July 2023: Recent Cyber Attacks, Data Breaches & Ransomware Attacks

Date: 1 August 2023

Featured Image

What do a zoo, a general hospital, a Plastic Surgery clinic and an earthquake monitoring centre have in common? Nothing much except the fact that they are all treasure troves of data and were therefore victimised by serious cyber-attacks in July 2023. 

Like every month, we're back with our latest compilation of all recent cyber attacks, data breaches and ransomware attacks that made it to the news in July 2023.  

  1. Ransomware Attacks in July 2023
  2. Data Breaches in July 2023
  3. Cyber-Attacks in July 2023
  4. New Ransomware/Malware Detected in July 2023
  5. Vulnerabilities/Patches 
  6. Advisories issued, reports, analysis etc. in July 2023

Going by the examples quoted earlier, it's true that cyber attacks and cyber criminals don't discriminate. You could have a big or small business, you could be a cosmetics giant or an ambulance service and you are just the same in the eyes of the advanced hacker - an avenue for making a quick buck and causing serious disruption. 

The only real prevention or protection today is preparation. The attackers will come after you, no matter who you are or what you do. The only difference between a business that goes down at the hands of a cyber crime and one that doesn't and maybe even bounces back is in their Incident Response readiness. 

The need for better Cyber Incident Planning and Response was also reiterated this month with the SEC's new 4-day timeline for reporting the material impact of cyber-attacks on registered companies in the U.S. 

Having said that, it's not always easy to achieve cybersecurity resilience and business continuity. That's why several organisations which either don't have the internal capabilities or budget or simply need some external support, are increasingly opting for our unique Virtual Cyber Assistant services. 

In the most cost-effective package possible, you get access to deeply experienced virtual cybersecurity experts who can help you create relevant and effective cybersecurity incident response playbooks, plans and policies. They can help you improve your ransomware readiness, third-party risk posture, breach readiness and achieve compliance with industry standards and regulations. 

New call-to-action

Ransomware Attacks in July 2023




Threat Actor

Business Impact

Source Link

July 04, 2023

The Port of Nagoya

Japan’s largest port stops operations after ransomware attack


The attack forced the port of Nagoya to cancel all container loading and unloading operations at the terminals using trailers, causing massive financial losses to the port and severe disruption to the circulation of goods to and from Japan.

Ransomware attack on the port of Nagoya

July 12, 2023

Tampa Bay Zoo

Tampa Bay zoo targeted in cyber attack by apparent offshoot of Royal ransomware

Offshoot of Royal Ransomware

Hackers stole the information of the zoo’s employees and vendors.

Royal Ransomware’s attack on Tampa Bay zoo

July 13, 2023

Beverly Hills plastic surgery clinic of Dr. Motykie

 Beverly Hills plastic surgery clinic hit by ransomware attack

ALPHV Ransomware group

Sensitive data, including nude photographs, have been leaked online as the hackers demanded that Dr. Motykie pay $2.5 million or else the clinic’s private data would be made public.

Ransomware attack on Beverly Hills plastic surgery clinic

July 14, 2023

Cornelius, North Carolina

Services in North Carolina town unavailable after ransomware attack


The ransomware attack forced the city to suspend some emergency services.

Ransomware attack on Cornelius, North Carolina

July 17, 2023

Wisconsin County

Wisconsin County deals with ‘catastrophic software failure’; California city declares ransomware emergency

LockBit Ransomware

Langlade County Sheriff’s Office experienced a catastrophic software failure as all phone lines remained non-functioning and the attackers stole an undisclosed amount of data.

Ransomware attack on the Langlade County of Wisconsin 

July 19, 2023

Russian medical laboratory Helix

Russian medical lab suspends some services after ransomware attack


The cyber attack that crippled the company's systems hit customers of the Russian medical laboratory Helix as they were unable to receive their test results for several days.

Ransomware attack on  Russian medical laboratory Helix

July 20, 2023

Tampa General Hospital

Tampa General Hospital says sensitive data of 1.2 million stolen in failed ransomware attack

Snatch Ransomware group

Hackers entered Tampa hospital’s systems and accessed sensitive information of more than 1.2 million people before trying to encrypt the data. This sensitive information includes names, addresses, phone numbers, dates of birth, Social Security numbers, health insurance information, medical record numbers, patient account numbers, dates of service and/or treatment information used by the hospital for its business operations.

Tampa General Hospital ransomware attack

July 25, 2023

Yamaha Canada Music

Yamaha confirms cyber attack after multiple ransomware gangs take responsibility

Black Byte Ransomware and Akira Ransomware group

Yamaha Canada Music said it dealt with a cyber attack that led to unauthorised access and data theft.

Yamaha Canada Music ransomware attack

July 25, 2023

University of West Scotland

Cyber attack on University of West Scotland claimed by Rhysida ransomware gang

Rhysida ransomware

Hackers stole university data that they have put on auction for 20 Bitcoin.

University of West Scotland ransomware attack


 Back to Top 

New call-to-action

Data Breaches in July 2023




Threat Actor

Business Impact

Source Link

July 2, 2023


Microsoft denies data breach, theft of 30 million customer accounts

Anonymous Sudan

Hacktivists alleged that they had “successfully hacked Microsoft” and “accessed a large database containing more than 30 million Microsoft accounts, emails, and passwords”. Anonymous Sudan offered to sell this database to interested parties for $50,000 and urged interested buyers to engage in contact with their Telegram bot to arrange the purchase of the data.

Alleged Microsoft data breach

July 03, 2023

The OCR, AQA and Pearson Edexcel examiners

Hacks targeting British exam boards raise fears of students cheating


In this incident, hackers stole national exam papers for school-leavers and sold them online to students seeking to cheat on their tests.

Data breach attack on British exam boards OCR, AQA and Pearson Edexcel

July 4, 2023

The City of Fort Worth

Fort Worth officials say leaked data came from Public Information Act request

SiegedSec hacking group

Officials in the City of Fort Worth, Texas denied being hacked for a second time after the same cybercrime group posted another batch of information allegedly stolen from government networks, but the SiegedSec hacking group said its “final” attack involved 40 GB of stolen data from Fort Worth’s Department of Transportation & Public Works. The group shared screenshots of what appeared to be a file transfer service used by the city, which has nearly 1 million residents.

Data breach attack on the city of Fort Worth

July 05, 2023

The Belarusian State University (BSU)

Belarusian hacktivists сlaim to breach the country’s leading state university

Belarusian threat actors known as the Cyber Partisans

Hackers claimed to have accessed 3 terabytes of data from the university's system as they claimed to have encrypted and wiped computers and servers, and also shut down the domain controllers responsible for managing user authentication and network security, but the university denied this claim.

Data breach attack on the Belarusian State University (BSU)

July 06, 2023


Nickelodeon investigates breach after leak of 'decades old’ data


Hackers stole files of 500 GB from Nickelodeon systems and leaked them on the dark web.

Nickelodeon data breach

July 07, 2023

Henrietta Johnson Medical Center's EHR vendor, Delaware Health Net

Delaware health centre suffers 3rd-party breach


In this cyber event, hackers compromised 500 patients' protected health information at Delaware health centre as they accessed patient names, dates of birth, ethnicity, medical record numbers, diagnosis codes, lab information and health insurance information.

Delaware health centre data breach

July 08, 2023

Gaming gear company Razer

Razer investigates data breach claims, resets user sessions

A hacker known as ‘Nationalist’ 

The hacker stole the source code, database, encryption keys, and backend access logins for Razer.com, the company's main website and has put this information on sale for 100K.

Razer Data Breach

July 10, 2023

America's largest healthcare facility owners and operators HCA Healthcare

HCA confirms breach after hacker steals data of 11 million patients

The hacker is known as TIA on a hacking forum

This data breach impacted an estimated 11 million patients who received care at one of its hospitals and clinics as the threat actor leaked samples of the stolen data on a hacking forum. The stolen database consists of 17 files and 27.7 million database records.

HCA Healthcare data breach

July 11, 2023

Deutsche Bank

Deutsche Bank confirms service provider breach exposed its customer data


The breach affected one of Deutsche Bank’s external service providers, which operates its account switching service in Germany. The bank said that only a limited amount of personal data was exposed due to the security incident and this security incident also impacted other major banks and financial service providers, including Commerzbank, Postbank, Comdirect, and ING.

Deutsche Bank data breach

July 14, 2023


Shutterfly says Clop ransomware attack did not impact customer data

Clop ransomware 

The ransomware attack impacted Shutterfly's enterprise business unit, Shutterfly Business Solutions (SBS).

Shutterfly data breach

July 14, 2023

Kotak Life Insurance, State Bank of India

From Kotak Life Insurance and IDFC First Bank to State Bank of India and Turtlemint, BFSI is under attack

Clop Ransomware

Clop Ransomware group leaked stolen data from these Indian banks on their dark web. There were about 13 different folders, with each containing over eight gigabytes of data. One of them has over 37 megabytes of data.

Data breach attack on Indian financial institutions 

July 14, 2023

Online gaming platform Roblox

Roblox data breach impacts almost 4,000 developers


Online gaming platform Roblox has admitted to being impacted by a third-party security issue. ‘Have I Been Pwned’ reported to have compromised 3,943 developer accounts.

Roblox data breach

July 15, 2023

The government and other critical public and private organisations in Ukraine

Gamaredon hackers start stealing data 30 minutes after a breach

Gamaredon, aka Armageddon, UAC-0010, and Shuckworm

Since the onset of the Russian invasion, the threat actors are believed to be responsible for thousands of attacks against the government and other critical public and private organisations in Ukraine as Gamaredon attacks commonly start with an email or message sent to targets via Telegram, WhatsApp, Signal, or other IM apps.

Gamaredon hacking group’s attack on Ukraine

July 15, 2023

Colorado State University

Colorado State University says data breach impacts students, staff

Clop Ransomware

Clop Ransomware stole sensitive personal information of current and former students and employees during the recent MOVEit Transfer data-theft attacks.

Colorado State University data breach due to MOVEit data theft

July 19, 2023

Beauty giant Estée Lauder

Estée Lauder beauty giant breached by two ransomware gangs

ALPHV/BlackCat and Clop Ransomware

The threat actor gained access to some of Estée Lauder’s systems and may have stolen data.

Estée Lauder Data Breach

July 21, 2023


VirusTotal apologises for data leak affecting 5,600 customers

Human Error

A VirusTotal employee mistakenly uploaded a CSV file online and leaked the information of over 5,600 customers. This data breach impacted only Premium account customers, with the uploaded file containing their names and corporate email addresses.

VirusTotal information/data breach

July 21, 2023

Netscaler ADC

Netscaler ADC bug exploited to breach US critical infrastructure organisation


Hackers breached the network of a U.S. organisation by exploiting and leveraging the unauthenticated remote code execution (RCE) flaw to plant a webshell on the target’s non-production NetScaler Application Delivery Controller (ADC) appliance.

Netscaler ADC bug exploitation and data breach

July 22, 2023


DHL investigates MOVEit breach 

Clop Ransomware

DHL confirmed that one of its software providers was impacted by the vulnerability affecting MOVEit

DHL deals with MOVEit data breach

July 22, 2023

Senior State Department Official of the U.S.

Emails Of US Envoy to China, Senior State Department Official, allegedly accessed in Chinese cyber attack

Chinese hackers

Chinese hackers allegedly accessed the emails of the US envoy to China and another Senior Department of State Official.

Chinese cyber attack on the U.S. State Department Officials 

July 24, 2023

The Norwegian Security and Service Organization (DSS)

Norwegian government IT systems hacked using zero-day flaw


The breach attack indicated that the hackers might have accessed and/or exfiltrated sensitive data from the ICT system.

Norwegian government data breach

July 24, 2023


PokerStars confirms MOVEit data breach leaked up to 110k Social Security numbers

Clop Ransomware

The incident resulted in an unauthorised party being able to access consumers’ sensitive information, which includes their names, Social Security numbers, and addresses.

PokerStars data breach

July 25, 2023

Pacific Premier Bank

Pacific Premier says vendor hit by MOVEit data breach

Clop Ransomware

The vendor confirmed that personal data had been compromised in the incident including social security numbers, account numbers and other personally identifiable information.

Pacific Premier data breach

July 26, 2023

NATO’s Communities of Interest (COI) Cooperation Portal

NATO investigates alleged data theft by SiegedSec hackers

SiegedSec hacking Group

The hacking group posted on Telegram claiming to have hundreds of documents stolen from the COI Cooperation Portal. Cybersecurity company CloudSEK analysed the leaked data and found that it comprises 845 MB of files, 8,000 rows of user-related sensitive information, unclassified documents, and user account access details.

Data breach attack on NATO’s Communities of Interest (COI) Cooperation Portal

July 26, 2023

MSU, Michigan State University

Massive data breach may have exposed personal information of MSU students, employees


Some personal information belonging to Michigan State University students and employees may have been exposed through a wide-ranging data breach.

Michigan State University data breach

July 27, 2023


8 million people hit by data breach at US govt contractor Maximus

Clop Ransomware

In this breach incident, hackers stole the personal data of 8 to 11 million people during the recent MOVEit transfer data-theft attacks.

Maximus data breach

July 27, 2023

Southern Association of Independent Schools, Inc (SAIS).

School Accreditation Organisation data breach exposed sensitive information on students, parents, and teachers online


In this hack incident, the total number of impacted records is 682,438 with a total size of 572.8 GB. Documents contained personally identifiable information (PII) and private medical information of students.

Southern Association of Independent Schools, Inc (SAIS) data breach

Back to Top 

New call-to-action

Cyber Attacks in July 2023




Threat Actor

Business Impact

Source Link

July 5, 2023

Russian state-owned railway company RZD

Russian railway site allegedly taken down by Ukrainian hackers

The Ukrainian hacktivist group IT Army

According to the company's statement, the website and mobile app remained down for several hours due to a “massive” cyber attack, forcing passengers to only buy tickets at railway stations.

Cyber attack on Russian railway company RZD 

July 10, 2023

Trinidad and Tobago’s justice department, the Attorney General and Ministry of Legal Affairs (AGLA)

Trinidad and Tobago facing outages after cyber attack


The attack disrupted internal services and operations of the Attorney General and Ministry of Legal Affairs (AGLA).

Cyber attack on  Trinidad and Tobago’s justice department, AGLA

July 11, 2023

Bay Area city / The City of Hayward, California

Bay Area city shuts down municipal sites following cyber attack


The City of Hayward was forced to shut off its website and several online municipal portals.

Cyber attack on the City of Hayward

July 13, 2023

Norwegian Refugee Council

Norwegian Refugee Council hit by cyber attack


Hackers targeted NRC council’s online database that stores the personal information of project participants.

Norwegian Refugee Council cyber attack

July 20, 2023

University students in North America

Scammers are targeting college kids with fake bioscience job offers


Cybercriminals are targeting college students with fake job offers in the bioscience and health industries with the hope of extracting fees out of victims, experts are warning.

Scammers’ attack on university students in North America

July 22, 2023


CoinsPaid blames Lazarus hackers for theft of $37,300,000 in crypto

Lazarus group

The attack resulted in the theft of $37,200,000 worth of cryptocurrency.

Lazarus hackers’ attack on CoinsPaid

July 23,  2023


Lazarus hackers linked to $60 million Alphapo cryptocurrency heist

Lazarus group

North Korean Lazarus hacking group stole almost $60 million in crypto, including over 6 million USDT, 108 K USDC, 100.2 million FTN, 430 K TFL, 2.5 K ETH, and 1,700 DAI, all drained from hot wallets, likely made possible by a leak of private keys.

Lazarus hackers’ cyber attack on Alphapo

July 24, 2023

Microsoft IIS

Lazarus hackers hijack Microsoft IIS servers to spread malware

Lazarus group

Lazarus targeted IIS servers for initial access to corporate networks and leveraged poorly protected IIS services for malware distribution.

Lazarus group’s cyber attack on Microsoft IIS

July 24, 2023

Norway government and Ivanti 

Norway government ministries hit by cyber attack


The government’s security specialists identified the attack following "unusual" traffic on the supplier's platform. The attack didn’t disrupt the government’s operation. As a result of the hack, employees of several Norwegian ministries couldn’t access some shared services on their mobile phones, including email, but they could still use work devices without issue.

Norway government cyber attack due to Ivanti software flaw

July 26, 2023

South Central Ambulance Service and South Western Ambulance Service

Cyber attack leaves NHS ambulance trusts unable to access patient records


The cyber attack left two NHS ambulance trusts without access to their electronic patient records.

Cyber attack on two NHS ambulance service trusts

July 26, 2023

An ECG provider CardioComm

CardioComm, a provider of ECG monitoring devices, confirms cyber attack affected its services


In this attack,  a number of CardioComm’s products were affected as the outage targeted HeartCheck CardiBeat, a handheld electrocardiogram (ECG) monitor that connects to a users’ smartphone via Bluetooth, enabling consumers to transmit results to a physician, clinic or CardioComm’s SMART monitoring ECG reading service.

CardioComm cyber attack

July 26, 2023

Earthquake Monitoring Center in Wuhan, China

Wuhan Earthquake Monitoring Center suffers cyber attack; investigation underway

Trojan horse program called "validator"

The Wuhan Municipal Emergency Management Bureau said that some of the network equipment of the front-end station collection points of the Wuhan Earthquake Monitoring Center, were subjected to a cyber attack by an overseas organisation.

Wuhan Earthquake Monitoring Center cyber attack

July 27, 2023

TLScontact, the Swiss government's chosen IT provider

Swiss visa appointments cancelled in the UK due to 'IT incident'


Due to this incident, TLScontact was forced to cancel appointments for Swiss (Schengen) tourist and transit visas across the UK.

Cyber attack on  TLScontact’s UK locations

July 28, 2023

M-Pesa, Kenya government e-services, Kenya Power

M-Pesa, key govt services unavailable as Kenya grapples with cyber attack

Anonymous Sudan

Due to this incident, Kenyans were denied access to essential services such as buying electricity tokens, transacting on M-Pesa, digital banking and various government services on e-Citizen as the outage of M-Pesa services paralysed operations across many sectors including collection of revenue such as parking fees by counties. Apart from these, Kenya Power was also affected by this cyber attack.

Cyber attack on M-Pesa and e-services of Kenya

July 30, 2023

Israel's largest oil refinery operator, BAZAN Group

Israel's largest oil refinery website offline after DDoS attack

Iranian hacktivist group, 'Cyber Avengers' aka 'CyberAv3ngers'

The incoming traffic to BAZAN Group's websites, bazan.co.il and eng.bazan.co.il began to either time out, with HTTP 502 errors, or was being refused by the company's servers. The hacker group additionally leaked what appeared to be screenshots of BAZAN's SCADA systems, which are software applications used to monitor and operate industrial control systems.

DDoS attack on Israel's largest oil refinery website 

Back to Top 

New call-to-action

New Ransomware/Malware Discovered in July 2023

New Ransomware/Malware


Source Link

TrueBot malware

Cybersecurity agencies in the U.S. and Canada warn that threat actors are using new TrueBot malware variants to steal data from victims.

CyberNew TrueBot malware variants target US and Canadian firms

Big Head ransomware

Security researchers have dissected a recently emerged ransomware strain named ‘Big Head’ that may be spreading through malvertising that promotes fake Windows updates and Microsoft Word installers.

New ‘Big Head’ ransomware 

NokNok malware

Security researchers observed a new campaign they attribute to the Charming Kitten APT group where hackers use new NokNok malware that targets macOS systems.

New ‘NokNok’ malware targets macOS

SophosEncrypt ransomware

Cybersecurity vendor Sophos is being impersonated by a new ransomware-as-a-service called SophosEncrypt, with the threat actors using the company name for their operation.

New SophosEncrypt ransomware impersonates Sophos

P2PInfect worm malware

A new peer-to-peer (P2P) malware with self-spread capabilities targets Redis instances running on Internet-exposed Windows and Linux systems.

New P2PInfect worm malware

Khronos Ransomware

Khronos Ransomware; Extension: .Khronos; Ransom note: info.hta

New Khronos Ransomware

New Realst macOS malware 

A new Mac malware named "Realst" is being used in a massive campaign targeting Apple computers, with some of its latest variants including support for macOS 14 Sonoma, which is still in development.

New Realst macOS malware 

New Nitrogen malware

A new 'Nitrogen' initial access malware campaign uses Google and Bing search ads to promote fake software sites that infect unsuspecting users with Cobalt Strike and ransomware payloads.

New Nitrogen malware

New Submarine malware 

CISA says new malware known as Submarine was used to backdoor Barracuda ESG (Email Security Gateway) appliances on federal agencies' networks by exploiting a now-patched zero-day bug.

New Submarine malware found on hacked Barracuda ESG appliances

Back to Top 

Vulnerabilities/Patches Discovered in July 2023




Source Link

July 02, 2023


Thousands of FortiGate firewalls are vulnerable to a critical security issue identified as CVE-2023-27997, almost a month after Fortinet released an update that addresses the problem.

300,000+ Fortinet firewalls vulnerable to critical FortiOS RCE bug

July 04, 2023


The Cybersecurity and Infrastructure Security Agency (CISA) warned of a severe vulnerability in a cardiac device from medical device company Medtronic.

CISA issues warning for cardiac device system vulnerability

July 06, 2023


CISA and the FBI warn of new Truebot malware variants deployed on networks compromised using a critical remote code execution (RCE) vulnerability in the Netwrix Auditor software in attacks targeting organisations across the United States and Canada.

Netwrix Auditor RCE bug exploited in Truebot malware attacks

July 06, 2023


Cisco warns customers of a high-severity vulnerability impacting some data centre switch models,  allowing attackers to tamper with encrypted traffic.

Cisco warns of bug that lets attackers break traffic encryption

July 06, 2023


A serious vulnerability affects multiple Linux kernel versions that could be triggered with minimal capabilities. The security issue is being referred to as StackRot (CVE-2023-3269) and can be used to compromise the kernel and elevate privileges.

New StackRot Linux kernel flaw allows privilege escalation

July 07, 2023


Progress, the developer of MOVEit Transfer, discovered multiple SQL injection problems in their product that include a critical one tracked as CVE-2023-36934, which can be exploited without user authentication.

MOVEit Transfer customers warned to patch new critical flaw

July 07, 2023


TootRoot bug tracked as CVE-2023-36460 is a problem in Mastodon's media processing code that allows using media files on toots (the equivalent of tweets) to cause a range of problems, from denial of service (DoS) to arbitrary remote code execution.

Critical TootRoot bug lets attackers hijack Mastodon servers

July 07, 2023


CISA has asked federal agencies to patch a high-severity Arm Mali GPU kernel driver privilege escalation flaw added to its list of actively exploited vulnerabilities.

CISA warns govt agencies to patch actively exploited Android driver

July 10 & 24, 2023



Apple has issued a new round of Rapid Security Response (RSR) updates to address a new zero-day bug exploited in attacks and impacting fully-patched iPhones, Macs, and iPads. 

Apple fixes new zero-day used in attacks against iPhones, Macs

July 10, 2023


VMware warns customers that exploit code is now available for a critical vulnerability in the VMware Aria Operations for Logs analysis tool, which helps admins manage terabytes worth of app and infrastructure logs in large-scale environments.

VMware warns of exploit available for critical vRealize RCE bug

July 11, 2023


Microsoft discloses an unpatched zero-day security bug in multiple Windows and Office products exploited in the wild to gain remote code execution via malicious Office documents.

Microsoft: Unpatched Office zero-day exploited in NATO summit attacks

July 12, 2023


Fortinet has disclosed a critical severity flaw impacting FortiOS and FortiProxy, allowing a remote attacker to perform arbitrary code execution on vulnerable devices.

Fortinet warns of critical RCE flaw in FortiOS, FortiProxy devices

July 12, 2023


Ghostscript, an open-source interpreter for PostScript language and PDF files widely used in Linux, has been found vulnerable to a critical-severity remote code execution flaw.

Critical RCE found in popular Ghostscript open-source PDF library

July 13, 2023


​Cybersecurity researchers and threat actors are targeted by a fake proof of concept (PoC) CVE-2023-35829 exploit that instals a Linux password-stealing malware.

Fake Linux vulnerability exploit drops data-stealing malware

July 17, 2023


Hackers are conducting widespread exploitation of a critical WooCommerce Payments plugin to gain access to user privileges, including administrators, on vulnerable WordPress installations.

Hackers exploiting critical WordPress WooCommerce Payments bug

July 17, 2023

CVE-2023-29298 and CVE-2023-38203

Hackers are actively exploiting two ColdFusion vulnerabilities to bypass authentication and remotely execute commands to install webshells on vulnerable servers.

Critical ColdFusion flaws exploited in attacks to drop webshells

July 18, 2023

‘Bad.Build’ vulnerability

Google said it has fixed a vulnerability in its Cloud Build service that allowed hackers to tamper with application images and infect users.

Google fixes ‘Bad.Build’ vulnerability affecting Cloud Build service

July 19, 2023


Citrix alerted customers of a critical-severity vulnerability in NetScaler ADC and NetScaler Gateway.

New critical Citrix ADC and Gateway flaw exploited as zero-day

July 20, 2023

CVE-2023-34329 and CVE-2023-34330

Two new critical severity vulnerabilities have been discovered in the MegaRAC Baseboard Management Controller (BMC) software made by hardware and software company American Megatrends International.

Critical AMI MegaRAC bugs can let hackers brick vulnerable servers

July 22, 2023


Thousands of Citrix Netscaler ADC and Gateway servers exposed online are vulnerable to attacks exploiting a critical remote code execution (RCE) bug that was previously abused in the wild as a zero-day.

Over 15K Citrix servers vulnerable to CVE-2023-3519 RCE attacks

July 23, 2023

CVE-2023-29298 and CVE-2023-38205

CISA has given federal agencies three weeks to secure Adobe ColdFusion servers on their networks against two critical security flaws exploited in attacks, one of them as a zero-day.

CISA warns govt agencies to patch Adobe ColdFusion servers

July 24, 2023


US-based IT software company Ivanti has patched an actively exploited zero-day authentication bypass vulnerability impacting its Endpoint Manager Mobile (EPMM) mobile device management software.

Ivanti patches new zero-day exploited in Norwegian govt attacks

July 24, 2023


Google's security researcher Tavis Ormandy discovered a new vulnerability impacting AMD Zen2 CPUs that could allow a malicious actor to steal sensitive data, such as passwords and encryption keys.

Zenbleed attack leaks sensitive data from AMD Zen2 processors

July 25, 2023


The Norwegian National Security Authority (NSM) has confirmed that attackers used a zero-day vulnerability in Ivanti's Endpoint Manager Mobile (EPMM) solution to breach a software platform used by 12 ministries in the country.

Norway says Ivanti zero-day was used to hack govt IT systems

July 25, 2023


The CISA warned U.S. federal agencies to secure their systems against a maximum severity authentication bypass vulnerability in Ivanti's Endpoint Manager Mobile (EPMM), formerly MobileIron Core.

CISA warns govt agencies to patch Ivanti bug exploited in attacks

July 25, 2023


A critical severity 'Super Admin' privilege elevation flaw puts over 900,000 MikroTik RouterOS routers at risk, potentially enabling attackers to take full control over a device and remain undetected.

Super Admin elevation bug puts 900,000 MikroTik devices at risk

July 25, 2023


VMware has patched an information disclosure vulnerability in VMware Tanzu Application Service for VMs (TAS for VMs) and Isolation Segment caused by credentials being logged and exposed via system audit logs.

VMware fixes bug exposing CF API admin credentials in audit logs

July 26, 2023


According to researchers, more than 900,000 MikroTik routers are vulnerable to an issue that the company quietly patched.

Researchers say more than 900,000 MikroTik routers vulnerable to hackers

 Back to Top 

New Call-to-action




Source Link


A phishing campaign that security researchers named SmugX and attributed to a Chinese threat actor has been targeting embassies and foreign affairs ministries in the UK, France, Sweden, Ukraine, Czech, Hungary, and Slovakia, since December 2022.

Hackers target European government entities in SmugX campaign


The Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten – IMY) has fined two companies with 12.3 million SEK (€1 million/$1.1 million) for using Google Analytics to generate web statistics and warned two others about the same practice.

Google Analytics data transfer to U.S. brings $1 million fine to Swedish firms


A “suspected senior member” of the French-speaking OPERA1ER cybercrime gang is in custody, international police announced.

Top suspect in OPERA1ER cybercrime operation arrested in Africa


Britain’s cyber and signals intelligence agency GCHQ could monitor logs of domestic internet traffic in the United Kingdom in real-time to identify online fraud and interrupt criminals during the act, under a new law being considered by the government.

New law could allow GCHQ to monitor UK internet logs in real-time to tackle fraud


Microsoft is investigating an ongoing issue preventing Outlook.com users from searching their emails and triggering 401 exception errors.

Microsoft investigates Outlook.com bug breaking email search


Security researchers discovered two malicious file management applications on Google Play with a collective installation count of over 1.5 million that collected excessive user data that goes well beyond what's needed to offer the promised functionality.

Apps with 1.5M instals on Google Play send your data to China


JumpCloud, a US-based enterprise software firm is notifying several customers of an "ongoing incident." As a caution, the company has invalidated existing admin API keys to protect its customer organisations. 

JumpCloud resets admin API keys amid ‘ongoing incident’ 



Hackers supporting the government of Iran are targeting experts in Middle Eastern affairs and nuclear security in a new campaign that researchers said involved malware for both Apple and Microsoft products.

Iran-based hackers targeting nuclear security experts through Mac, Windows malware


The Justice Department announced the arrest of a cybersecurity professional accused of hacking into a cryptocurrency exchange and stealing about $9 million.

Tech worker accused in $9 million crypto platform hack


Since at least May 2021, stealthy Linux malware called AVrecon was used to infect over 70,000 Linux-based small office/home office (SOHO) routers and add them to a botnet designed to steal bandwidth and provide a hidden residential proxy service.

AVrecon malware infects 70,000 Linux routers to build botnet


Conor Brian Fitzpatrick, aka Pompompurin, the owner of the notorious BreachForums (aka Breached) hacking forum, has pleaded guilty to hacking and child pornography possession charges.

BreachForums owner Pompompurin pleads guilty to hacking charges


The administrators of the Genesis Market for stolen credentials announced on a hacker forum that they sold the store and a new owner would get the reins “next month.”

Genesis Market infrastructure and inventory sold on hacker forum


Researchers at the RWTH Aachen University in Germany published a study revealing that tens of thousands of container images hosted on Docker Hub contain confidential secrets, exposing software, online platforms, and users to a massive attack surface.

Thousands of images on Docker Hub leak auth secrets, private keys


A financially motivated cybercrime gang has been observed deploying BlackCat ransomware payloads on networks backdoored using a revamped Sardonic malware version.

FIN8 deploys ALPHV ransomware using Sardonic malware variant


Threat actors are showing an increased interest in generative artificial intelligence tools, with hundreds of thousands of OpenAI credentials for sale on the dark web and access to a malicious alternative for ChatGPT.

OpenAI credentials stolen by the thousands for sale on the dark web


The Cyber ​​Police Department of the National Police of Ukraine dismantled another massive bot farm linked to more than 100 individuals after searches at almost two dozen locations.

Ukraine takes down massive bot farm, seizes 150,000 SIM cards


GitHub is warning of a social engineering campaign targeting the accounts of developers in the blockchain, cryptocurrency, online gambling, and cybersecurity sectors to infect their devices with malware.

GitHub warns of Lazarus hackers targeting devs with malicious projects


In the second quarter of 2023, the percentage of ransomware attacks that resulted in the victim paying, fell to a record low of 34%.

Ransom Monetization Rates Fall to Record Low Despite Jump In Average Ransom Payments


The Microsoft consumer signing key stolen by Storm-0558 Chinese hackers provided them with access far beyond the Exchange Online and Outlook.com accounts that Redmond said were compromised, according to Wiz security researchers.

Stolen Microsoft key offered widespread access to Microsoft cloud services


The Clop Ransomware gang is expected to earn between $75-100 million from extorting victims of their massive MOVEit data theft campaign.

Clop gang to earn over $75 million from MOVEit extortion attacks


The Clop ransomware gang is copying an ALPHV ransomware gang extortion tactic by creating Internet-accessible websites dedicated to specific victims, making it easier to leak stolen data and further pressuring victims into paying a ransom.

Clop now leaks data stolen in MOVEit attacks on clearweb sites


The U.S. Securities and Exchange Commission has adopted new rules requiring publicly traded companies to disclose cyberattacks within four business days after determining they're material incidents.

SEC now requires companies to disclose cyberattacks in 4 days


U.S. government services contracting giant Maximus has confirmed that hackers exploiting a vulnerability in MOVEit Transfer accessed the protected health information of as many as 11 million individuals.

US government contractor says MOVEit hackers accessed health data of ‘at least’ 8 million individuals


Hawaiʻi Community College announced that it paid a ransomware gang to delete the information of more than 28,000 people who had their information accessed during an attack last month.

Hawaiʻi Community College pays ransom after attackers steal personal info of 28,000 people

Back to Top 

New call-to-action

Get Email Updates on our Latest News

Simply enter you details in the form below to subscribe:

  • Or call us on:
  • +44 (0) 203 189 1422