October 2023: Major Cyber Attacks, Data Breaches, Ransomware Attacks

Date: 1 November 2023

Featured Image

The Biggest Cyber Attacks, Ransomware Attacks and Data Breaches - our compilation for the month of October 2023. 

  1. Ransomware Attacks in October 2023
  2. Data Breaches in October 2023
  3. Cyber-Attacks in October 2023
  4. New Ransomware/Malware Detected in October 2023
  5. Vulnerabilities/Patches 
  6. Advisories issued, reports, analysis etc. in October 2023


Authentication and identity management giant, Okta, lost $2 billion in market cap at the hands of cyber criminals in October 2023. One would think that this would be the biggest cybersecurity news of the month. While that assumption, isn't wrong - there are far too many other significant attacks and breaches that dominated cybersecurity headlines in the month gone by. 

  • Sony confirmed that a data breach impacted thousands of individuals. 
  • Criminals leaked millions of genetic data profiles of individuals in Germany and the UK in 23andMe data heist. 
  • Credit Card data of allegedly thousands of customers was exposed in the Air Europa attack. 
  • Air Canada apparently lost 210 GB of customer data. 
  • Casio customers in a whopping 148 countries were affected by a cyber-attack. 
  • Seiko confirmed that 60,000 items of personal data were compromised in a recent ransomware attack.
  • Aerospace giant, Boeing, became victim of a ransomware attack in which criminals claim to have stolen massive amounts of sensitive data. 

In light of the recent SEC action against SolarWinds and its CISO, the attacks and data breaches in October 2023 are nothing but worrying. The impact on customer and partner data has been unbridled and has raised alarm bells for the cybersecurity community and business executives worldwide. The SEC's suing of SolarWinds has definitely turned the spotlight on cybersecurity due diligence, risk evaluation and incident response in a whole new way.   

It's understandable if the below data and the recent occurrences have you overwhelmed. However, getting your cybersecurity readiness in order doesn't have to be that complicated. 

Cyber Management Alliance has curated transformative cybersecurity consultancy services that can help you immediately. Our Virtual Cyber Assistant and Virtual Cyber Consultant offerings are tailored for businesses of every scale and sector.

They offer you seamless, remote, flexible and cost-effective access to our expert cybersecurity professionals, empowering you to elevate your cybersecurity readiness.

Spanning over 280 services within 15 domains, our offerings are designed to ensure you get precisely what your business needs to improve risk understanding, mitigation and enhance cyber incident response. Additionally, we also offer curated packages aligned with Cyber Essentials, BCP, ISO 27001, and several other standards that help you achieve regulatory compliance. 

cyber tabletop scenarios

Ransomware Attacks in October 2023




Threat Actor

Business Impact

Source Link

October 01, 2022

Motel One

Motel One discloses data breach following ransomware attack

BlackCat/ALPHV ransomware group

The Motel One Group has announced that it has been targeted by ransomware actors who managed to steal some customer data, including the details of 150 credit cards. The ransomware group claimed to have stolen nearly 24.5 million files, totaling 6 TB of size.

Motel One ransomware attack

October 09, 2023

Florida circuit court

ALPHV ransomware gang claims attack on Florida circuit court

ALPHV ransomware gang

The threat actors have acquired personal details like Social Security numbers and CVs of employees, including judges.

Florida circuit court ransomware attack 

October 16, 2023

Ampersand — owned by Comcast Corporation, Charter Communications and Cox Communications

TV advertising sales giant affected by ransomware attack

BlackBasta ransomware

Ampersand said that it recently experienced a ransomware incident that briefly interrupted regular operations.

Ransomware attack on TV advertising giant Ampersand

October 13, 2023

The Kansas supreme Court 

Kansas courts closed, electronic systems down after alleged ransomware attack


Due to the impact of the attack, the city of Topeka closed its municipal court and probation and prosecution divisions, and the Kansas Supreme Court was forced to use paper records to operate.

Ransomware attack on Kansas courts

October 13, 2023

Morrison Community Hospital in Illinois

Morrison Community Hospital in Illinois, reportedly faces a cyber-attack

BlackCat (ALPHV) ransomware group

Hackers stole about 5TB of data belonging to Morrison Community Hospital

Morrison Community Hospital ransomware attack

October 16, 2023

C.P. State New York

Cerebral Palsy State Under Siege. LockBit ransomware attack threatens with 6-Day ransom deadline

LockBit ransomware 3.0

The ransomware group exfiltrated miscellaneous documents including passwords, employees’ detail, financial data, backups, medical details, kids’ photo, etc. 

Cerebral Palsy State ransomware attack

October 17, 2023

Symposia Organizzazione Congressi, EDB  Soluzioni Elettroniche, Società Canavesana Servizi

The attacks targeting Italian companies continue. Medusa and Cactus add more victims to their data leak site

Medusa and Cactus ransomware

The ransomware gangs targeted Italian companies and demanded ransom of  $100,000.

Ransomware attacks on Italian companies

October 17, 2023

Intred and Piemme S.p.A.

BlackBasta adds two more Italian companies to its data leak site

BlackBasta ransomware

BlackBasta hit systems of two Italian companies Intred and Piemme S.p.A

Ransomware attack on two Italian companies Intred and Piemme S.p.A

October 18, 2023

Chilean government

Chilean government warns of Black Basta ransomware attacks after customs incident

Black Basta ransomware 

Officials from the Servicio Nacional de Aduanas de Chile said that they were able to prevent a cyber attack from progressing after discovering the incident.

Ransomware attack on Servicio Nacional de Aduanas de Chile — the government department in charge of foreign trade, imports and more

October 22, 2023

The District of Columbia Board of Elections (DCBOE)

D.C. Board of Elections: Hackers may have breached entire voter roll

RansomedVC group

Threat actors who breached a web server operated by the DataNet Systems hosting provider in early October may have obtained access to the personal information of all registered voters as the entire voter roll that may have been exposed contains a wide range of personally identifiable information (PII).

The District of Columbia Board of Elections (DCBOE) ransomware attack 

October 23, 2023

Chilean telecom giant GTD

Chilean telecom giant GTD hit by the Rorschach ransomware gang

Rorschach ransomware gang

Chile's Grupo GTD warned that a cyber-attack has impacted its Infrastructure as a Service (IaaS) platform, disrupting online services. The cyber-attack has allegedly affected numerous services, including its data centres, internet access, and Voice-over-IP (VoIP).

Ransomware attack on Chilean telecom giant GTD

October 23, 2023

ASVEL basketball team

ASVEL basketball team confirms data breach after ransomware attack

NoEscape ransomware gang

The threat actors claimed to have stolen 32 GB of data, including the personal data of players, passports and ID cards, and many documents relating to finance, taxation, and legal matters. NDAs, contracts, confidential letters. Contractual agreements with players are also allegedly included in the stolen data set.

Ransomware attack on ASVEL basketball team

October 25, 2023


Seiko says ransomware attack exposed sensitive customer data

Black Cat ransomware

Seiko confirmed that the incident has led to a data breach, exposing sensitive customer, partner, and personnel information. The company also confirmed that a total of 60,000 'items of personal data' held by its 'Group' (SGC), 'Watch' (SWC), and 'Instruments' (SII) departments were compromised by the attackers.

Seiko ransomware attack

October 25,2023

Victorville, a city in California

California city warns of data breach after ransomware attack claims

NoEscape ransomware gang

The ransomware gang added Victorville city to its list of victims, claiming it stole 200 GB of data from government systems.

Ransomware attack on Victorville, California

October 27, 2023

Stanford University

Stanford University is investigating a cyber-attack after ransomware claims

Akira ransomware gang

The ransomware gang claimed it attacked Stanford University and stole 430 gigabytes of data.

Stanford University ransomware attack

October 27, 2023


Boeing assessing Lockbit hacking gang threat of sensitive data leak

Lockbit ransomware

The Lockbit cybercrime gang claimed that it had "a tremendous amount" of sensitive data stolen from the aerospace giant that it would dump online if Boeing didn't pay the ransom by Nov. 2.

Boeing ransomware attack

October 27, 2023

Morskate Manufacturing

CL0P Ransomware targets Morskate Manufacturing

CL0P Ransomware

Hackers hit IT systems and stole company data.

Morskate Manufacturing ransomware attack

October 28, 2023

The City of Dallas

The City of Dallas, Texas was breached by Royal Ransomware

Royal Ransomware

The ransomware group targeted IT systems in the City of Dallas

The City of Dallas ransomware attack

 Back to Top 

New call-to-action

Data Breaches in October 2023




Threat Actor

Business Impact

Source Link

October 03, 2023


Sony confirms data breach impacting thousands in the U.S.

The threat actor MajorNelson (BreachForums) and RansomedVC

Late last month, following allegations on hacking forums that Sony had been breached again and 3.14 GB of data had been stolen from the company’s systems, the firm responded by saying it was investigating the claims. The leaked dataset, that at least two separate threat actors held, contained details for the SonarQube platform, certificates, Creators Cloud, incident response policies, a device emulator for generating licences, and more.

Sony Data Breach Update

October 03, 2023

Lyca Mobile

Lyca Mobile investigates customer data leak after cyber-attack


A cyber-attack caused disruption on Lyca Mobile’s network. The attack may have also compromised customer data and caused service provision interruptions in most countries where the network operates.

Lyca Mobile data breach

October 05 and 18, 2023

Genetics firm 23andMe

Genetics firm 23andMe says user data stolen in credential stuffing attack

A threat actor named 'Golem - (Addka72424, a name used on Breach Forums)

A hacker has leaked an additional 4.1 million stolen 23andMe genetic data profiles for people in Great Britain and Germany on a hacking forum.

23andMe data breach update

October 06, 2023

The District of Columbia Board of Elections (DCBOE)

D.C. Board of Elections confirms voter data stolen in site hack

RansomedVC group

The attackers accessed the information through the web server of DataNet, the hosting provider for Washington D.C.'s election authority, but the breach did not involve a direct compromise of DCBOE's servers and internal systems.

The District of Columbia Board of Elections (DCBOE) data breach

October 07, 2023

Flagstar Bank

Third Flagstar Bank data breach since 2021 affects 800,000 customers

Clop ransomware 

Flagstar Bank warned that over 800,000 US customers had their personal information stolen by cybercriminals due to a breach at a third-party service provider. Attackers had exploited a zero-day vulnerability in the MOVEit Transfer product to access Fiserv’s systems and, from there, stole Flagstar customer data the vendor held to provide services.

Flagstar Bank data breach

October 09, 2023

Air Europa

Air Europa data breach: Customers warned to cancel credit cards


Air Europa warned customers to cancel their credit cards after attackers accessed their card information in a recent data breach. The credit card details exposed in the breach include card numbers, expiration dates, and the 3-digit CVV (Card Verification Value) code on the back of the payment cards.

Air Europa data breach

October 11, 2023

Air Canada

BianLian extortion group claims responsibility for the recent Air Canada breach

BianLian extortion group

The BianLian extortion group claims to have stolen 210 GB of data after breaching the network of Air Canada, the country's largest airline and a founding member of Star Alliance.

Air Canada data breach

October 11, 2023


Casio says customers in 148 countries affected by breach


Casio said that an external cyber-attack was carried out against a database in the development environment for “ClassPad.net,” a web application managed and operated by Casio and as a result, the personal information of some customers in and outside Japan, stored in the database, was accessed and leaked. Casio has confirmed that there is no evidence of any unauthorised intrusion into assets other than the database in the development environment.

Casio data breach

October 17, 2023


D-Link confirms data breach after employee phishing attack


Taiwanese networking equipment manufacturer D-Link confirmed a data breach linked to information stolen from its network and put up for sale on BreachForums earlier this month as the attacker claimed to have stolen source code for D-Link's D-View network management software, along with millions of entries containing personal information of customers and employees, including details on the company's CEO.

D-Link data breach

October 20, 23 2023

Okta and Cloudflare

Okta says its support system was breached using stolen credentials


Okta said attackers accessed files containing cookies and session tokens uploaded by customers to its support management system after breaching it using stolen credentials. Cloudflare also discovered malicious activity linked to Okta's breach on its servers.

Data breach attack on Okta and Cloudflare

Okta data breach

October 21, 2023

American Family Insurance

American Family Insurance confirms cyber-attack is behind IT outages


Insurance giant American Family Insurance has confirmed it suffered a cyber-attack and shut down portions of its IT systems after customers reported website outages all week.

American Family Insurance cyber attack

October 22, 2023

Governments in the APAC region

New TetrisPhantom hackers steal data from secure USB drives on government systems

TetrisPhantom hackers

A new sophisticated threat tracked as ‘TetrisPhantom’ has been using compromised secure USB drives to target government systems in the Asia-Pacific region.

Data breach attack on the governments in the APAC region

October 22, 2023

City of Philadelphia

City of Philadelphia discloses data breach after five months


The City of Philadelphia investigated a data breach after attackers "may have gained access" to City email accounts containing personal and protected health information five months ago, in May.

City of Philadelphia data breach

October 23, 2023

University of Michigan

University of Michigan employee, student data stolen in cyber-attack


The University of Michigan said in a statement that they suffered a data breach after hackers broke into their network in August and accessed systems with information belonging to students, applicants, alumni, donors, employees, patients, and research study participants.

University of Michigan data breach

October 23, 2023

US energy services firm BHI Energy

US energy firm shares how Akira ransomware hacked its systems

Akira ransomware

The attack was first started by Akira ransomware using stolen VPN credentials for a third-party contractor to access BGI Energy's internal network. Akira operators revisited the network on June 16, 2023, to enumerate data that would be stolen. Between June 20 and 29, the threat actors stole 767k files containing 690 GB of data, including BHI's Windows Active Directory database.

Ransomware attack on a US energy services firm BHI Energy

October 25, 2023

The City of Philadelphia

Philadelphia: Hackers spent three months accessing city government email accounts


The types of information impacted could include: demographic information, such as name, address, date of birth, social security number, and other contact information as well as medical information and limited financial information related to claims.

The City of Philadelphia data breach

October 25, 2023

Redcliffe Labs

’12 million patient records exposed’: Researcher claims Redcliffe Labs hit by cyber attack; Company says ‘no data breach’


A cybersecurity expert has claimed that diagnostics service provider, Redcliffe Labs, has been hit by a cyber attack that exposed over 12 million patient records as Jeremiah Fowler has revealed that the database was non-password-protected and it contained over 12 million records containing medical diagnostic scans, test results, and other potentially sensitive medical records.

Redcliffe Labs data breach

October 27, 2023

Various software vendors

Lazarus hackers breached dev repeatedly to deploy SIGNBT malware

Lazarus group

The North Korean Lazarus hacking group repeatedly compromised a software vendor using flaws in vulnerable software despite multiple patches and warnings being made available by the developer. Lazarus breached the same victim multiple times indicating that the hackers aimed to steal source code or attempt a supply chain attack.

Various software vendors under data breach attack launched by Lazarus group

October 27, 2023


CCleaner says hackers stole users’ personal data during MOVEit mass-hack

Clop ransomware

Gen Digital, the multinational software company that owns CCleaner, Avast, NortonLifeLock and Avira brands, said that hackers had exploited the MOVEit vulnerability and hit CCleaner, to move large sets of sensitive data over the internet. The email to customers said that the hackers took names, contact information and information about the products that were purchased.

CCleaner data breach

October 28, 2023

The Clark County School District (CCSD) in Nevada

Hackers email parents the stolen data of their children in massive cyber attack on Nevada school district

SingularityMD (the hack team)

CCSD confirmed it suffered a cyber attack earlier this month, stating threat actors gained access to the district's email servers.

The Clark County School District (CCSD) data breach

Back to Top 

New call-to-action

Cyber Attacks in October 2023




Threat Actor

Business Impact

Source Link

October 02, 2023

Estes Express Lines

Estes reports cyber-attack caused by ongoing tech outage


The cyber-attack affected the company's visibility into its operations and shut down its point of sale — preventing new shipment bookings and halting incoming revenue.

Estes Express Lines cyber attack

October 10, 2023

Simpson Manufacturing

Simpson Manufacturing shuts down IT systems after cyber-attack


The company stated it detected IT problems and application outages. In response to the situation, Simpson took all impacted systems offline to prevent the attack's spread.

Simpson Manufacturing cyber attack

October 12, 2023

Kwik Trip

Kwik Trip says ‘network incident’ causing disruptions at stores


The incident caused a disruption to some of Kwik Trip’s systems 

Kwik Trip cyber attack

October 22, 2023

NY State casino operation

Cyber attacks hit NY state casino operation


The NY state Gaming Commission confirmed that its central operating system serving the state’s slot parlours was impacted by a cybersecurity attack — forcing the closure of Jake 58 casino in Islandia, Suffolk County, for several days.

NY state casino operation cyber attack

October 23, 2023

Shared health service provider TransForm

Cyber-attack on health services provider impacts 5 Canadian hospitals


Due to the impact of the cyber attack, patients were forced to reschedule their appointments   

Cyber attack on a Canadian health service provider 

October 23, 2023

Westchester Medical Center Health Network 

New York health network restores services after crippling cyber-attack


Westchester Medical Center Health Network warned that HealthAlliance Hospital, Margaretville Hospital and Mountainside Residential Care Center were experiencing a potential cybersecurity threat and an IT system outage as the provider was forced to divert ambulances away from all three facilities throughout the week and faced backlash from community members for not fully explaining the situation.

Cyber attack on a New York health network, Westchester Medical Center Health Network

October 25, 2023

Westchester Medical Center

Ambulances Diverted After Westchester Medical Center Health Network cyber-attack


Westchester Medical Center Health Network (WMCHealth) has experienced a cyber-attack that affected its information technology systems. Post the attack, the decision was taken to shut down all connected IT systems. The downtime was expected to last for 24 hours, and systems were brought back online on a rolling basis. All systems were restored by Monday, October 24.

Westchester Medical Center cyber attack

Back to Top 

New call-to-action

New Ransomware/Malware Discovered in October 2023

New Ransomware


Source Link

LostTrust ransomware

The LostTrust ransomware operation is believed to be a rebrand of MetaEncryptor, utilising almost identical data leak sites and encryptors.

LostTrust ransomware, a likely rebrand of the MetaEncryptor gang

New BunnyLoader malware

Security researchers discovered a new malware-as-a-service (MaaS) named 'BunnyLoader' advertised on multiple hacker forums as a fileless loader that can steal and replace the contents of the system clipboard.

New BunnyLoader threat emerges as a feature-rich malware-as-a-service

A DDoS malware botnet, IZ1H9

A Mirai-based DDoS (distributed denial of service) malware botnet tracked as IZ1H9 has added thirteen new payloads to target Linux-based routers and routers from D-Link, Zyxel, TP-Link, TOTOLINK, and others.

Mirai DDoS malware variant expands targets with 13 router exploits

The BlackCat/ALPHV ransomware’s new tool named 'Munchkin'

The BlackCat/ALPHV ransomware operation has begun to use a new tool named 'Munchkin' that utilises virtual machines to deploy encryptors on network devices stealthily.

BlackCat ransomware uses new ‘Munchkin’ Linux VM in stealthy attacks

New TetrisPhantom hackers

A new sophisticated threat tracked as ‘TetrisPhantom’ has been using compromised secure USB drives to target government systems in the Asia-Pacific region.

New TetrisPhantom hackers steal data from secure USB drives on govt systems

StripedFly malware

A sophisticated cross-platform malware platform named StripedFly flew under the radar of cybersecurity researchers for five years, infecting over a million Windows and Linux systems during that time.

StripedFly malware framework infects 1 million Windows, Linux hosts

Back to Top 

Vulnerabilities/Patches Discovered in October 2023




Source Link

October 02, 2023


Security researchers released a proof-of-concept (PoC) exploit for a maximum severity remote code execution vulnerability in Progress Software's WS_FTP Server file sharing platform.

Exploit available for critical WS_FTP bug exploited in attacks

October 02, 2023


Arm warned of an actively exploited vulnerability affecting the widely-used Mali GPU drivers.

Arm warns of Mali GPU flaws likely exploited in targeted attacks

October 02, 2023

CVE-2023-4863 and CVE-2023-4211

Google has released October 2023 security updates for Android, addressing 54 unique vulnerabilities, including two known to be actively exploited.

Ransomware gangs now exploiting critical TeamCity RCE flaw

October 03, 2023

CVE-2023-43654 and CVE-2022-1471

A set of critical vulnerabilities dubbed 'ShellTorch' in the open-source TorchServe AI model-serving tool impact tens of thousands of internet-exposed servers, some of which belong to large organisations.

ShellTorch flaws expose AI servers to code execution attacks

October 03, 2023

CVE-2023-33106, CVE-2023-33107, CVE-2022-22071, and CVE-2023-33063

Qualcomm is warning of three zero-day vulnerabilities in its GPU and Compute DSP drivers that hackers are actively exploiting in attacks.

Qualcomm says hackers exploit 3 zero-days in its GPU, DSP drivers

October 04, 2023


Cisco released security updates to fix a Cisco Emergency Responder (CER) vulnerability that let attackers log into unpatched systems using hard-coded credentials.

Cisco fixes hard-coded root credentials in Emergency Responder

October 04, 2023

CVE-2023-42824 and CVE-2023-5217

Apple released new emergency security updates to patch two new zero-day vulnerabilities known to be exploited in attacks. 

Apple emergency update fixes new zero-day used to hack iPhones

October 04, 2023


Australian software company Atlassian released emergency security updates to fix a maximum severity zero-day vulnerability in its Confluence Data Center and Server software, which has been exploited in attacks.

Atlassian patches critical Confluence zero-day exploited in attacks

October 11, 2023


Hackers are conducting a large-scale campaign to exploit the recent CVE-2023-3519 flaw in Citrix NetScaler Gateways to steal user credentials.

Hackers hijack Citrix NetScaler login pages to steal credentials

October 11, 2023


Microsoft said a Chinese-backed threat group tracked as 'Storm-0062' (aka DarkShadow or Oro0lxy) has been exploiting a critical privilege escalation zero-day in the Atlassian Confluence Data Center and Server since September 14, 2023.

Microsoft: State hackers exploiting Confluence zero-day since September

October 12, 2023


Sophos X-Ops recently observed an unsuccessful attempted ransomware activity against customers. The attempt utilised CVE-2023-40044, in WS_FTP Server from Progress Software.

Ransomware groups exploit flaws found in WS_FTP

October 12, 2023


Curl 8.4.0 has been released to patch and release details on a hyped up high-severity security vulnerability (CVE-2023-38545), easing week-long concerns regarding the flaw’s severity.

Hyped up curl vulnerability falls short of expectations

October 16, 2023


A critical severity vulnerability impacting Royal Elementor Addons and Templates up to version 1.3.78 is reported to be actively exploited by two WordPress security teams.

Hackers exploit critical flaw in WordPress Royal Elementor plugin

October 17  and 19, 2023


Cisco warned that hackers are targeting a line of its software through a previously unknown vulnerability.

Over 40,000 Cisco IOS XE devices infected with backdoor using zero-day

October 18, 2023


Hackers connected to the governments of Russia and China are allegedly using a vulnerability in a popular Windows tool to attack targets around the world, including in Ukraine and Papua New Guinea.

Russia and China-linked hackers exploit WinRAR bug

October 18, 2023


A critical vulnerability tracked as CVE-2023-4966 in Citrix NetScaler ADC/Gateway devices has been actively exploited as a zero-day since late August, security researchers announced.

Recently patched Citrix NetScaler bug exploited as zero-day since August

October 19, 2023


Hackers have targeted more than a dozen oil, gas and defence firms in Eastern Europe with an updated version of the MATA backdoor framework. The MATA backdoor was previously attributed to the North Korean hacker group Lazarus.

Eastern European energy and defence firms targeted with MATA backdoor

October 19, 2023

CVE-2023-35182, CVE-2023-35185, CVE-2023-35187

Security researchers found three critical remote code execution vulnerabilities in the SolarWinds Access Rights Manager (ARM) product that remote attackers could use to run code with SYSTEM privileges.

Critical RCE flaws found in SolarWinds access audit solution

October 23, 2023


Cisco disclosed a new high-severity zero-day (CVE-2023-20273), actively exploited to deploy malicious implants on IOS XE devices compromised using the CVE-2023-20198 zero-day unveiled earlier this week. It addressed these vulnerabilities on Oct 23. 

Cisco patches IOS XE zero-days used to hack over 50,000 devices

October 24, 2023


VMware warned customers that proof-of-concept (PoC) exploit code is now available for an authentication bypass flaw in vRealize Log Insight (now known as VMware Aria Operations for Logs).

VMware warns admins of public exploit for vRealize RCE flaw

October 25, 2023


The Winter Vivern Russian hacking group has been exploiting a Roundcube Webmail zero-day in attacks targeting European government entities and think tanks.

European govt email servers hacked using Roundcube zero-day

October 25, 2023


VMware issued security updates to fix a critical vCenter Server vulnerability that can be exploited to gain remote code execution attacks on vulnerable servers.

VMware fixes critical code execution flaw in vCenter Server

October 26, 2023

CVE-2023-38831, CVE-2023-23397

The Russian APT28 hacking group (aka 'Strontium' or 'Fancy Bear') has been targeting government entities, businesses, universities, research institutes, and think tanks in France since the second half of 2021 as it was linked to the exploitation of CVE-2023-38831, an RCE vulnerability in WinRAR, and CVE-2023-23397, a zero-day privilege elevation flaw in Microsoft Outlook.

France says Russian state hackers breached numerous critical networks

October 27, 2023


A critical vulnerability in the F5 BIG-IP configuration utility, tracked as CVE-2023-46747, allows an attacker with remote access to the configuration utility to perform unauthenticated remote code execution.

F5 fixes BIG-IP auth bypass allowing remote code execution attacks

 Back to Top 

New Call-to-action


News Type


Source Link


The FBI issued a public service announcement warning of a significant increase in 'phantom hacker' scams targeting senior citizens across the United States.

FBI warns of surge in 'phantom hacker' scams impacting the elderly


Windows Defender no longer flags tor.exe as a trojan. Microsoft stated, "We've reviewed the submitted files and have determined that they do not fit our definitions of malware or unwanted applications. As such, we've removed the detection."

Microsoft Defender no longer flags Tor Browser as malware


A recently uncovered phishing campaign is targeting Microsoft 365 accounts of key executives in US-based organisations by abusing open redirects from the Indeed employment website for job listings.

EvilProxy uses indeed.com open redirect for Microsoft 365 phishing


Hackers have been observed trying to breach cloud environments through Microsoft SQL Servers vulnerable to SQL injection.

Microsoft: Hackers target Azure cloud VMs via breached SQL servers


About 100,000 industrial control systems (ICS) were found on the public web, exposed to attackers probing them for vulnerabilities and at risk of unauthorised access as among them were power grids, traffic light systems, security and water systems.

Researchers warn of 100,000 industrial control systems exposed online


Hackers engaging in cyber espionage have targeted Chinese-speaking semiconductor companies with TSMC-themed lures that infect them with Cobalt Strike beacons.

China-linked cyberspies backdoor semiconductor firms with Cobalt Strike


The Federal Trade Commission says Americans have lost at least $2.7 billion to social media scams since 2021, with the actual number likely many times larger due to severe under-reporting.

FTC warns of ‘staggering’ losses to social media scams since 2021


Cloud computing provider Blackbaud reached a $49.5 million agreement with attorneys general from 49 U.S. states to settle a multi-state investigation of a May 2020 ransomware attack and the resulting data breach.

Blackbaud agrees to $49.5 million settlement for ransomware data breach


Multiple Balada Injector campaigns have compromised and infected over 17,000 WordPress sites using known flaws (CVE-2023-3169) in premium theme plugins.

Over 17,000 WordPress sites hacked in Balada Injector attacks last month


A new Magecart card skimming campaign hijacks the 404 error pages of online retailer's websites, hiding malicious code to steal customers' credit card information.

Hackers modify online stores’ 404 pages to steal credit cards


Colonial Pipeline said there has been no disruption to pipeline operations or their systems after a ransomware gang (Ransomed.vc gang) made several threats that data had been stolen from their systems.

Colonial Pipeline attributes ransomware claims to ‘unrelated’ third-party data breach


Valve has announced implementing additional security measures for developers publishing games on Steam, including SMS-based confirmation codes as it is to deal with a recent outbreak of malicious updates pushing malware from compromised publisher accounts.

Steam enforces SMS verification to curb malware-ridden updates


A new, lightweight variant of the RomCom backdoor was deployed against participants of the Women Political Leaders (WPL) Summit in Brussels, a summit focusing on gender equality and women in politics.

Women Political Leaders Summit targeted in RomCom malware phishing


The state-sponsored Russian hacking group tracked as 'Sandworm' has compromised eleven telecommunication service providers in Ukraine between May and September 2023.

Russian Sandworm hackers breached 11 Ukrainian telcos since May


Israeli Android users are targeted by a malicious version of the 'RedAlert – Rocket Alerts' app that, while it offers the promised functionality, acts as spyware in the background.

Fake 'RedAlert' rocket alert app for Israel installs Android spyware


A group of pro-Ukraine hacktivists known as the Ukrainian Cyber Alliance said it has shut down the leak site run by the Trigona ransomware group.

Pro-Ukraine group says it took down Trigona ransomware website


A Google Ads campaign was found pushing a fake KeePass download site that used Punycode to appear as the official domain of the KeePass password manager to distribute malware.

Fake KeePass site uses Google Ads and Punycode to push malware


The Iranian hacking group tracked as OilRig (APT34) breached at least twelve computers belonging to a Middle Eastern government network and maintained access for eight months between February and September 2023.

Iranian hackers lurked in Middle Eastern govt network for 8 months


A “key target” allegedly involved with the Ragnar Locker ransomware group was arrested in Paris.

Europol: ‘Key target’ in Ragnar Locker ransomware operation arrested in Paris 


Finnish prosecutors have charged a hacker on more than 30,000 counts related to allegedly breaching a Helsinki-based private psychotherapy centre.

Hacker accused of breaching Finnish psychotherapy centre facing 30,000 counts 


A threat actor is using fake LinkedIn posts and direct messages about a Facebook Ads specialist position at hardware maker Corsair to lure people into downloading info-stealing malware like DarkGate and RedLine.

Fake Corsair job offers on LinkedIn push DarkGate malware


The International Criminal Court (ICC) said that the serious cybersecurity incident it detected in September was an act of espionage.

War crimes tribunal says September cyberattack was act of espionage


Law enforcement officials in India conducted raids at 76 locations across the country accused of running tech support scams after receiving tips from Amazon and Microsoft.

India raids tech-support fraud compounds after tip from Amazon, Microsoft


Researchers have discovered possible signs of cooperation between the Palestinian militant organisation Hamas and one of the longest-running groups of Arabic-speaking hackers.

Hamas likely cooperates with hackers to stay online


The Spanish National Police have dismantled a cybercriminal organisation that carried out a variety of computer scams to steal and monetize the data of over four million people.

Spain arrests 34 cybercriminals who stole data of 4 million people


Several state and key industrial organisations in Russia were attacked with a custom Go-based backdoor that performs data theft, likely aiding espionage operations.

Hackers backdoor Russian state, industrial orgs for data theft


Cloudflare says the number of hyper-volumetric HTTP DDoS (distributed denial of service) attacks recorded in the third quarter of 2023 surpasses every previous year, indicating that the threat landscape has entered a new chapter.

Cloudflare sees surge in hyper-volumetric HTTP DDoS attacks


Hackers (YoroTrooper) believed to be based in Kazakhstan are targeting other members of the Commonwealth of Independent States in a wide-ranging espionage campaign.

Kazakhstan-based hackers targeting gov’t websites in Central Asia, Cisco says


Oldham council is to spend £682,000 on computer upgrades after bosses said they were fighting off 10,000 cyber attacks a day.

Oldham Council facing 10,000 cyber attacks a day, report says


The Russian government plans to have its own analogous version of the malware scanning platform VirusTotal up and running within the next two years, due to concerns the U.S. government could access data from the popular Google-owned service.

Russia to launch its own version of VirusTotal due to US snooping fears


At least 25 people have reportedly seen $4.4 million in crypto drained from across 80 wallets due to a 2022 data breach that impacted password storage software LastPass as in an Oct. 27 X (Twitter) post, pseudonymous on-chain researcher ZachXBT said he and MetaMask developer Taylor Monahan tracked the fund movements of at least 80 wallets compromised on Oct. 25.

Crypto thief steals $4.4M in a day as toll rises from LastPass breach

Back to Top 


Get Email Updates on our Latest News

Simply enter you details in the form below to subscribe:

  • Or call us on:
  • +44 (0) 203 189 1422