Date: 1 December 2023
The Biggest Cyber Attacks, Ransomware Attacks and Data Breaches - our compilation for the month of November 2023.
- Ransomware Attacks in November 2023
- Data Breaches in November 2023
- Cyber-Attacks in November 2023
- New Ransomware/Malware Detected in November 2023
- Vulnerabilities/Patches
- Advisories issued, reports, analysis etc. in November 2023
Boeing, American Airlines Pilot Association, Healthcare giant Henry Schein, Marina Bay Sands, Samsung, a U.S. Nuclear Research Lab, Japan Aerospace Space Agency and mortgage giant, Mr. Cooper. What do all of these organisations have in common?
They recently became victims of cyber crime. Some had their data encrypted, stolen or leaked. In many cases operations were disrupted for days and many will face regulatory and compliance challenges in the days to come. Our monthly list of the biggest cyber attacks, ransomware attacks and data breaches captures all the major cybersecurity incidents that took place in the month of November, 2023.
The objective as always, isn't to turn the spotlight on the victims, but to emphasise the rise in cyber crime and how it can impact almost every business or government body. The only real prevention today is preparation. Nobody can save you from cyber attacks but you can save yourself by mitigating their impact through effective cyber incident response.
Also, make sure you test your response capabilities through regular cyber attack tabletop exercises. These act like a litmus test of your cyber resilience capabilities. While we always recommend hiring an external facilitator for your cybersecurity tabletop exercises, if you plan to run your own, don't forget to use our free resources and customise them to your organisational needs and threat context.
- Top Cyber Tabletop Exercise Scenarios
- Cyber Security Tabletop Exercise Template
- Cyber Tabletop Exercise PPT
- Cyber Crisis Tabletop Exercise Checklist
These resources have been created by the world's #1 tabletop exercise facilitator and can help you run and effective incident response tabletop exercise of your own.
If you still feel overwhelmed by everything you need to do to get your cybersecurity maturity in order, you can check out our cyber consulting services.
We have created an unmatched value proposition with our Virtual Cyber Assistant service. In the most cost-effective and flexible format possible, you can improve your cybersecurity posture over time. For those businesses that have a more immediate requirement to enhance cyber resilience, our Virtual Cyber Consultant service is just the perfect fit.
Ransomware Attacks in November 2023
|
Date |
Victim |
Summary |
Threat Actor |
Business Impact |
Source Link |
|
Nov 01, 07 2023 |
TransForm Shared Service Organisation |
Cyber Attack on shared services provider affects 5 regional hospitals in Canada. Daixin Team claims responsibility. |
Daixin Team |
Daixin Team claimed responsibility for — and leaking data from — an attack on TransForm Shared Service Org that has significantly impacted five Canadian hospitals in Ontario. Surgeries and appointments were reportedly cancelled or rescheduled in some cases. Attackers managed to steal a database containing information on 5.6 million patient visits, corresponding to approximately 267,000 unique individuals. |
|
|
Nov 01, 2023 |
California community college Río Hondo |
California community college Río Hondo deals with a cybersecurity incident. |
LockBit Ransomware |
Río Hondo College in Southern California is dealing with a cybersecurity incident that limited campus functions for days before most services were returned. The school did not identify the disruptions as related to cyber attacks, but the LockBit ransomware gang added the school to its list of victims, giving officials until Nov 20 to pay an undisclosed ransom. |
|
|
Nov 01, 2023 |
The Südwestfalen-IT (SIT), local municipal services provider in Western Germany. |
Massive ransomware attack hinders services in 70 German municipalities. |
Unknown |
A ransomware attack paralysed local government services in multiple cities and districts in western Germany. A hacker group encrypted the servers of the local municipal service provider Südwestfalen IT and to prevent the malware from spreading, the company restricted access to its infrastructure for over 70 municipalities, primarily in the western German state of North Rhine-Westphalia. |
Ransomware attack on Germany’s the Südwestfalen-IT (SIT), and the 72 member municipalities |
|
Nov 01, 2023 |
Doctors’ Management Services |
Medical firm reaches $100,000 settlement with HHS over 2017 ransomware attack. |
GandCrab Ransomware |
Doctors’ Management Services has agreed to a $100,000 settlement with the U.S. Department of Health and Human Services following a 2017 ransomware attack. The company filed a breach report with HHS four months later, warning that 206,695 people had information accessed by the hackers. |
|
|
Nov 01, 07, 2023 |
Dallas County |
Dallas County ‘interrupted’ data exfiltration, preventing encryption after attack. |
Play Ransomware |
Dallas County provided an update on the ransomware attack that was reported earlier in Nov, telling residents that they were able to stop the incident before the hackers could encrypt files or systems. |
Dallas County ransomware attack update |
|
Nov 02, 12, 2023 |
Boeing |
Boeing confirms cyber attack amid LockBit ransomware claims |
LockBit ransomware |
Aerospace giant Boeing is investigating a cyberattack that impacted its parts and distribution business after the LockBit ransomware gang claimed that they breached the company's network and stole data. |
|
|
Nov 02, 2023 |
The Querétaro Intercontinental Airport |
Major Mexican airport confirms experts are working to address a cyber attack. |
LockBit Ransomware |
The Querétaro Intercontinental Airport confirmed reports that it had been attacked by hackers, posting a notice on social media sites that it had called in experts to help address the issue. The LockBit ransomware gang took credit for the attack, threatening to leak the data on Nov 27. |
Ransomware attack on Mexico’s Querétaro Intercontinental Airport |
|
Nov 02, 2023 |
Cycling component manufacturer, Shimano |
Lockbit allegedly targets Shimano. |
Lockbit Ransomware |
4.5 TB of sensitive data allegedly breached including employee passport data, financial documents and confidential diagrams. |
Ransomware attack on a cycling component manufacturer, Shimano |
|
Nov 03, 2023 |
American Airlines pilot union |
American Airlines pilot union hit by ransomware attack. |
Unknown |
American Airlines said the attackers gained access to sensitive information belonging to 5745 pilots and applicants. |
|
|
Nov 06, 2023 |
Sackstein Sackstein & Lee |
Black Basta hits Sackstein Sackstein & Lee. |
Black Basta Ransomware |
Black Basta accessed the computer systems of the law firm. |
|
|
Nov 06, 2023 |
Good-lawyer.com |
LockBit ransomware targets good-lawyer.com. |
LockBit Ransomware |
LockBit stole data belonging to good-laywer.com and also warned that it will publish the stolen data on Nov 19, 2023. |
|
|
Nov 06, 2023 |
EFU Life Assurance |
INC RANSOM hits Pakistani insurance company EFU Life Assurance. |
INC RANSOM |
Hackers apparently stole files belonging to EFU Life Assurance. |
|
|
Nov 07, 2023 |
Cozwolle, a co-workplace |
Black Basta targets a Netherlands based co-workplace. |
Black Basta ransomware |
Hackers hit Cozwolle and apparently stole data. |
|
|
Nov 07, 2023 |
Hopewell Area School District |
Medusa ransomware attack hits Hopewell Area School District. |
Medusa Ransomware |
Medusa added Hopewell Area School District to its victim list |
|
|
Nov 07, 2023 |
BITZER |
A ransomware attack hits a compressor manufacturer BITZER. |
Akira Ransomware |
Akira Ransomware gang hit and apparently stole data of compressor maker BITZER. |
|
|
Nov 07, 2023 |
Japan Aviation Electronics |
Japan Aviation Electronics says servers accessed during cyber attack. |
AlphV/Black Cat Ransomware |
The company said the attack occurred on Nov 2 and involved some of its servers being accessed by an unauthorised external party. It immediately suspended some of the impacted systems. The disruption resulted in “some delays in sending and receiving emails, but the Alphv/BlackCat ransomware gang claimed to have stolen roughly 150,000 documents from the company, including blueprints, contracts, confidential messages, and reports. |
Japan Aviation Electronics cyber attack update |
|
Nov 09, 2023 |
The Industrial and Commercial Bank of China's (ICBC) |
China's biggest lender ICBC hit by ransomware attack. |
LockBit Ransomware (Apparently) |
The Industrial and Commercial Bank of China's (ICBC) U.S. arm was hit by a ransomware attack that disrupted trades in the U.S. Treasury market on Thursday, the latest in a string of victims ransom-demanding hackers have claimed this year. |
Ransomware attack on the U.S. arm of Industrial and Commercial Bank of China |
|
Nov 12, 2023 |
Huber Heights city, Ohio |
Ransomware attack on Ohio city impacts multiple services. |
Unknown |
The community of nearly 45,000 residents outside of Dayton released a notice that its systems were hit with ransomware. The City Manager said that public safety services were not impacted. |
|
|
Nov 13, 2023 |
Canadian banking tech firm Moneris |
Canadian banking tech giant Moneris says it prevented ransomware attack. |
Medusa Ransomware |
The ransomware gang claimed that it attacked the company and gave it nine days to pay a $6 million ransom to either download or delete the data. The victim company's spokesperson said an outside party did attempt to breach Moneris’ networks, but their team concluded none of the Digital Loss Prevention policies were triggered. |
|
|
Nov 15, 2023 |
Financial software company MeridianLink |
MeridianLink confirms cyber attack after ransomware gang claims to report company to SEC. |
AlphV/Black Cat |
Financial software company MeridianLink confirmed that it is dealing with a cyber attack after the hackers behind the incident took extraordinary measures to pressure the company into paying a ransom. The attack drew the interest of security researchers because AlphV claimed on its leak site that it reported MeridianLink to the Securities and Exchange Commission (SEC) for not informing the regulator of the incident. |
Ransomware attack on Financial software company MeridianLink |
|
Nov 15, 2023 |
Toronto Public Library |
Toronto Public Library confirms data stolen in ransomware attack. |
Black Basta Ransomware |
The Toronto Public Library (TPL) confirmed that the personal information of employees, customers, volunteers, and donors was stolen from a compromised file server during an October ransomware attack. |
|
|
Nov 16, 2023 |
Kyocera AVX |
Kyocera AVX says ransomware attack impacted 39,000 individuals. |
LockBit Ransomware |
Kyocera AVX Components Corporation (KAVX) sent notices of a data breach exposing personal information of 39,111 individuals following a ransomware attack. |
|
|
Nov 16, 2023 |
Toyota Financial Services (TFS) |
Toyota confirms breach after Medusa ransomware threatens to leak data. |
Medusa Ransomware |
Toyota Financial Services (TFS) has confirmed that it detected unauthorised access on some of its systems in Europe and Africa after Medusa Ransomware claimed an attack on the company. The gang listed TFS to its data leak site on the dark web, demanding a payment of $8,000,000 to delete data allegedly stolen from the Japanese company. |
|
|
Nov 16, 2023 |
Yamaha Motor |
Yamaha Motor confirms ransomware attack on Philippines subsidiary. |
INC Ransom gang |
The threat actors added the company to its dark web leak site on Wednesday, Nov 15, and has since published multiple file archives with roughly 37GB of allegedly stolen data containing employee ID info, backup files, and corporate and sales information, among others. |
|
|
Nov 17, 2023 |
Chicago Trading Company and Alphadyne Asset Management |
Lockbit Gang Hacks US Financial Firms; Threatens to Dump Data. |
Lockbit Ransomware |
The gang gave financial companies deadlines to make an unspecified payment, and is threatening to publish stolen data online if its demands aren’t met. |
Ransomware attack on Chicago Trading Company and Alphadyne Asset Management |
|
Nov 20, 2023 |
National British Library |
Rhysida Ransomware targets the National British Library. |
Rhysida Ransomware |
Hackers have put the stolen data on sale for 20 BTC. |
|
|
Nov 22, 2023 |
The Kansas Judicial Branch |
Kansas courts confirm data theft, ransom demand after cyber attack. |
Unknown |
The Kansas Judicial Branch published an update on a cybersecurity incident it suffered last month, confirming that hackers stole sensitive files containing confidential information from its systems. |
|
|
Nov 27, 2023 |
Indie game maker, Ethyrial: Echoes of Yore |
Ransomware attack on indie game maker wiped all player accounts. |
Unknown |
As announced on the game's official Discord channel, ransomware actors attacked the main server and encrypted all data including 17,000 account and local backup drives, demanding payment in exchange for a decryption key. |
|
|
Nov 27, 2023 |
Healthcare giant Henry Schein |
Healthcare giant Henry Schein hit twice by BlackCat ransomware. |
BlackCat Ransomware |
Henry Schein has reported a second cyber attack this month by the BlackCat/ALPHV ransomware gang, who also breached their network in October. The BlackCat ransomware gang added Henry Schein to its dark web leak site, said it breached the company's network and allegedly stole 35 terabytes of sensitive data. |
|
|
Nov 27, 2023 |
Ardent Health Services and its affiliated entities ("Ardent") |
Ardent hospital ERs disrupted in 6 states after ransomware attack |
Unknown |
Ardent Health Services disclosed that its systems were hit by a ransomware attack and as a result, Ardent proactively took its network offline, suspended all user access to its information technology applications, and impacted hospitals diverted all patients requiring emergency care to other hospitals in their area. |
|
|
Nov 27, 2023 |
Slovenia's electricity provider HSE |
Slovenia's largest power provider HSE hit by ransomware attack. |
Rhysida Ransomware |
Ransomware attack on HSE compromised its systems and encrypted files, yet the company said the incident did not disrupt electric power production. |
|
|
Nov 28, 2023 |
Automotive giant Yanfeng |
Qilin ransomware claims attack on automotive giant Yanfeng. |
Qilin Ransomware group, also known as "Agenda" |
The threat actors published multiple samples to prove their alleged access to Yanfeng systems and files, including financial documents, non-disclosure agreements, quotation files, technical data sheets, and internal reports. |
Data Breaches in November 2023
|
Date |
Victim |
Summary |
Threat Actor |
Business Impact |
Source Link |
|
Nov 02, 2023 |
Okta employees, and Rightway Healthcare |
Nearly 5,000 Okta employees affected by third-party data breach. |
Unknown |
Almost 5,000 current and former Okta employees and dependents were affected by a data breach following a cyber attack on a third-party provider Rightway Healthcare used by the company for healthcare services. |
Data breach attack on Okta’s third party healthcare service provider, Rightway Healthcare |
|
Nov 03, 2023 |
Security and data analytics company Sumo Logic |
Sumo Logic discloses security breach, advises API key resets. |
Unknown |
The victim company detected evidence of the breach, after discovering that an attacker used stolen credentials to gain access to a Sumo Logic AWS account. Sumo Logic said its systems and networks weren't impacted during the breach and that "customer data has been and remains encrypted." |
|
|
Nov 07, 2023 |
Marina Bay Sands |
Marina Bay Sands discloses data breach impacting 665,000 customers. |
Unknown |
The victim company said: “Investigations have since determined that an unknown third party accessed customer data of about 665,000 non-casino rewards programme members”. |
|
|
Nov 10, 2023 |
McLaren Health Care |
McLaren Health Care says data breach impacted 2.2 million people. |
ALPHV/BlackCat ransomware |
McLaren Health Care notified nearly 2.2 million people of a data breach that occurred between late July and August this year. The threat actors published samples of the data they allegedly stole from McLaren and threatened to auction the entire data set that they claimed to impact 2.5 million people. |
|
|
Nov 10, 2023 |
Maine Government |
Maine govt notifies 1.3 million people of impact of MOVEit data breach. |
Clop Ransomware |
The State of Maine has announced that its systems were breached after threat actors exploited a vulnerability in the MOVEit file transfer tool and accessed personal information of about 1.3 million, which is close to the state's entire population. |
|
|
Nov 12, 2023 |
Multiple colleges, K-12 schools like North Carolina Central University, and North Muskegon Public Schools |
Multiple colleges, K-12 schools face outages after cyber attacks. |
Unknown |
A spokesperson for North Carolina Central University said that the school was alerted to a cyber attack on its campus technology systems. The university said that certain systems, including the campus wi-fi network and [school portal] MyEOL began to experience some disruptions to normal operations. |
Cyber attack on K-12 school and university colleges in North Carolina |
|
Nov 13, 2023 |
MOVEit hack hits over 845K Sutter Health patients. |
Clop Ransomware |
Northern California-based healthcare system Sutter Health disclosed that 845,441 patients had their personal data exposed after its third-party communications firm Virgin Pulse was impacted by the widespread MOVEit file transfer system hack. |
||
|
Nov 13, 2023 |
North Carolina’s Bladen county |
Cyber attack on North Carolina county allowed hackers to access data. |
Unknown |
Bladen county said the attackers were able to access county data and the attack went beyond information theft. |
|
|
Nov 13, 28, 2023 |
DP World |
DP World cyber attack blocks thousands of containers in ports. |
Unknown |
A cyber attack on international logistics firm DP World Australia has severely disrupted regular freight movement in large Australian ports. Roughly 30,000 shipping containers of varying importance and value remained unmoved. The estimated damages were in millions of dollars. |
|
|
Nov 14, 2023 |
Pharmacy provider Truepill |
Pharmacy provider Truepill data breach hits 2.3 million customers. |
Unknown |
Postmeds, which does business as ‘Truepill,’ is sending notifications of a data breach informing recipients that threat actors accessed their sensitive personal information. |
|
|
Nov 14, 2023 |
Medical transcription services provider, PJ&A |
PJ&A says cyber attack exposed data of nearly 9 million patients. |
Unknown |
PJ&A (Perry Johnson & Associates) warned that a cyber attack in March 2023 exposed the personal information of almost nine million patients. |
|
|
Nov 15, 2023 |
Samsung |
New Samsung data breach impacts UK store customers. |
Unknown |
Samsung Electronics notified some of its customers of a data breach that exposed their personal information to an unauthorised individual. |
|
|
Nov 16, 2023 |
Undisclosed department in British government |
‘Sex life data’ stolen from UK government among record number of ransomware attacks |
Unknown |
Data on the sex lives of up to 10,000 people was stolen from a British government department in one of the record number of ransomware attacks to have hit Westminster in the first half of this year. |
|
|
Nov 17, 2023 |
Stanley Steemer |
Stanley Steemer hack breached data of almost 67K customers |
Unknown |
The company determined the attackers gained access to its systems starting Feb. 10 and acquired certain records after lingering inside the company’s network. |
|
|
Nov 20, 2023 |
The Canadian government’s contractors, Brookfield Global Relocation Services (BGRS) and SIRVA Worldwide Relocation & Moving Services |
Canadian government discloses data breach after contractor hacks. |
LockBit Ransomware |
The Canadian government said two of its contractors had been hacked, exposing sensitive information belonging to an undisclosed number of government employees. |
|
|
Nov 21, 2023 |
Auto parts giant AutoZone |
Auto parts giant AutoZone warns of impact of MOVEit data breach |
Clop Ransomware |
AutoZone informed the U.S. authorities that it determined that the exploitation of the vulnerability in the MOVEit application had resulted in the exfiltration of certain data, resulting in the compromise of data of 184,995 people. |
|
|
Nov 21, 2023 |
U.S. nuclear research lab, Idaho National Laboratory (INL) |
Hacktivists breach U.S. nuclear research lab, steal employee data. |
SiegedSec (as per the name on BreachForums) |
SiegedSec announced it had gained access to INL data, including details on "hundreds of thousands" of employees, system users, and citizens. SiegedSec announced it had gained access to INL data, including details on "hundreds of thousands" of employees, system users, and citizens. |
Data breach attack on U.S. nuclear lab Idaho National Laboratory (INL) |
|
Nov 22, 2023 |
Healthcare SaaS provider Welltok |
Welltok data breach exposes data of 8.5 million US patients. |
Unknown |
Healthcare SaaS provider Welltok warned that a data breach exposed the personal data of nearly 8.5 million patients in the U.S. after a file transfer programme used by the company was hacked in a data theft attack. |
|
|
Nov 22, 2023 |
Cyber attackers leaked data of 27,000 NYC Bar Association members. |
Clop Ransomware |
The New York City Bar Association confirmed that the data of more than 27,000 members and employees was leaked during a cyber attack nearly a year ago. |
||
|
Nov 22, 2023 |
Notorious ransomware gang takes credit for cyber attack on Fidelity National Financial. |
AlphV/Black Cat Ransomware |
In the 8-K filings Fidelity National Financial said the incident impacted certain FNF systems and hackers accessed ‘some credentials’. |
||
|
Nov 24, 2023 |
Vanderbilt University Medical Center |
Vanderbilt University Medical Center investigating cyber security incident. |
Meow Ransomware |
A spokesperson of Vanderbilt University Medical Center (VUMC) said they identified and contained a cybersecurity incident in which a database was compromised. |
|
|
Nov 25, 2023 |
General Electric investigates claims of cyber attack, data theft. |
IntelBroker- (A name on BreachForums) |
A threat actor named IntelBroker attempted to sell access to General Electric's "development and software pipelines" for $500 on a hacking forum. |
||
|
Nov 25, 2023 |
Russia's Federal Air Transport Agency, Rosaviatsia |
Ukraine says it hacked Russian aviation agency, leaks data. |
Ukraine's intelligence service |
Ukraine's intelligence service, operating under the Defence Ministry, claims they hacked Russia's Federal Air Transport Agency, 'Rosaviatsia,' to expose a purported collapse of Russia's aviation sector. |
|
|
Nov 29, 2023 |
Okta |
Okta: October data breach affects all customer support system users. |
Unknown |
Okta said all Okta Workforce Identity Cloud (WIC) and Customer Identity Solution (CIS) customers were impacted except customers in our FedRamp High and DoD IL4 environments (these environments use a separate support system NOT accessed by the threat actor). |
|
|
Nov 29, 2023 |
A U.S. water facility |
Hackers breach US water facility via exposed Unitronics PLCs. |
Unknown |
CISA (Cybersecurity & Infrastructure Security Agency) warned that threat actors breached a U.S. water facility by hacking into Unitronics programmable logic controllers (PLCs) exposed online. Risks include service disruption leading to a halt in water supply and physical damage to the infrastructure by overloading pumps or opening and closing valves. |
|
|
Nov 29, 2023 |
Dollar Tree hit by third-party data breach impacting 2 million people |
Unknown |
Discount store chain Dollar Tree was impacted by a third-party data breach affecting 1,977,486 people. |
Cyber Attacks in November 2023
|
Date |
Victim |
Summary |
Threat Actor |
Business Impact |
Source Link |
|
Nov 02, 2023 |
Ace Hardware |
Ace Hardware says 1,202 devices were hit during a cyber attack. |
Unknown |
Ace said in its official statement: "As a result of this incident, many of our key operating systems, including ACENET, our Warehouse Management Systems, the Ace Retailer Mobile Assistant (ARMA), Hot Sheets, Invoices, Ace Rewards and the Care Center's phone system have been interrupted or suspended". |
|
|
Nov 02, 06, 2023 |
Mortgage giant Mr. Cooper |
Mortgage giant Mr. Cooper was hit by a cyber attack impacting its IT systems. |
Unknown |
The cyber attack caused the company to shut down IT systems, including access to their online payment portal. |
|
|
Nov 03, 2023 |
United Wholesale Mortgage |
Cyber security incident at United Wholesale Mortgage. |
Unknown |
The cyber attack impacted the IT systems of United Wholesale Mortgage. |
|
|
Nov 03, 2023 |
Infosys McCamish Systems |
India's Infosys says its US unit was hit by a cyber security event. |
Unknown |
Indian IT services provider, Infosys, said its U.S. unit, Infosys McCamish Systems, was impacted by a cyber security event, resulting in the non-availability of certain applications and systems. |
|
|
Nov 08, 2023 |
Sberbank, state-owned banking and financial services company |
Russian state-owned Sberbank was hit by a 1 million RPS DDoS attack. |
Unknown |
Russian financial organisation Sberbank said it faced the most powerful distributed denial of service (DDoS) attack in recent history. The attack apparently reached one million requests per second (RPS), which is roughly four times the size of the most powerful DDoS attack Sberbank had experienced up until then. |
|
|
Nov 09, 2023 |
Cloudflare website taken down by DDoS attack claimed by Anonymous Sudan. |
Anonymous Sudan |
Cloudflare confirmed that the outage resulted from a DDoS attack that only affected the www.cloudflare.com website without impacting other products or services. |
||
|
Nov 09, 2023 |
Washington State Department of Transportation |
Washington State Department of Transportation working to recover from cyber attack. |
Unknown |
Washington’s State Department of Transportation said it started recovering from a cyber attack that caused a range of issues for local ferries and apps used for maps. |
|
|
Nov 16, 2023 |
Long Beach, California |
Long Beach is the latest Californian city facing a cybersecurity incident. |
Unknown |
The city of Long Beach, California, faced a range of issues due to a cybersecurity incident. |
|
|
Nov 18, 2023 |
Open-source 3D design software Blender |
Open-source Blender project battling DDoS attacks since Saturday. |
Unknown |
Blender confirmed that recent site outages have been caused by ongoing DDoS (distributed denial of service) attacks that started on Saturday (Nov 18, 2023). |
|
|
Nov 19, 2023 |
Crypto firm Kronos |
Crypto firm Kronos Research says $26 million stolen after cyber attack. |
Unknown |
Kronos Research said $26 million worth of cryptocurrency was stolen from its systems following a cyber attack. The company said that it experienced “unauthorised access” to some of its API keys, forcing it to pause trading and begin an investigation. |
|
|
Nov 22, 2023 |
CTS, a leading managed service provider (MSP) for law firms in the UK |
Cyber attack on IT provider CTS impacts dozens of UK law firms. |
Unknown |
CTS did not reveal the number of impacted customers or the nature of the attack, information shared so far points to a ransomware attack, but a local media reported that between 80 and 200 law firms could have been affected based on estimates shared by CTS clients. |
|
|
Nov 24, 2023 |
Cryptocurrency platform KyberSwap |
KyberSwap says $54.7 million of user cryptocurrency stolen during a cyber attack. |
Unknown |
The cryptocurrency platform KyberSwap confirmed that someone used “a series of complex actions to conduct exploitative swaps, enabling the withdrawal of users’ funds into the attackers’ wallets.” |
|
|
Nov 24, 2023 |
Municipal Water Authority of Aliquippa |
Municipal Water Authority of Aliquippa hacked by Iranian-backed cyber group. |
Iranian-backed cyber group, Cyber Av3ngers |
The Municipal Water Authority of Aliquippa said that one of their booster stations had been hacked by an Iranian-backed cyber group. |
|
|
Nov 25, 2023 |
North Texas Municipal Water District (NTMWD) |
North Texas water utility serving 2 million hit with cyber attack. |
Daixin Team |
The cybercrime gang known as Daixin Team said it was behind the attack. It added NTMWD to its list of victims and claimed to have stolen more than 33,000 files containing customer information as the attack impacted the computer network and phone system of NTMWD. |
|
|
Nov 29, 2023 |
Japanese Space Agency JAXA |
Cyber-Attack hits Japanese Space Agency JAXA’s Central Server. |
Unknown |
According to sources, a cyber attack hit the Japan Aerospace Exploration Agency earlier this year, raising fears that sensitive information related to Japan’s space programme had been exposed as the central server was illegally accessed. |
|
|
Nov 29, 2023 |
Capital Health |
New Jersey, Pennsylvania hospitals affected by cyber attacks. |
Unknown |
Capital Health said it experienced network outages because of a cybersecurity incident. The company runs two hospitals as well as several smaller healthcare facilities across the New Jersey-Pennsylvania region. |
New Ransomware/Malware Discovered in November 2023
|
New Ransomware |
Summary |
Source Link |
|
New macOS 'KandyKorn' malware |
A new macOS malware dubbed 'KandyKorn' has been spotted in a campaign attributed to the North Korean Lazarus hacking group, targeting blockchain engineers of a cryptocurrency exchange platform. |
New macOS 'KandyKorn' malware targets cryptocurrency engineers |
|
Socks5Systemz proxy botnet |
A proxy botnet called 'Socks5Systemz' has been infecting computers worldwide via the 'PrivateLoader' and 'Amadey' malware loaders, currently counting 10,000 infected devices. |
Socks5Systemz proxy service infects 10,000 systems worldwide |
|
ObjCShellz malware |
The North Korean-backed BlueNorOff threat group targets Apple customers with new macOS malware tracked as ObjCShellz that can open remote shells on compromised devices. |
BlueNoroff hackers backdoor Macs with new ObjCShellz malware |
|
Lumma (or LummaC2) |
The Lumma information-stealing malware is now using an interesting tactic to evade detection by security software - the measuring of mouse movements using trigonometry to determine if the malware is running on a real machine or an antivirus sandbox. |
Lumma Stealer malware now uses trigonometry to evade detection |
|
Phobos ransomware |
A new Phobos ransomware variant frames the popular VX-Underground malware-sharing collective, indicating the group is behind attacks using the encryptor. |
VX-Underground malware collective framed by Phobos ransomware |
|
DarkGate malware and PikaBot malware |
A sophisticated phishing campaign pushing the DarkGate malware infections has recently added the PikaBot malware into the mix, making it the most advanced phishing campaign since the Qakbot operation was dismantled. |
|
|
Rust-based SysJoker backdoor |
SysJoker is a stealthy Windows, Linux, and macOS malware first documented by Intezer in early 2022, "living off the land" commands, and a complete lack of detection for all its OS variants on VirusTotal. |
Vulnerabilities/Patches Discovered in November 2023
|
Date |
Flaws/Fixes |
Summary |
Source Link |
|
Nov 02, 2023 |
CVE-2023-46604 |
The HelloKitty ransomware operation is exploiting a recently disclosed Apache ActiveMQ remote code execution (RCE) flaw to breach networks and encrypt devices. |
HelloKitty ransomware now exploiting Apache ActiveMQ flaw in attacks
|
|
Nov 03, 2023 |
ZDI-23-1578 ZDI-23-1579 ZDI-23-1580 ZDI-23-1581 |
Microsoft Exchange is impacted by four zero-day vulnerabilities that attackers can exploit remotely to execute arbitrary code or disclose sensitive information on affected installations. |
New Microsoft Exchange zero-days allow RCE, data theft attacks |
|
Nov 06, 2023 |
CVE-2023-23368 |
QNAP Systems published security advisories for two critical command injection vulnerabilities that impact multiple versions of the QTS operating system and applications on its network-attached storage (NAS) devices. |
QNAP warns of critical command injection flaws in QTS OS, apps |
|
Nov 06, 2023 |
CVE-2023-38547 CVE-2023-38548 CVE-2023-38549 CVE-2023-41723 |
Veeam released hotfixes to address four vulnerabilities in the company's Veeam ONE IT infrastructure monitoring and analytics platform, two of them critical. |
Veeam warns of critical bugs in Veeam ONE monitoring platform |
|
Nov 06, 2023 |
CVE-2023-4911 |
The operators of the Kinsing malware are targeting cloud environments with systems vulnerable to "Looney Tunables," a Linux security issue identified as CVE-2023-4911 that allows a local attacker to gain root privileges on the system. |
Hackers exploit Looney Tunables Linux bug, steal cloud creds |
|
Nov 08, 2023 |
CVE-2023-22518 |
Software company Atlassian is now saying that a recently disclosed issue is being exploited by hackers using the Cerber ransomware. |
Atlassian confirms ransomware is exploiting latest Confluence bug |
|
Nov 09, 2023 |
CVE-2023-47246 |
Threat actors are exploiting a zero-day vulnerability in the service management software SysAid to gain access to corporate servers for data theft and to deploy Clop ransomware. |
Microsoft: SysAid zero-day flaw exploited in Clop ransomware attacks |
|
Nov 13, 2023 |
CVE-2023-36844, CVE-2023-36845, CVE-2023-36846, and CVE-2023-36847 |
CISA warned federal agencies to secure Juniper devices on their networks against four vulnerabilities now used in remote code execution (RCE) attacks as part of a pre-auth exploit chain. |
CISA warns of actively exploited Juniper pre-auth RCE exploit chain |
|
Nov 14, 2023 |
CVE-2023-36052 |
Microsoft has fixed a critical security vulnerability that could let attackers steal credentials from GitHub Actions or Azure DevOps logs created using Azure CLI (short for Azure command-line interface). |
Microsoft fixes critical Azure CLI flaw that leaked credentials in logs |
|
Nov 14, 2023 |
CVE-2023-36033, CVE-2023-36025 and CVE-2023-36036 |
The Cybersecurity and Infrastructure Security Agency (CISA) warned that hackers are exploiting three vulnerabilities disclosed by Microsoft. |
CISA adds three Microsoft Patch Tuesday bugs to vulnerability list |
|
Nov 14, 2023 |
CVE-2023-4966 |
The LockBit ransomware attacks use publicly available exploits for the Citrix Bleed vulnerability (CVE-2023-4966) to breach the systems of large organisations, steal data, and encrypt files. |
LockBit ransomware exploits Citrix Bleed in attacks, 10K servers exposed |
|
Nov 14, 2023 |
CVE-2023-34060 |
VMware disclosed a critical and unpatched authentication bypass vulnerability affecting Cloud Director appliance deployments. |
VMware discloses critical VCD Appliance auth bypass with no patch |
|
Nov 14, 2023 |
CVE-2023-6063 |
The WordPress plugin WP Fastest Cache is vulnerable to an SQL injection vulnerability that could allow unauthenticated attackers to read the contents of the site’s database. |
WP Fastest Cache plugin bug exposes 600K WordPress sites to attacks |
|
Nov 16, 2023 |
CVE-2023-36553 |
Fortinet alerted customers of a critical OS command injection vulnerability in FortiSIEM report server that could be exploited by remote, unauthenticated attackers to execute commands through specially crafted API requests. |
Fortinet warns of critical command injection bug in FortiSIEM |
|
Nov 17, 2023 |
CVE-2023-36584, CVE-2023-1671, CVE-2020-2551 |
The U.S. Cybersecurity & Infrastructure Security Agency has added to its catalogue of known exploited vulnerabilities (KEV) three security issues that affect Microsoft devices, a Sophos product, and an enterprise solution from Oracle. |
CISA warns of actively exploited Windows, Sophos, and Oracle bugs |
|
Nov 17, 2023 |
CVE-2023-37580 |
Google's Threat Analysis Group (TAG) has discovered that threat actors exploited a zero-day vulnerability in Zimbra Collaboration email server to steal sensitive data from government systems in multiple countries. |
Google: Hackers exploited Zimbra zero-day in attacks on govt orgs |
|
Nov 21, 2023 |
CVE-2023-4911 |
CISA ordered U.S. federal agencies to secure their systems against an actively exploited vulnerability that lets attackers gain root privileges on many major Linux distributions. |
CISA orders federal agencies to patch Looney Tunables Linux bug |
|
Nov 24, 2023 |
CVE-2023-49103 |
Open source file sharing software ownCloud warned of three critical-severity security vulnerabilities, including one that can expose administrator passwords and mail server credentials. |
Critical bug in ownCloud file sharing app exposes admin passwords |
Warnings/Advisories/Reports/Analysis
|
News Type |
Summary |
Source Link |
|
Report |
The attorney general of Connecticut is questioning whether genetic testing giant 23andMe violated data privacy laws after hackers tried to sell the information of millions of 23andMe users on a cybercrime forum last month. |
Connecticut AG demands answers from 23andMe after data breach |
|
Warning |
Apple's "Find My" location network can be abused by malicious actors to stealthily transmit sensitive information captured by keyloggers installed in keyboards. |
Apple 'Find My' network can be abused to steal keylogged passwords |
|
Report |
Okta says attackers who breached its customer support system last month gained access to files belonging to 134 customers, five of them later being targeted in session hijacking attacks with the help of stolen session tokens. |
Okta breach: 134 customers exposed in October support system hack |
|
Report |
The United States, South Korea and Japan have decided to establish a high-level consultative body on cyber issues, primarily to tackle North Korea’s cyber activities. |
US, South Korea and Japan launch group to tackle North Korea hacking |
|
Report |
Vast amounts of highly sensitive data on American military service members is up for sale by data brokers, according to a new report examining the national security implications of the practice. |
Data brokers are selling US service members’ secrets, researchers find |
|
Report |
According to recent research, hackers suspected of being tied to Iran’s government have been deploying new destructive malware against Israeli organisations. |
Iran-linked hackers attack Israeli education and tech organisations |
|
Report |
Microsoft has recently removed from its store a fraudulent Ledger Live app for cryptocurrency management after multiple users lost at least $768,000 worth of cryptocurrency assets. |
Fake Ledger Live app in Microsoft Store steals $768,000 in crypto |
|
Warning |
The Federal Bureau of Investigation warned that ransomware threat actors are targeting casino servers and use legitimate system management tools to increase their permissions on the network. |
FBI: Ransomware gangs hack casinos via 3rd party gaming vendors |
|
Report |
OpenAI's AI-powered ChatGPT large language model-based chatbot remained down because of a major ongoing outage that also took down the company's Application Programming Interface (API). |
|
|
Report |
A ransomware gang that has claimed attacks on Sony, a Hawaiʻi state government website and a supplier to Colonial Pipeline says it is shutting down after six of its affiliates were arrested. |
Ransomed.vc gang claims to shut down after six affiliates allegedly arrested |
|
Report |
Security researchers have tracked a new campaign from Imperial Kitten targeting transportation, logistics, and technology firms. |
Iranian hackers launch malware attacks on Israel’s tech sector |
|
Warning |
Data-wiping attacks are becoming more frequent on Israeli computers as researchers discovered variants of the BiBi malware family that destroys data on both Linux and Windows systems. |
Israel warns of BiBi wiper attacks targeting Linux and Windows |
|
Warning |
The FBI and CISA revealed in a joint advisory that the Royal ransomware gang has breached the networks of at least 350 organisations worldwide since September 2022. |
|
|
Report |
Malicious actors have been abusing Ethereum's 'Create2' function to bypass wallet security alerts and poison cryptocurrency addresses, which led to stealing $60,000,000 worth of cryptocurrency from 99,000 people in six months. |
Ethereum feature abused to steal $60 million from 99K victims |
|
Report |
The number of cyberattacks reported to Britain’s National Cyber Security Centre (NCSC) hit an “all-time high” over the past year, including 13 nationally significant incidents involving the exploitation of a vulnerability (CVE-2023-3519) affecting Citrix’s networking product NetScalers. |
|
|
Report |
The Federal Communications Commission proposed the creation of a “Schools and Libraries Cybersecurity Pilot Program” that would allow officials to collect data about cybersecurity and advanced firewall services that would best help K-12 schools and libraries across the country defend themselves from hackers. |
FCC proposes cybersecurity pilot program for schools, libraries as attacks increase |
|
Report |
Denmark's critical infrastructure experienced the largest cyber attack in the country's history this spring, with 22 energy companies breached in just a few days, according to a new report from one of the country’s top cyber agencies. |
Nearly two dozen Danish energy companies hacked through firewall bug in May |
|
Report |
Ukrainian and Czech police have taken down a criminal gang that made millions of dollars through fraudulent phone calls. |
|
|
Report |
Multiple fake accounts impersonating cryptocurrency scam investigators and blockchain security companies are promoting phishing pages to drain wallets in an ongoing campaign on X (former Twitter). |
Fraudsters make $50,000 a day by spoofing crypto researchers |
|
Warning |
The FBI and CISA warned of Rhysida ransomware gang's opportunistic attacks targeting organisations across multiple industry sectors. |
FBI and CISA warn of opportunistic Rhysida ransomware attacks |
|
Report |
The FBI and CISA released an advisory about the evasive threat actor tracked as Scattered Spider, a loosely knit hacking collective that now collaborates with the ALPHV/BlackCat Russian ransomware operation. |
FBI shares tactics of notorious Scattered Spider hacker collective |
|
Report |
Australia’s government dropped plans to ban businesses from making ransomware payments as part of its revamped national cybersecurity strategy released, opting instead to introduce a mandatory reporting obligation. |
Australia drops plans to ban ransomware payments in new national cyber strategy |
|
Report |
Binance, the largest cryptocurrency exchange in the world, agreed to pay more than $4 billion in settlements with several U.S. law enforcement agencies after years of investigations uncovered widespread criminal use of the platform. |
Binance agrees to pay $4.3 billion for money laundering violations, CEO steps down |
|
Report |
The 'ClearFake' fake browser update campaign has expanded to macOS, targeting Apple computers with Atomic Stealer (AMOS) malware. |
Atomic Stealer malware strikes macOS via fake browser updates |
|
Report |
In cooperation with Europol and Eurojust, law enforcement agencies from seven nations have arrested in Ukraine the core members of a ransomware group linked to attacks against organisations in 71 countries. The cybercriminals paralysed major corporations' operations in attacks using ransomware such as LockerGoga, MegaCortex, HIVE, and Dharma. |
Police dismantle ransomware group behind attacks in 71 countries |
|
Report |
Gloucester City Council in the West Midlands of England was forced to spend more than £1.1 million ($1.39 million) to recover from a ransomware attack in December 2021. |
English council spent £1.1 million recovering from ransomware attack |
