Cyber Security Blog

Recent Cyber Attacks, Data Breaches & Ransomware Attacks March 2023

Written by Aditi Uberoi | 31 March 2023

Cyber attacks, ransomware attacks and data breaches continued to wreak havoc for organisations worldwide in March 2023. Businesses and individuals have been left reeling from their impact. These attacks have been highly sophisticated and targeted, causing significant financial and reputational damage to the affected parties. Check out this list of all the known attacks that took place in the month gone by. 

  1. Ransomware Attacks in March 2023
  2. Data Breaches in March 2023
  3. Cyber-Attacks in March 2023
  4. New Ransomware/Malware Detected in March 2023
  5. Vulnerabilities/Patches 
  6. Advisories issued, reports, analysis etc. in March 2023

 

Biggest Cybersecurity News of March 2023

Amongst the biggest headlines of March 2023 is the latest zero-day exploits hitting Fortra’s GoAnywhere software and by extension several major organisations that used the software. Luxury brand retailer Saks Fifth Avenue, the City of Toronto, consumer goods giant Procter & Gamble, mining company Rio Tinto, and the U.K.’s Pension Protection Fund (PPF) are just amongst the few large organisations to have been hit by Cl0p ransomware as a result of the GoAnywhere attack. 

The other biggest news of the month? The major 3CX supply chain attack that has left millions at risk. The desktop app supposedly has 12 million users in 190 countries including big names like BMW, Honda, American Express, Toyota etc. 

These series of attacks have yet again turned the conversation to supply chain and third-party security. Businesses worldwide are beginning to recognise the cautionary tale that lies here. This is simply that one must focus on bolstering one's own cyber defences and making sure that their third-party vendors are doing the same.  

It has also turned the spotlight once again on making sure your incident response plans and processes are up to date and relevant. Enlisting the assistance of highly-skilled and experienced cybersecurity practitioners such as our Virtual Cyber Assistants can be of critical importance here.     

Cybersecurity specialists can not only help you refresh your incident response policies and plans but also help you evaluate your business's breach readiness. It is also time to invest in third-party assessments to ensure that your organisation stays as safe as possible in the current threat landscape. 

Ransomware Attacks in March 2023

Date

Victim

Summary

Threat Actor

Business Impact

Source Link

March 1, 2023

Washington state public bus system

Washington state public bus system confirms ransomware attack.

LockBit ransomware

The threat actors disrupted the IT infrastructure of the state bus system and stole its customers’ information with a data leak warning.

Washington state public bus system ransomware attack

March 1, 2023

City of Oakland

Play ransomware claims disruptive attack on City of Oakland.

Play ransomware

The Play ransomware gang claimed to have stolen documents containing private, confidential data, financial and government papers, identity documents, passports, personal employee data, and even information allegedly proving human rights violations. On March 4, 2023, the ransomware gang published stolen files. The initial data leak consists of a 10 GB multi-part RAR archive.

City of Oakland ransomware attack

March 2, 2023 / March 24, 2023

Sun Pharma

Sun Pharma reports security breach, isolates impacted assets. Ransomware Group ALPHV BlackCat claimed responsibility for the ransomware attack, threatening to release sensitive data.

ALPHV Ransomware group

The attack impacted its IT systems but Sun Pharma isolated them on an immediate basis (March 2, 2023). 

The ransomware group has posted screenshots of data samples on their leak site, in addition to a data sample of 28 MB and claimed that they have over 17 TB (17000 GB) of data from the Indian Pharmaceutical major which they will release soon (March 24, 2023).

Sun Pharma ransomware attack

March 3, 2023

La Segunda Insurance

LockBit published data stolen from La Segunda including  judicial files, expert reports and medical data.

LockBit

LockBit group encrypted the insurer's systems and exposed 52 GB of sensitive information from the Rosario insurance company La Segunda. 

Rosario insurance company ransomware attack

March 5, 2023

Hospital Clínic de Barcelona

Hospital Clínic de Barcelona severely impacted by ransomware attack. 

RansomHouse ransomware operation

The ransomware attack impacted the emergency services of three medical centres associated with Clínic de Barcelona, including CAP Casanova, CAP Borrell, and CAP Les Corts and forced hospital staff to run operations manually.

Hospital Clínic de Barcelona ransomware attack

March 6, 2023

Institute of Space Technology Pakistan

Pakistan’s Institute of Space Technology hacked and student and staff’s personal data put up for ransom.

Medusa ransomware

Hackers stole passports, payslips, analysis details, etc. and demanded $500,000 from the university.

Institute of Space Technology Pakistan ransomware attack

March 7, 2023

Minneapolis Public Schools (MPS) district

Ransomware gang posts video of data stolen from Minneapolis schools.

Medusa ransomware 

The Medusa ransomware gang listed Minneapolis Public Schools (MPS) district as a victim on its Tor data leak site and threatened to publish all data it allegedly stole from the school. Demanded a $1,000,000 ransom from the school to delete stolen data.

Minneapolis Public Schools (MPS) district ransomware attack

March 10, 2023

Chile’s National Health Fund, Fonasa

BlackCat confirms attack on Fonasa.

BlackCat

A news source shared a stolen data file that includes a directory of files as well as some correspondence with the names, addresses, and city of Fonasa health beneficiaries, etc.

Chile’s National Health Fund, Fonasa ransomware attack

March 14, 2023

Essendant, a wholesale distributor of stationery and office supplies

LockBit ransomware claims Essendant attack; company says “network outage.”

LockBit ransomware

Due to the alleged ransomware attack on Essendant, customers were unable to place orders and contact customer care.

Essendant ransomware attack

March 20, 2023

Ferrari

Ferrari discloses data breach after receiving ransom demand.

Unknown

Italian luxury sports car maker said the attackers gained access to its network and the attackers demanded a ransom not to leak data stolen from its systems.

Ferrari ransomware attack

March 22, 2023

Food giant Dole

Dole discloses employee data breach after February ransomware attack.

Unknown

The ransomware group accessed information of an undisclosed number of employees.

Food giant Dole data breach

March 24, 2023

Tennessee city-(Oak Ridge)

Tennessee city hit with ransomware attack.

Unknown

The attack affected the IT systems of the City of Oak Ridge, leaving its website unresponsive.

Tennessee city-(Oak Ridge) ransomware attack

March 27, 2023

Crown Resorts

Crown Resorts confirms ransom demand after GoAnywhere breach.

Cl0p Ransomware

Crown Resorts confirmed that it is being extorted by Cl0p, which claims to have stolen data from its networks; it says there is no evidence of the data breach impacting customers.

Crown Resorts ransomware attack


Worried by the recent rise in ransomware attacks and demands? Use these FREE resources created by our cybersecurity experts to help you prepare for ransomware attacks and mitigating the damage they can cause:

  1. Ransomware Mitigation Checklist
  2. Ransomware Response Checklist
  3. Ransomware Response Workflow Guide  

Back to Top 



Data Breaches in March 2023

Date

Victim

Summary

Threat Actor

Business Impact

Source Link

March 2, 2023

WH Smith

British retail chain WH Smith says it suffered a data breach in which information was stolen.

Unknown

The data breach exposed information belonging to current and former employees.

WH Smith data breach

March 2, 2023

Hatch Bank

Hatch Bank discloses data breach after Cl0p ransomware attack on GoAnywhere MFT.

Cl0p ransomware (Apparently) 

Hackers stole the personal information of almost 140,000 customers from the company's Fortra GoAnywhere MFT secure file-sharing platform.

Hatch Bank data breach

March 2, 2023

Chick-fil-A

Chick-fil-A confirms accounts hacked in months-long "automated" attack.

Unknown

Chick-fil-A confirmed that they suffered a credential stuffing attack in which its customers' accounts were breached between December 18th, 2022, and February 12th, 2023.

Chick-fil-A data breach

March 2, 2023

GunAuction.com

Hackers steal gun owners’ data from firearm auction website.

Unknown

The breach exposed high volumes of sensitive personal data for more than 550,000 users. Also, the stolen data, allegedly, makes it possible to link a particular person with the sale or purchase of a specific weapon.

Gun owner GunAuction.com data breach

March 2, 2023

Unknown users of credit and debit cards

BidenCash market leaks information of over 2 million stolen credit cards, debit cards and charge cards for free.

Dark Web marketplace BidenCash

A carding marketplace known as BidenCash has leaked online a free database of 2,165,700 debit and credit cards in celebration of its first anniversary.

BidenCash leaks stolen credit and debit cards

March 2, 2023

The Sandbox

Sandbox blockchain game breached to send emails linking to malware.

Unknown

An attacker hacked an employee of The Sandbox in February, 2023 to gain access to several email addresses belonging to the company and has leveraged this access to send emails to users that appeared to come from The Sandbox, containing links to malware hosted at another site.

Sandbox game data breach

March 6, 2023

DrayTek Vigor

New malware infects business routers for data theft, surveillance.

Unknown

An ongoing hacking campaign called 'Hiatus' targeted DrayTek Vigor router models 2960 and 3900 to steal data from victims and build a covert proxy network.

DrayTek Vigor data breach

March 6, 2023

DC Health Link

FBI investigates DC Health Link data breach impacting U.S. House members and staff.

A hacker who calls himself IntelBroker on Breach Forums

The breach affected about 170,000 individuals as the account information and PII of hundreds of Member and House staff were stolen.

DC Health Link data breach 

March 6, 2023

Acer

Acer confirms breach after threat actors attacked a server hosting private documents used by repair technicians.

A hacker who calls himself IntelBroker on Breach Forums

The threat actor hacked servers and claimed 160 GB of stolen data containing technical manuals, software tools, backend infrastructure details, product model documentation for phones, tablets, and laptops, BIOS images, ROM files, ISO files, and replacement digital product keys (RDPK).

Acer data breach

March 6, 2023

HDFC Bank

HDFC Bank denies data breach even as 7.5 GB of customer information is allegedly leaked for free on Hacker Forum. 

Threat actor using the title Kernelware on Breach Forums

The threat actor posted 7.5 GB of stolen data belonging to HDFC Bank for download without any payment.

HDFC data breach

March 7, 2023

AT&T

AT&T alerts 9 million customers of data breach after vendor hack.

Unknown

In a January hack, a vendor that AT&T uses for marketing experienced a security incident in which hackers exposed information of 9 million customers as they accessed Customer Proprietary Network Information from some wireless accounts, such as the number of lines on an account or wireless rate plan, etc.

AT&T data breach

March 9, 2023

Acronis

Swiss technology and cybersecurity firm, Acronis, has been hit by a data breach in which the hacker has apparently leaked 21 GB of data. 

A hacker who calls himself Kernelware on Breach Forums

The hacker stole and leaked data of about 21 GB including various certificate files, command logs, system configurations, system information logs, archives of their filesystem, and python scripts for their maria.db database, backup configuration stuff, and loads of screenshots of their backup operations.

Cybersecurity Firm Acronis Data Breach

March 10, 2023

Mental healthcare provider Cerebral

Mental healthcare provider Cerebral alerts 3.1M people of data breach.

Human Error

The company disclosed that they had been using invisible pixel trackers from Google, Meta (Facebook), TikTok, and other third parties on its online services since October 12, 2019. Cerebral said the sensitive medical information of people who used the provider's platform was exposed to third parties without the patient's permission.

Cerebral data breach

March 12, 2023

Lending protocol Euler Finance

Hackers steal $197 million in crypto in Euler Finance attack.

Unknown

The cryptocurrency theft involved multiple tokens, including $8.75 million worth of DAI, $18.5 million in WBTC, $33.85 million in USDC, and $135.8 million in stETH.

Euler Finance crypto steal incident

March 12, 2023

STALKER 2 game developer

STALKER 2 game developer hacked by Russian hacktivists, data stolen.

Hackers’ community from a Russian social network

The hackers posted a message on the Russian social media platform VK, claiming to have stolen a “vast amount of STALKER 2 material,” including the entire storyline, cutscene descriptions, concept art, global maps, and more.

STALKER 2 game developer data breach

March 13, 2023

LA housing authority HACLA

LA housing authority HACLA discloses data breach after ransomware attack.

LockBit Ransomware gang

The examined server logs showed that the hackers might have accessed the personal and financial information including passports belonging to members of HACLA.

LA Housing Authority HACLA ransomware attack

March 15, 2023

Cybersecurity firm Rubrik

US-based cybersecurity firm Rubrik confirms data breach due to “unauthorised access”.  

Cl0p Ransomware

The company said that “there was no lateral movement,” meaning cybercriminals did not manage to infect other parts of the company’s IT infrastructure. It insists that no sensitive data, such as social security and financial account numbers or payment details, were accessed. 

Cybersecurity firm Rubrik data breach

March 16, 2023 (Updated on March 27, 2023) 

A Deutsche Bank subsidiary, Latitude Financial Services (Latitude)

Latitude Financial data breach now impacts 14 million customers. 

Unknown

Latitude confirmed it was impacted by a cyberattack on March 16, affecting 330,000 customers, but, after further investigating the incident, on March 27, 2023, Latitude revealed that the impact of the incident is much more significant, now believed to have affected 14 million customers or loan applicants from Australia and New Zealand.



Latitude Financial Services data breach

March 17, 2023

Hitachi Energy

Hitachi Energy confirms data breach after Cl0p GoAnywhere attacks.

Cl0p Ransomware

The ransomware group stole employees' data in some countries.

Hitachi Energy data breach 

March 17, 2023

NBA 

NBA alerts fans of a data breach exposing personal information held by a third-party newsletter service provider.

Unknown

NBA said it recently became aware that an unauthorised third party gained access to, and obtained a copy of its fans’ names and email addresses, which was held by a third-party service provider that helps NBA communicate via email with fans. It said that there is no indication that NBA’s own systems, users’ username, password, or any other information has been impacted.

The NBA (National Basketball Association) data breach

March 19, 2023

Donut Leaks-(A data extortion group)

MONTI ransomware gang leaks login cpanel credentials of  Donut Leaks-(A data extortion group).

MONTI Ransomware

The leaked listing provided the login credentials to what is allegedly Donut Leaks’ admin cpanel.

Donut Leaks data breach

March 20, 2023

Saks Fifth Avenue

Saks Fifth Avenue becomes a victim of GoAnywhere zero-day attack. 

Cl0p Ransomware

The company stated that no real customer data was impacted. It did not address if corporate or employee data was stolen.

Saks Fifth Avenue data breach

March 21, 2023

City of Oakland

LockBit ransomware gang now also claims the City of Oakland breach.

LockBit ransomware

After Play ransomware group claimed a data breach in February, City of Oakland got a second threatening call by Lockbit group with a warning that it has stolen information of the City’s employees etc. and it will publish it on April 10, 2023.

City of Oakland data breach

March 23, 2023

City of Toronto

City of Toronto confirms data theft, Cl0p claims responsibility.

Cl0p Ransomware

The City spokesperson stated that the hacker's access is limited to files that were unable to be processed through the third party secure file transfer system.

City of Toronto data breach

March 23, 2023

Pension Protection Fund UK

Pension Protection Fund confirms employee data exposed in GoAnywhere breach.

Cl0p Ransomware 

A fund spokesperson said that hackers obtained data on some employees of the UK’s Pension Protection Fund after exploiting a third-party data transfer service.

Pension Protection Fund data breach

March 23, 2023

Procter & Gamble

Procter & Gamble confirms data theft via GoAnywhere zero-day.

Cl0p Ransomware

Consumer goods giant Procter & Gamble has confirmed a data breach affecting an undisclosed number of employees.

Procter & Gamble data breach

March 23, 2023

Virgin Group

Virgin Group added to Cl0p gang’s victim leak site.

Cl0p Ransomware

Virgin's representative said the attack only involved Virgin Red, not the group itself and the exposed files don't pose any risks to customers or employees.

Virgin Group data breach

March 23, 2023

Mining group Rio Tinto

Rio Tinto becomes victim of GoAnywhere  breach.

Cl0p Ransomware

Rio Tinto said personal data of some of its Australian employees may have been stolen.

Rio Tinto data breach

March 23, 2023

Kids tech camp iD Tech

Kids tech camp iD Tech still silent weeks after data breach.

Unknown

The hacker claims to have stolen close to 1 million user records, including names, dates of birth, passwords stored in plaintext and about 415,000 unique email addresses.

Kids tech camp iD Tech data breach

March 24, 2023

OpenAI ChatGPT

OpenAI reveals the Redis bug was behind the ChatGPT user data exposure incident.

Open-source library bug behind data leak

The company said due to the bug, some subscription confirmation emails generated during that window were sent to the wrong users. It explained that in the hours before the service was disrupted on Monday (March 20), it was possible for some users to see another active user’s first and last name, email address, payment address, the last four digits of the credit card number, and credit card expiration date. 

OpenAI ChatGPT data breach incident

March 27, 2023

Crown Resorts

Crown Resorts investigating potential data breach (GoAnywhere) after being contacted by hacking group.

Cl0p Ransomware (apparently)

The gaming and entertainment group said it was recently contacted by a ransomware group claiming to have illegally obtained a limited number of Crown files through the breach of third-party file transfer service GoAnywhere, but the company said no customer data has been compromised and business operations have not been impacted.

Crown Resorts data breach

Back to Top 

Cyber Attacks in March 2023

Date

Victim

Summary

Threat Actor

Business Impact

Source Link

March 1, 2023

Poland’s Tax Service

Poland blames Russian hackers for a cyber attack on a tax service website.

Pro-Russian hacker group NoName057(16)

The cyber attack caused the website to crash for approximately one hour and blocked users’ access to the online tax filing system.

Poland’s Tax Service DDoS attack

March 06, 2023

Essendant, a wholesale distributor of stationery and office supplies

Essendant, owned by Staples, faced multi-day "outage"; orders froze.

LockBit ransomware

Essendant experienced a multi-day systems "outage" preventing customers and suppliers from placing and fulfilling online orders.

Staples-owned Essendant cyber attack 

March 7, 2023

Commonwealth Bank of Australia's Indonesian unit

Commonwealth Bank of Australia's Indonesian arm hit by cyber attack

Unknown

The incident involves unauthorised access of a web-based software application used for project management, and the bank's Australian systems were segregated from PTBC systems.

Commonwealth Bank of Australia's Indonesian unit cyber attack

March 29, 2023

Supreme Court of Pakistan

Supreme Court website recovers after cyber attack

Unknown

Undisclosed

Supreme Court of Pakistan cyber attack

March 29, 2023

3CX desktop app 

Hackers compromise 3CX desktop app in a major supply chain attack. The attacker appears to be using digitally signed and rigged installers of the popular voice and video conferencing software to target downstream customers.

A suspected North Korean state-backed hacking group tracked as Labyrinth Collima.

In this ongoing supply chain attack, the attackers are targeting both Windows and macOS users of the compromised 3CX softphone app. Malicious activity includes beaconing to actor-controlled infrastructure, deployment of second-stage payloads. The most common post-exploitation activity observed to date is the spawning of an interactive command shell.

3CX supply chain cyber attack

March 28, 2023

A Kansas School district - Newton Public Schools

Cyber attack prompts school closure

Unknown

The cyber attack forced the school district to cancel  classes for two days.

Kansas School district cyber attack

March 29, 2023

Apartment giant Meriton

Apartment giant Meriton targeted in cyber attack.

Unknown

Meriton has revealed it was targeted in a cyber attack in January which potentially impacted the details of almost 2000 people as the company said both guests who have stayed at Meriton suites as well as past and present employees could have been affected by the hack. 35.6 GB of data was potentially compromised.

Apartment giant Meriton cyber attack


Back to Top 

New Ransomware/Malware Discovered in March 2023

New Ransomware

Summary

Source Link

A new Linux version of APT27’s SysUpdate 

The APT27 hacking group, aka "Iron Tiger," has prepared a new Linux version of its SysUpdate custom remote access malware.

Iron Tiger hackers create Linux version of their custom malware

A custom backdoor MQsTTang

The Chinese cyber espionage hacking group Mustang Panda was seen deploying a new custom backdoor named 'MQsTTang' in attacks starting this year.

Chinese hackers use new custom backdoor to evade detection

New Stop/Djvu Ransomware (v0655)

Stop/Djvu Ransomware (v0655); Extension: .gosw; Ransom note: _readme.txt

New version of Stop/Djvu Ransomware (v0655)

Skynetwork Ransomware

Skynetwork Ransomware; MedusaLocker ransomware family; Extension: .skynetwork8 (the number may differ); Ransom note: How_to_back_files.html

MedusaLocker family’s Skynetwork Ransomware

A new version of the ‘Soul’ malware framework

The Sharp Panda cyber-espionage hacking group is targeting high-profile government entities with a new version of the ‘Soul’ malware framework.

New malware variant has “radio silence” mode to evade detection

New version of Xenomorph Android malware 

New Xenomorph Android malware is capable of conducting malicious attacks, including a new automated transfer system (ATS) framework and the ability to steal credentials for 400 banks.

Xenomorph Android malware now steals data from 400 banks

Acessd Ransomware-(MedusaLocker)

Acessd Ransomware; MedusaLocker ransomware family; Extension: .acessd; Ransom note: How_to_back_files.html

Acessd Ransomware; MedusaLocker ransomware family

GoBruteforcer

A new Golang-based botnet malware scans for and infects web servers.

New GoBruteforcer malware targets phpMyAdmin, MySQL, FTP, Postgres

BACKJOHN ransomware

BACKJOHN ransomware; Phobos ransomware family; Extension: .BACKJOHN (also appends filenames with victim's unique ID and developers' email address); Ransom notes: info.txt and info.hta

BACKJOHN ransomware of Phobos ransomware family

Youhau Ransomware

Youhau Ransomware; VoidCrypt ransomware family; Extension: .youhau (filenames are also appended with victim's ID and developers' email address); Ransom note: Dectryption-guide.txt

Youhau Ransomware of VoidCrypt ransomware family

Merlin Ransomware

Merlin Ransomware; Extension: .Merlin; Ransom note: Merlin_Recover.txt

New Merlin ransomware

DrWeb Ransomware

DrWeb Ransomware; Xorist ransomware family; Extension: .DrWeb; Ransom notes: КАК РАСШИФРОВАТЬ ФАЙЛЫ.txt and pop-up window

DrWeb Ransomware of Xorist ransomware family

Usr ransomware

Usr ransomware; Phobos ransomware family; Extension: .usr (also appends filenames with victim's unique ID and developers' email address); Ransom notes: info.txt and info.hta

New Usr ransomware of Phobos ransomware family

Stop/Djvu Ransomware (v0668)

Stop/Djvu Ransomware (v0668); Extension: .darj; Ransom note: _readme.txt

New version of of Stop/Djvu ransomware-(v0668) 

Stop/Djvu Ransomware (v0671)

Stop/Djvu Ransomware (v0671); Extension: .tywd; Ransom note: _readme.txt

New version of Stop/Djvu ransomware-(v0671)

Rans-A Ransomware

Rans-A Ransomware; Xorist ransomware family; Extension: .Rans-A; Ransom notes: pop-up window and HOW TO DECRYPT FILES.txt

Rans-A Ransomware of Xorist ransomware family

Stop/Djvu Ransomware (v0673)

Stop/Djvu Ransomware (v0673); Extension: .tyos; Ransom note: _readme.txt

New version of Stop/Djvu ransomware-(v0673)

 

Back to Top 

Vulnerabilities/Patches Discovered in March 2023

Date

Flaws/Fixes

Summary

Source Link

March 1, 2023

Windows 11 22H2 known issue

A Windows 11 22H2 issue causing some apps not to be installed during Windows provisioning has been fixed. 

Microsoft fixes bug causing apps to not install during provisioning

March 1, 2023

RCE flaw (CVE-2023-20078)

Cisco has addressed a critical security vulnerability found in the Web UI of multiple IP Phone models that unauthenticated and remote attackers can exploit in remote code execution (RCE) attacks.

Cisco patches critical Web UI RCE flaw in multiple IP phones

March 1, 2023

The command injection vulnerabilities are tracked as CVE-2023-22747, CVE-2023-22748, CVE-2023-22749, and CVE-2023-22750 and the stack-based buffer overflow bugs are tracked as CVE-2023-22751 and CVE-2023-22752, and

Aruba Networks published a security advisory to inform customers about six critical-severity vulnerabilities impacting multiple versions of ArubaOS, its proprietary network operating system.

Aruba Networks fixes six critical vulnerabilities in ArubaOS

March 4, 2023

CVE-2023-1017 (out-of-bounds read) and CVE-2023-1018 (out-of-bounds write)

The Trusted Platform Module (TPM) 2.0 specification is affected by two buffer overflow vulnerabilities that could allow attackers to access or overwrite sensitive data, such as cryptographic keys.

New TPM 2.0 flaws could let hackers steal cryptographic keys

March 8, 2023

CVE-2023-27532

Veeam urged customers to patch a high-severity Backup Service security vulnerability impacting its Backup & Replication software.

Veeam fixes bug that lets hackers breach backup infrastructure

March 12, 2023

Microsoft’s known issue in Windows 11

Microsoft has finally addressed a known issue causing significant performance hits when copying large files over SMB after installing the Windows 11 2022 update.

Microsoft finally fixes Windows 11 slow file copy issues over SMB

March 13, 2023

(CVE-2022-41328)

Unknown attackers used zero-day exploits to abuse a new FortiOS bug-(CVE-2022-41328) patched this month in attacks targeting government and large organisations that have led to OS and file corruption and data loss.

Fortinet: New FortiOS bug used as zero-day to attack govt networks

March 13, 2023

CVE-2023-23397 - Microsoft Outlook Elevation of Privilege Vulnerability, CVE-2023-24880 - Windows SmartScreen Security Feature Bypass Vulnerability

Microsoft's March 2023 Patch Tuesday fixed two actively exploited zero-day vulnerabilities and a total of 83 flaws.

Microsoft March 2023 Patch Tuesday fixes 2 zero-days, 83 flaws

March 14, 2023

Zero-day-(CVE-2023-24880)

Microsoft has patched another zero-day bug-(tracked as CVE-2023-24880) used by attackers to circumvent the Windows SmartScreen cloud-based anti-malware service and deploy Magniber ransomware payloads without raising any red flags.

Microsoft fixes Windows zero-day exploited in ransomware attacks

March 27, 2023

CVE-2023-23529

Apple has released security updates to backport patches released last month, addressing an actively exploited zero-day bug-(CVE-2023-23529) for older iPhones and iPads.

Apple fixes recently disclosed WebKit zero-day on older iPhones

March 28, 2023

A security flaw in the design of the IEEE 802.11 WiFi protocol standard

Cybersecurity researchers have discovered a fundamental security flaw in the design of the IEEE 802.11 WiFi protocol standard, allowing attackers to trick access points into leaking network frames in plaintext form.

WiFi protocol flaw allows attackers to hijack network traffic

March 29, 2023

CVE-2023-22809.

Taiwanese hardware vendor QNAP warns customers to secure their Linux-powered network-attached storage (NAS) devices against a high-severity Sudo privilege escalation vulnerability.

QNAP warns customers to patch Linux Sudo flaw in NAS devices

 Back to Top 

Warnings/Advisories/Reports/Analysis

News

Summary

Source Link

Report

Russia’s internet watchdog agency Roskomnadzor bans the use of many foreign private messaging applications in Russian government and state agencies including Discord, Microsoft Teams, Skype, Snapchat, Telegram, Threema, Viber, WhatsApp, WeChat.

Russia bans foreign messaging apps in government organisations

Report

Microsoft is investigating an ongoing outage blocking Exchange Online customers worldwide from accessing their mailboxes or sending/receiving emails.

Microsoft Exchange Online outage blocks access to mailboxes worldwide

Warning

An ongoing phishing campaign is pretending to be Trezor data breach notifications attempting to steal a target's cryptocurrency wallet and its assets.

Trezor warns of massive crypto wallet phishing campaign

Report

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has released 'Decider,' an open-source tool that helps defenders and security analysts quickly generate MITRE ATT&CK mapping reports.

CISA releases free ‘Decider’ tool to help with MITRE ATT&CK mapping

Warning

CISA and the FBI have issued a joint advisory highlighting the increasing threat behind ongoing Royal ransomware attacks targeting many U.S. critical infrastructure sectors, including healthcare, communications, and education.

FBI and CISA warn of increasing Royal ransomware attack risks

Report

An opposition-linked Polish mayor had his phone hacked using Pegasus spyware, amid allegations that the country’s special services have used the technology against government opponents.

Opposition-linked Polish mayor targeted by Pegasus spyware

Report

A new report has revealed that India accounted for 20 percent of all records exposed as a result of data breaches in 2022. 

India suffered second-highest data breaches in 2022 with 450 million records exposed

Report

Online travel agency giant Booking.com said that it was not compromised through a vulnerability on the platform that was recently discovered by researchers from Salt Security

Online travel giant says it was not compromised through recently-discovered vulnerability

Report

The Federal Trade Commission (FTC) has proposed to ban the online counselling service BetterHelp from sharing its customers’ sensitive mental health data with advertising networks and marketers.

FTC to ban BetterHelp from sharing mental health data with advertisers

Report

Nvidia has released a display driver hotfix to address recently reported high CPU usage and blue screen issues on Windows 10 and Windows 11 systems.

Nvidia releases driver hotfix for Windows performance issues

Analysis

Threat actors linked to the IceFire ransomware operation now actively target Linux systems worldwide with a new dedicated encryptor.

IceFire ransomware now encrypts both Linux and Windows systems

Report

A suspected Chinese hacking campaign has been targeting unpatched SonicWall Secure Mobile Access (SMA) appliances to install custom malware that establishes long-term persistence for cyber espionage campaigns.

SonicWall devices infected by malware that survives firmware upgrades

Analysis

Microsoft’s Security Intelligence team investigated a business email compromise (BEC) attack and found that attackers move rapidly, with some steps taking mere minutes.

Microsoft: Business email compromise attacks can take just hours

Report

Akamai reports having mitigated the largest DDoS (distributed denial of service) attack ever launched against a customer based in the Asia-Pacific region.

Akamai mitigates record-breaking 900 Gbps DDoS attack in Asia

Report

An international law enforcement operation involving the FBI and police agencies worldwide led to the arrest of the suspected administrator of the NetWire remote access trojan.

Police seize Netwire RAT malware infrastructure, arrest admin

Report

Blackbaud has agreed to pay $3 million to settle charges brought by the SEC, alleging that it failed to disclose the full impact of a 2020 ransomware attack that affected more than 13,000 customers.

Blackbaud to pay $3M for misleading ransomware attack disclosure

Report

The collapse of the Silicon Valley Bank (SVB) on March 10, 2023, has sent ripples of turbulence throughout the global financial system, but for hackers, scammers, and phishing campaigns, it's becoming an excellent opportunity.

Cybercriminals exploit SVB collapse to steal money and data

Report

An international law enforcement operation has seized the cryptocurrency mixing service 'ChipMixer' which is said to be used by hackers, ransomware gangs, and scammers to launder their proceeds.

ChipMixer platform seized for laundering ransomware payments, drug sales

Report

A new threat actor named 'YoroTrooper' has been targeting energy organisations in CIS countries as the threat actor has compromised accounts of a critical European Union agency engaged in healthcare, WIPO, and various European embassies.

YoroTrooper cyberspies target CIS energy orgs, EU embassies

Warning

According to a public service announcement issued by the Federal Bureau of Investigation (FBI), Americans are increasingly targeted in 'pig butchering' cryptocurrency investment schemes.

FBI warns of spike in ‘pig butchering’ crypto investment schemes

Report

The FBI confirmed they have access to the database of the notorious BreachForums (aka Breached) hacking forum after the U.S. Justice Department also officially announced the arrest of its owner.

FBI confirms access to Breached cybercrime forum database

Warning

German and South Korean government agencies have warned about cyber attacks mounted by a threat actor tracked as Kimsuky using rogue browser extensions to steal users' Gmail inboxes.

German and South Korean Agencies Warn of Kimsuky's Expanding Cyber Attack Tactics

Report

The Australian Federal Police (AFP) has arrested four members of a cybercriminal syndicate that has laundered $1.7 million stolen from at least 15 victims between January 2020 and March 2023.

Australian police arrest four BEC actors who stole $1.7 million

Report

A new ransomware operation named 'Dark Power' has appeared, and it has already listed its first victims on a dark web data leak site, threatening to publish the data if a ransom is not paid.

New Dark Power ransomware claims 10 victims in its first month

Warning

The Federal Bureau of Investigation is warning companies in the U.S. of threat actors using tactics similar to business email compromise that allow less technical actors to steal various goods from vendors.

FBI: Business email compromise tactics used to defraud U.S. vendors

Report

Twitter has taken down internal source code for its platform and tools that was leaked on GitHub for months. Now it's using a subpoena to search for those who leaked and downloaded its code.

Twitter takes down source code leaked online, hunts for downloaders

Report

A surge of trojanized Tor Browser installers targets Russians and Eastern Europeans with clipboard-hijacking malware that steals infected users' cryptocurrency transactions.

Trojanized Tor browsers target Russians with crypto-stealing malware

Warning

Experts are warning of a rise in cyberattacks and potential malicious activity, an average increase of 45 percent is observed and will likely continue during the Ramadan period.

UAE residents under cyberattack as Ramadan deals drive shopping spree

Back to Top