516 Trello members on a popular hacking forum. |
||
|
January 24, 2024 |
HPE: Russian hackers breached its security team’s email accounts |
Midnight Blizzard |
Hewlett Packard Enterprise (HPE) disclosed that suspected Russian hackers known as Midnight Blizzard gained access to the company's Microsoft Office 365 email environment to steal data from its cybersecurity team and other departments. |
||
|
January 25, 2024 |
Hack wiped 2 petabytes of data from Russian research centre |
Cyber volunteers known as the "BO Team" |
The Main Intelligence Directorate of Ukraine's Ministry of Defense claims that pro-Ukrainian hacktivists breached the Russian Center for Space Hydrometeorology, aka "planeta" (планета), and wiped 2 petabytes of data. In another case of state-affiliated hacking, Ukraine said cyber volunteers known as the "BO Team" successfully breached Planeta's Far Eastern branch (the largest of the three). The Ukrainian government does not state if they were involved in the attack. They claim the hackers destroyed 280 servers used by the research centre, which held 2 petabytes of data (2000 terabytes). |
Data breach attack on Russian Center for Space Hydrometeorology, aka "planeta" |
|
|
January 25, 2024 |
Microsoft reveals how hackers breached its Exchange Online accounts |
Midnight Blizzard (aka Nobelium, or APT29) |
Microsoft discovered that Russian hackers breached its systems in November 2023 and stole email from their leadership, cybersecurity, and legal teams. Some of these emails contained information about the hacking group itself, allowing the threat actors to learn what Microsoft knew about them. |
||
|
January 25, 2024 |
23andMe data breach: Hackers stole raw genotype data, health reports |
Addka72424-(A name on BreachForums) |
Genetic testing provider 23andMe confirmed that hackers stole health reports and raw genotype data of customers affected by a credential stuffing attack that went unnoticed for five months, from April 29 to September 27 as the credentials used by the attackers to breach the customers' accounts were stolen in other data breaches or used on previously compromised online platforms. |
||
|
January 29, 2024 |
California-based insurance brokerage and consulting firm Keenan |
Keenan warns 1.5 million people of data breach after summer cyber attack |
Unknown |
Keenan & Associates has sent notices of a data breach to 1.5 million customers, warning that hackers accessed their personal information in a recent cyber attack as the company submitted a notification to the Office of the Maine Attorney General, warning that 1,509,616 people were impacted by a data breach incident that occurred in the summer of 2023. |
New Malware/Vulnerabilities Discovered & Patches released in January 2024
|
Date |
New Malware /Flaws/Fixes |
Summary |
Source Link |
|
January 02, 2024 |
CVE-2023-7024 and CVE-2023-7101 |
The U.S. Cybersecurity and Infrastructure Security Agency has added two vulnerabilities to the Known Exploited Vulnerabilities catalogue, a recently patched flaw in Google Chrome and a bug affecting an open-source Perl library for reading information in an Excel file called Spreadsheet::ParseExcel. |
CISA warns of actively exploited bugs in Chrome and Excel parsing library |
|
January 02, 2024 |
CVE-2023-48795 |
Almost 11 million internet-exposed SSH servers are vulnerable to the Terrapin attack that threatens the integrity of some SSH connections. |
Nearly 11 million SSH servers vulnerable to new Terrapin attacks |
|
January 02, 2024 |
CVE-2023-39336 |
Ivanti fixed a critical remote code execution (RCE) vulnerability in its Endpoint Management software (EPM) that can let unauthenticated attackers hijack enrolled devices or the core server. |
Ivanti warns critical EPM bug lets hackers hijack enrolled devices |
|
January 09, 2024 |
CVE-2023-27524, CVE-2023-23752, CVE-2023-41990, CVE-2023-38203, CVE-2023-29300, CVE-2016-20017 |
The U.S. Cybersecurity and Infrastructure Security Agency has added to its Known Exploited Vulnerabilities catalogue six vulnerabilities that impact products from Apple, Adobe, Apache, D-Link, and Joomla. |
CISA warns agencies of fourth flaw used in Triangulation spyware attacks |
|
January 10, 2024 |
CVE-2024-20272 |
Cisco has patched a critical Unity Connection security flaw that can let unauthenticated attackers remotely gain root privileges on unpatched devices. |
Cisco says critical Unity Connection bug lets attackers get root |
|
January 16, 2024 |
CVE-2023-22527 |
Atlassian Confluence Data Center and Confluence Server are vulnerable to a critical remote code execution (RCE) vulnerability that impacts versions released before December 5, 2023, including out-of-support releases. |
Atlassian warns of critical RCE flaw in older Confluence versions |
|
January 16, 2024 |
CVE-2024-0519 |
Google has released security updates to fix the first Chrome zero-day vulnerability exploited in the wild since the start of the year. |
Google fixes first actively exploited Chrome zero-day of 2024 |
|
January 16, 2024 |
CVE-2024-0200 |
GitHub rotated keys potentially exposed by a vulnerability patched in December that could let attackers access credentials within production containers via environment variables. |
GitHub rotates keys to mitigate impact of credential-exposing flaw |
|
January 17, 2024 |
CVE-2023-4969 |
A new vulnerability dubbed 'LeftoverLocals' affecting graphics processing units from AMD, Apple, Qualcomm, and Imagination Technologies allows retrieving data from the local memory space. |
AMD, Apple, Qualcomm GPUs leak AI data in LeftoverLocals attacks |
|
January 17, 2024 |
CVE-2023-6548, CVE-2023-6549 |
CISA ordered U.S. federal agencies to secure their systems against three recently patched Citrix NetScaler and Google Chrome zero-days actively exploited in attacks, pushing for a Citrix RCE bug to be patched within a week. |
CISA pushes federal agencies to patch Citrix RCE within a week |
|
January 17, 2024 |
MediaPl malware |
Microsoft says that a group of Iranian-backed state hackers are targeting high-profile employees of research organisations and universities across Europe and the United States in spear phishing attacks pushing new backdoor malware. |
Microsoft: Iranian hackers target researchers with new MediaPl malware |
|
January 18, 2024 |
CVE-2023-35082 |
CISA warns that a critical authentication bypass vulnerability in Ivanti's Endpoint Manager Mobile (EPMM) and MobileIron Core device management software (patched in August 2023) is now under active exploitation. |
CISA: Critical Ivanti auth bypass bug now actively exploited |
|
January 18, 2024 |
Spica Backdoor Malware |
Google says the ColdRiver Russian-backed hacking group is pushing previously unknown backdoor malware using payloads masquerading as a PDF decryption tool. |
Google: Russian FSB hackers deploy new Spica backdoor malware |
|
January 19, 2024 |
CVE-2023-34048 |
A Chinese hacking group has been exploiting a critical vCenter Server vulnerability (CVE-2023-34048) as a zero-day since at least late 2021. |
Chinese hackers exploit VMware bug as zero-day for two years |
|
January 22, 2024 |
CVE-2023-46805, CVE-2024-21887 |
Ivanti warned admins to stop pushing new device configurations to appliances after applying mitigations because this will leave them vulnerable to ongoing attacks exploiting two zero-day vulnerabilities. |
Ivanti: VPN appliances vulnerable if pushing configs after mitigation |
|
January 22, 2024 |
CVE-2024-23222 |
Apple released security updates to address this year's first zero-day vulnerability exploited in attacks that could impact iPhones, Macs, and Apple TVs. |
Apple fixes first zero-day bug exploited in attacks this year |
|
January 23, 2024 |
CVE-2024-0204 |
Fortra warned of a new authentication bypass vulnerability impacting GoAnywhere MFT (Managed File Transfer) versions before 7.4.1 that allows an attacker to create a new admin user. |
|
|
January 25, 2024 |
CVE-2024-20253 |
Cisco is warning that several of its Unified Communications Manager (CMs) and Contact Center Solutions products are vulnerable to a critical severity remote code execution security issue. |
|
|
January 25, 2024 |
CVE-2023-6933 |
Malicious activity targeting a critical severity flaw in the ‘Better Search Replace’ WordPress plugin has been detected, with researchers observing thousands of attempts in the past 24 hours. |
Hackers target WordPress database plugin active on 1 million sites |
|
January 29, 2024 |
CVE-2023-23897 |
Researchers found roughly 45,000 Jenkins instances exposed online that are vulnerable to CVE-2023-23897, a critical remote code execution (RCE) flaw for which multiple public proof-of-concept (PoC) exploits are in circulation. |
45k Jenkins servers exposed to RCE attacks using public exploits |
Warnings/Advisories/Reports/Analysis
|
News Type |
Summary |
Source Link |
|
Report |
A threat actor announced on a cybercrime forum that they sold the source code and a cracked version of the Zeppelin ransomware builder for just $500. |
Zeppelin ransomware source code sold for $500 on hacking forum |
|
Report |
A crypto wallet service co-founder shares with the world his agony after losing $125,000 to a crypto scam as the startup CEO, who at the time believed he was on a legitimate cryptocurrency airdrop website, realised after his loss that the domain he'd gone on was setup for the purposes of phishing unsuspecting users. |
Crypto wallet founder loses $125,000 to fake airdrop website |
|
Report |
A Nigerian national was arrested in Ghana and is facing charges related to business email compromise (BEC) attacks that caused a charitable organisation in the United States to lose more than $7.5 million. |
|
|
Report |
Adult media giant Aylo has blocked access to many of its websites, including PornHub, to visitors from Montana and North Carolina as new age verification laws go into effect. |
PornHub blocks North Carolina, Montana over new age verification laws |
|
Report |
LastPass notified customers that they are now required to use complex master passwords with a minimum of 12 characters to increase their accounts' security. |
LastPass now requires 12-character master passwords for better security |
|
Report |
Hackers are increasingly targeting verified accounts on X (formerly Twitter) belonging to government and business profiles and marked with 'gold' and 'grey' check marks to promote cryptocurrency scams, phishing sites, and sites with crypto drainers. |
Hackers hijack govt and business accounts on X for crypto scams |
|
Report |
A group of financially motivated Turkish hackers targets Microsoft SQL (MSSQL) servers worldwide to encrypt the victims' files with Mimic (N3ww4v3) ransomware as these ongoing attacks are tracked as RE#TURGENCE and have been directed at targets in the European Union, the United States, and Latin America. |
Hackers target Microsoft SQL servers in Mimic ransomware attacks |
|
Analysis |
Researchers analysed that the Turkish state-backed cyber espionage group tracked as Sea Turtle has been carrying out multiple spying campaigns in the Netherlands, focusing on telcos, media, internet service providers (ISPs), and Kurdish websites. |
Turkish hackers Sea Turtle expand attacks to Dutch ISPs, telcos |
|
Report |
T-Mobile faced an outage that prevented customers from logging into their accounts and using the company's mobile app. |
|
|
Analysis |
Some organisations victimised by the Royal and Akira ransomware gangs have been targeted by a threat actor posing as a security researcher who promised to hack back the original attacker and delete stolen victim data. |
|
|
Report |
A Chinese state-backed research institute claims to have discovered how to decrypt device logs for Apple's AirDrop feature, allowing the government to identify phone numbers or email addresses of those who shared content. |
China claims it cracked Apple's AirDrop to find numbers, email addresses |
|
Report |
A little over 6,700 WordPress websites using a vulnerable version of the Popup Builder plugin have been infected with the Balada Injector malware in a campaign that launched in mid-December. |
|
|
Report |
Security researchers found that infections with high-profile spyware Pegasus, Reign, and Predator could be discovered on compromised Apple mobile devices by checking Shutdown.log, a system log file that stores reboot events. |
iShutdown scripts can help detect iOS spyware on your iPhone |
|
Report |
A previously unknown cybercrime syndicate named 'Bigpanzi' has been making significant money by infecting Android TV and eCos set-top boxes worldwide since at least 2015. |
Bigpanzi botnet infects 170,000 Android TV boxes with malware |
|
Report |
Ransomware actors are again using TeamViewer to gain initial access to organisation endpoints and attempt to deploy encryptors based on the leaked LockBit ransomware builder. |
TeamViewer abused to breach networks in new ransomware attacks |
|
Report |
The U.S. Federal Trade Commission (FTC) continues to target data brokers, this time in a settlement with InMarket Media, which bans the company from selling Americans' precise location data. |
FTC bans one more data broker from selling your location info |
|
Report |
Instagram’s parent company said it would not remove fake Instagram profiles from the platform. |
Meta won't remove fake Instagram profiles that are clearly catfishing |
|
Report |
A German court has charged a programmer investigating an IT problem with hacking and fined them €3,000 ($3,265) for what it deemed was unauthorised access to external computer systems and spying on data. |
Court charges developer with hacking after cybersecurity issue disclosure |
|
Report |
The Australian, US, and UK governments have announced sanctions for Aleksandr Gennadievich Ermakov, a Russian national considered responsible for the 2022 Medibank hack and a member of the REvil ransomware group. |
US, UK, Australia sanction REvil hacker behind Medibank data breach (23Jan) |
|
Report |
The threat actor tracked as 'Blackwood' is using sophisticated malware called NSPX30 in cyberespionage attacks against companies and individuals as the adversary has been active since at least 2018 utilising the NSPX30 malware, an implant with a codebase rooted in a simple backdoor from 2005, following adversary-in-the-middle (AitM) attacks. |
Blackwood hackers hijack WPS Office update to install malware |
|
Report |
Numerous iOS apps are using background processes triggered by push notifications to collect user data about devices, potentially allowing the creation of fingerprinting profiles used for tracking. |
iPhone apps abuse iOS push notifications to collect user data |
|
Report |
Financially motivated hackers are infecting systems with malware known as AllaKore RAT to steal banking credentials and unique authentication information as this threat actor has been persistently targeting Mexican entities for the purposes of financial gain. |
Large Mexican companies targeted by financially motivated hacking campaign |
|
Report |
Microsoft is investigating an issue that prevents Outlook and other email clients from connecting when using an Outlook.com account as some users have reported that signing in with an App Password works to connect but later goes back into a disconnected state. |
|
|
Warning |
The FBI warned about courier services being used to collect money and valuables from victims of tech support and government impersonation scams. |
FBI: Tech support scams now use couriers to collect victims' money |
|
Report |
The number of ransomware victims paying ransom demands has dropped to a record low of 29% in the final quarter of 2023, according to ransomware negotiation firm Coveware. |
Ransomware payments drop to record low as victims refuse to pay |
|
Report |
Three former Department of Homeland Security (DHS) employees were sentenced to prison for stealing proprietary U.S. government software and databases containing the personal data of 200,000 federal employees. |
DHS employees jailed for stealing data of 200K U.S. govt workers |
|
Report |
Microsoft is investigating a second outage affecting Microsoft Teams users across North and South America in the last three days as affected customers again report having connectivity issues and experiencing delays when sending and receiving messages in mobile and desktop Teams clients. |
