Date: 2 October 2023
The Biggest Cyber Attacks, Ransomware Attacks and Data Breaches - our compilation for the month of September 2023.
- Ransomware Attacks in September 2023
- Data Breaches in September 2023
- Cyber-Attacks in September 2023
- New Ransomware/Malware Detected in September 2023
- Vulnerabilities/Patches
- Advisories issued, reports, analysis etc. in September 2023
The massive ransomware attacks on MGM and Caesars Entertainment clearly dominated all conversation about cybersecurity in September 2023.
Attacks on casinos and hotels always get a more than fair share of attention - they're dramatic, involve a lot of money, cause direct inconvenience to customers, make for interesting press - all the pandemonium that cyber criminals tend to love. No wonder casino heists also form the plots of several potboilers.
Yet, while these attacks were the most spoken of - they were far, far from being the only samples of cyber crime in the month gone by. Schools, city councils, kids snacks, government ministries, healthcare organisations, dating apps, electricity grids, charitable organisations and crypto businesses are just some of the many victims that emerged through our research. Airbus, SONY, Air Canada, Pizza Hut Australia and even Save the Children were compromised in one way or the other.
The alarming thing here is that of all these big names were breached in just one month - such is the rapid rise in the rate of cyber crime across the globe.
Nobody and we mean absolutely nobody can now afford to be relaxed about their cybersecurity. It's time to gather forces, ramp up protection and bolster defences with urgency.
At Cyber Management Alliance, we offer game-changing cybersecurity consultancy services that are accessible to all businesses, regardless of their size and industry.
Our Virtual Cyber Assistant and Virtual Cyber Consultant services provide easy, remote access to highly skilled cybersecurity experts to any business looking to amplify its cybersecurity endeavours. With over 280 services across 15 domains, you can find exactly what you're looking for in the most cost-effective package available in the market. We also have readymade packages for Cyber Essentials, BCP, ISO 27001 and many others.
Ransomware Attacks in September 2023
|
Date |
Victim |
Summary |
Threat Actor |
Business Impact |
Source Link |
|
September 01, 2023 |
Pennsylvania school district to stay open despite ransomware attack |
Unknown |
The attack caused a network disruption affecting the operability of certain CASD computer systems. Students have been unable to access the internet on premises and were advised to leave their Chromebook and iPad devices at home. |
Ransomware attack on the Chambersburg Area School District in Pennsylvania |
|
|
September 06, 2023 |
The Seville City Council suspends all telematic services due to a computer hijacking: “It will not be negotiated” |
LockBit Ransomware |
The Seville City Council has returned to paper notes and in-person procedures after suffering the hijacking of its computer systems by a group of cybercriminals, as confirmed by the City Council. The hackers have allegedly demanded up to one and a half million dollars (1,396,642 euros) from the municipal government, although it has assured that "in no case will it negotiate with cybercriminals." |
||
|
September 06, 2023 |
Minneapolis school district says data breach affected more than 100,000 people |
The Medusa ransomware group |
Minneapolis Public Schools has begun notifying more than 100,000 people that their personal information may have been leaked after a cyber attack earlier this year. The Medusa ransomware group claimed the attack on March 7, demanding $1 million to decrypt MPS systems. The school district did not pay up and ten days later the gang leaked data — including what appeared to be highly sensitive student files — and it posted a 51-minute video that included screenshots of the allegedly stolen information. |
||
|
September 07, 2023 |
Hackers claim to publish prominent Israeli hospital’s patient data |
Ragnar Locker ransomware gang |
Hackers who breached an Israeli hospital near Tel Aviv last month said they started leaking stolen data because no ransom was paid. The ransomware attack on Mayanei Hayeshua Medical Center resulted in the shutdown of its administrative computer systems, leading the hospital to redirect new patients and those requiring emergency care to other medical centres. |
||
|
September 07, 2023 |
Caesars Entertainment Pays $15 Million Ransom to Cyber Hackers after Breach |
ALPHV and Scattered Spider |
Caesars Entertainment confirmed the cybersecurity attack in a September, 14, SEC filing as the company wrote that on September 7, “we determined that the unauthorised actor acquired a copy of, among other data, our loyalty program database, which includes driver’s licence numbers and/or social security numbers for a significant number of members in the database”. Caesars leadership also allegedly negotiated with the criminals and paid $15 million as ransom. |
||
|
September 11, 2023 |
Sri Lankan government loses months of data following ransomware attack |
Unknown |
Sri Lanka’s government email network was hit by a ransomware attack that wiped months of data from thousands of email accounts, including ones belonging to top government officials as the attack, which started at the end of August, affected nearly 5,000 email addresses using the gov.lk email domain. The victims include Sri Lanka’s council of ministers which forms the central government of the country. |
||
|
September 11, 2023 |
MGM Resorts shuts down IT systems after cyber attack |
ALPHV and Scattered Spider |
MGM Resorts International disclosed that it was dealing with a cybersecurity issue that impacted some of its systems, including its main website, online reservations, and in-casino services, like ATMs, slot machines, and credit card machines. |
||
|
September 13, 2023 |
Royal Dutch Football Association confirms it paid ransom for hacked employee data |
LockBit |
The governing body for soccer in the Netherlands said that it paid a ransom to hackers who breached its systems earlier this year and stole the sensitive data of more than more than 1.2 million employees and members. The threat actor LockBit claimed to have stolen 305 GB of data. |
||
|
September 14, 2023 |
An undisclosed third party supplier based in Stockport, UK |
Manchester police officers’ data stolen following ransomware attack on supplier |
Unknown |
A ransomware attack on a third-party supplier compromised the personal details of thousands of officers with Greater Manchester Police (GMP) in North West England. |
Ransomware attack on a third party supplier of Greater Manchester Police |
|
September 18, 2023 |
Kuwait isolates some government systems following attack on its Finance Ministry |
Rhysida ransomware gang |
The government of Kuwait suffered a ransomware attack that affected its Ministry of Finance. Government officials immediately tried to separate and shut off affected systems. |
||
|
September 22, 2023 |
Dallas says Royal Ransomware breached its network using stolen account |
Royal Ransomware |
The City of Dallas, Texas, said that the Royal Ransomware attack that forced it to shut down all IT systems in May started with a stolen account. During this period, they successfully collected and exfiltrated 1.169 TB worth of files based on system log data analysis conducted by city officials and external cybersecurity experts. |
||
|
September 26, 2023 |
Sony investigates cyber attack as hackers fight over who's responsible |
RansomedVC and MajorNelson (BreachForums name) |
Sony said that it is investigating allegations of a cyber attack this week as different hackers have stepped up to claim responsibility for the purported hack. Claims of attacking Sony's systems were initially made by an extortion group called RansomedVC. This group claimed that it had breached Sony's networks and stolen 260 GB of data during the attack that they are attempting to sell for $2.5 million. But on the other side, MajorNelson (another group) leaked for free a 2.4 GB compressed archive, which contains 3.14 GB of uncompressed data that it claims belongs to Sony. |
||
|
September 27, 2023 |
Building automation giant Johnson Controls |
Building automation giant Johnson Controls hit by ransomware attack |
Dark Angels ransomware gang |
Johnson Controls International has suffered what is described as a massive ransomware attack that encrypted many of the company devices, including VMware ESXi servers, impacting the company’s and its subsidiaries’ operations. The threat actors claimed to have stolen over 27 TB of corporate data and encrypted the company's VMWare ESXi virtual machines during the attack. |
|
|
September 27, 2023 |
Philippine Health Insurance Corporation (PhilHealth) |
Philippines state health org struggling to recover from ransomware attack |
Medusa Ransomware Gang |
The ransomware incident forced Philippine Health Insurance Corporation to take several websites and portals offline as the ransomware gang gave PhilHealth 10 days to pay several different ransoms, including $100,000 to extend the ransomware’s deadline and $300,000 to either delete all the stolen data or download it. |
Ransomware attack on Philippine Health Insurance Corporation |
|
September 29, 2023 |
Large Michigan healthcare provider confirms ransomware attack |
Black Cat/ALPHV ransomware gang |
According to the Detroit Free Press, the company reported outages affecting billing and electronic health record systems as McLaren had to shut down the computer network at 14 different facilities — a situation that got so bad that employees had to communicate through their personal phones. |
Data Breaches in September 2023
|
Date |
Victim |
Summary |
Threat Actor |
Business Impact |
Source Link |
|
September 01, 2023 |
Golf equipment maker Callaway |
Golf gear giant Callaway data breach exposes info of 1.1 million |
Unknown |
The incident exposed sensitive personal and account information of more than a million customers in the United States. The data breach has apparently impacted customers of Callaway and its sub-brands Odyssey, Ogio, and Callaway Gold Preowned sites that all operate under the same business umbrella. |
|
|
September 03, 2023 |
University of Sydney data breach impacts recent applicants |
Unknown |
In this breach incident, a third-party service provider exposed personal information of recently applied and enrolled international applicants of University of Sydney. |
||
|
September 04, 2023 |
Freecycle, an online forum dedicated to exchanging used items |
Freecycle confirms massive data breach impacting 7 million users |
Unknown |
Freecycle confirmed a massive data breach that affected more than 7 million users. The non-profit organisation said it discovered the breach weeks after a threat actor put the stolen data for sale on a hacking forum on May 30, and warned affected people to switch passwords immediately. The stolen information includes usernames, User IDs, email addresses, and MD5-hashed passwords, with no other information exposed. |
|
|
September 05, 2023 |
Dating App Coffee Meets Bagel |
Coffee Meets Bagel says recent outage caused by destructive cyber attack |
Unknown |
CMB confirmed that the outages were caused by their systems being breached and a hacker deleting company data, causing the production servers to no longer operate correctly. |
|
|
September 05, 2023 |
Atlas VPN zero-day vulnerability leaks users' real IP address |
Unknown |
An Atlas VPN zero-day vulnerability has been affecting the Linux client that leaks a user's real IP address simply by visiting a website. |
||
|
September 12, 2023 |
Canadian Nurses Association confirms data theft after group dumps stolen info |
Two different ransomware groups — Snatch and Nokoyawa |
The Canadian Nurses Association (CNA) confirmed that it worked with its members to respond to a leak of sensitive data stolen by a group of hackers earlier this year. |
||
|
September 13, 2023 |
Airbus investigates data leak allegedly involving thousands of suppliers |
Threat actor using the moniker "USDoD" |
Airbus said that it investigated a cybersecurity incident following reports that a hacker posted information on 3,200 of the company’s vendors to the dark web. The threat actor using the moniker "USDoD" posted on BreachForums that they obtained access to an Airbus web portal after compromising the account of a Turkish airline employee. |
||
|
September 13, 2023 |
Rollbar discloses data breach after hackers stole access tokens |
Unknown |
Software bug-tracking company Rollbar announced that unknown attackers hacked its systems in early August and gained access to customer access tokens. |
||
|
September 14, 2023 |
US-Canada water commission, International Joint Commission (IJC) |
US-Canada water commission investigating cyber attack |
NoEscape ransomware gang |
The International Joint Commission (IJC) announced that it experienced a cyber attack following reports that ransomware hackers claimed to have stolen reams of data. The ransomware gang claimed it attacked the organisation — which has offices in Washington, D.C., Ottawa and Windsor — and stole 80 GB of contracts, geological files, conflict of interest forms and more. |
Data breach attack on US-Canada water commission, International Joint Commission (IJC) |
|
September 15, 2023 |
Satellite, defence, and pharmaceutical industries based in Israel, the U.S., Brazil, and the United Arab Emirates. |
Iranian state hackers target satellite, defence organisations worldwide |
Peach Sandstorm |
Hackers linked to Iran’s government targeted thousands of organisations in the satellite, defence, and pharmaceutical industries as part of an espionage campaign. The hacking group allegedly compromised some targeted organisations based in Israel, the U.S., Brazil, and the United Arab Emirates. |
Data breach attack on satellite, defence organisations worldwide |
|
September 19, 2023 |
Hackers breached International Criminal Court’s systems |
Unknown |
The International Criminal Court (ICC) disclosed a cyberattack after discovering last week that its systems had been breached. |
||
|
September 20, 2023 |
TransUnion denies it was hacked, links leaked data to 3rd party |
Threat actor known as USDoD |
According to the USDoD's listing published on a hacking forum over the weekend, the database allegedly stolen from TransUnion's systems includes a wide range of sensitive information of roughly 59,000 people worldwide but TransUnion denied this claim. |
||
|
September 20, 2023 |
Pizza Hut Australia warns 193,000 customers of a data breach |
“Shiny Hunters” (@shinycorp) |
Pizza Hut Australia sent data breach notifications to customers, warning them that a cyber attack allowed hackers to access their personal information. The notification said that the hacker gained unauthorised access to Pizza Hut Australia systems storing sensitive information of customers who made online orders, as well as partial financial data and encrypted account passwords. |
||
|
September 21, 2023 |
Air Canada says hackers accessed limited employee records during cyber attack |
Unknown |
Canada’s largest airline announced a data breach that involved the information of employees, but said its operations and customer data were not impacted. |
||
|
September 21, 2023 |
T-Mobile denies new data breach rumours, points to authorised retailer |
An unknown threat actor under the alias 'emo' |
T-Mobile denied suffering another data breach. News reports had alleged that a threat actor leaked a large database allegedly containing T-Mobile employees’ data. Someone under the alias 'emo' apparently shared an 89 GB ZIP archive allegedly containing T-Mobile data on the BreachForums hacking forum for free. |
||
|
September 25, 2023 |
BORN Ontario child registry data breach affects 3.4 million people |
Clop ransomware's MOVEit hacking spree |
An investigation revealed that threat actors copied files containing sensitive information of approximately 3.4 million people, primarily newborns and pregnancy care patients, who benefited from BORN services between January 2010 and May 2023. |
||
|
September 25, 2023 |
SickKids impacted by BORN Ontario data breach that hit 3.4 million |
Clop ransomware's MOVEit hacking spree |
The Hospital for Sick Children, more commonly known as SickKids is amongst healthcare providers that were impacted by the recent breach at BORN Ontario. |
Cyber Attacks in September 2023
|
Date |
Victim |
Summary |
Threat Actor |
Business Impact |
Source Link |
|
September 03, 2023 |
Supermarket chain Lidl. |
Children's PAW Patrol themed snack recalled due to a compromised URL on the packaging which directs to an adult content site |
Unknown |
Supermarket chain Lidl has been recalling four types of PAW Patrol-themed snacks across the UK as a compromised URL listed on the snack's packaging leads to a porn site. |
|
|
September 04, 2023 |
German financial regulator's website hit by DDoS attack |
Unknown |
Due to the impact of the DDoS attack, the website of Germany’s Federal Financial Supervisory Authority (BaFin) was only partially accessible over the weekend. |
Cyber attack on Germany’s Federal Financial Supervisory Authority (BaFin) |
|
|
September 05, 2023 |
Coffee Meets Bagel says recent outage caused by destructive cyber attack |
Unknown |
Coffee Meets Bagel (CMB) suffered a worldwide outage, with users upset that they could not coordinate planned dates or continue communicating with their matches and CMB confirmed that the outages were caused by their systems being breached and a hacker deleting company data, causing the production servers to no longer operate correctly. |
||
|
September 05, 2023 |
Hawai’i State Department of Health resolves website defacement |
Unknown |
The department of health for Hawaiʻi has fixed a website defacement caused by a cybercrime group. It denied that hackers had access to any other government systems. The incident affected healthybydefault.hawaii.gov — a website created by the Hawaiʻi State Department of Health (DOH). |
Cyber attack on the website of Hawai’i State Department of Health |
|
|
September 11, 2023 |
Save the Children International hit with cyber attack, but says operations weren’t impacted |
BianLian hacker gang |
The global charity organisation confirmed that it was recently hit with a cyber attack after a ransomware group claimed to have breached the organisation’s systems. The organisation said the hackers gained unauthorised access to parts of their network but their operations weren’t impacted. |
||
|
September 12, 2023 |
A national electricity grid organisation in Asia |
'Redfly' hackers infiltrated power supplier's network for 6 months |
An espionage threat group tracked as 'Redfly' |
An espionage threat group tracked as 'Redfly' hacked a national electricity grid organisation in Asia and quietly maintained access to the breached network for six months. |
Cyber attack on a national electricity grid organisation in Asia |
|
September 13, 2023 |
CoinEx confirms hack after $31 million in cryptocurrency allegedly stolen from exchange |
North Korea’s Lazarus hacking group (Apparently) |
Cryptocurrency exchange CoinEx confirmed that a hacker stole millions of dollars worth of cryptocurrency in an attack. While the company claims the amount of losses is still being determined, blockchain data collected by several cryptocurrency security firms shows that about $31 million worth of coins was allegedly stolen from the platform. |
||
|
September 14, 2023 |
U.S based Victims in the defence, satellite, and pharmaceutical sectors |
Iranian hackers breach defence orgs in password spray attacks |
APT33 (aka Peach Sandstorm, HOLMIUM, or Refined Kitten) |
Microsoft says an Iran-backed threat group has targeted thousands of organisations in the U.S. and worldwide, in password spray attacks since February 2023. State hackers also allegedly stole sensitive information from a limited number of victims in the defence, satellite, and pharmaceutical sectors. |
Cyber attack on U.S based victims in the defence, satellite, and pharmaceutical sectors |
|
September 15, 2023 |
Upstate New York non-profit hospitals still facing issues after LockBit ransomware attack |
LockBit |
For two weeks, the hospitals have been dealing with a cybersecurity incident that forced them to divert ambulances to other local hospitals and reschedule most appointments. |
Cyber attack on Carthage Area Hospital and Claxton-Hepburn Medical Center |
|
|
September 19, 2023 |
Crypto lender Celsius |
Claimants in Celsius crypto bankruptcy targetted in phishing attack |
Unknown |
Scammers impersonated the bankruptcy claim agent for crypto lender Celsius in phishing attacks that attempt to steal funds from cryptocurrency wallets. |
|
|
September 22, 2023 |
Government of Bermuda links cyber attack to Russian hackers |
Unknown Russian hackers |
The Government of British overseas territory Bermuda has linked a cyber attack affecting all its departments' IT systems to Russian hackers. The Government said: "The public is advised that the Government Is currently experiencing internet/email and phone service interruptions. All Departments are impacted". |
||
|
September 25, 2023 |
Hong Kong crypto business Mixin |
Hong Kong crypto business Mixin says hackers stole $200 million in assets |
Allegedly North Korean government’s APT38 hacking group — known by many researchers as Lazarus or TraderTraitor |
A cryptocurrency business based in Hong Kong announced that hackers had stolen around $200 million of its assets after attacking its cloud service provider. |
|
|
September 26, 2023 |
Product leasing giant Progressive Leasing |
Product leasing giant warns that sensitive information was stolen during a cyber attack |
AlphV/Black Cat ransomware |
Progressive Leasing said it experienced a cybersecurity incident affecting certain Progressive Leasing systems. |
|
|
September 28, 2023 |
Russian flight booking system Leonardo |
Russian flight booking system suffers ‘massive’ cyber attack |
The Ukrainian hacktivist group IT Army |
DDoS attack on Leonardo lasted about an hour and affected the operation of several Leonardo customers, including Russian air carriers Rossiya Airlines, Pobeda and flagship airline Aeroflot. |
New Ransomware/Malware Discovered in September 2023
|
New Ransomware |
Summary |
Source Link |
|
The Chaes malware |
The Chaes malware has returned as a new, more advanced variant that includes a custom implementation of the Google DevTools protocol for direct access to the victim's browser functions, allowing it to steal data using WebSockets. |
Chaes malware now uses Google Chrome DevTools Protocol to steal data |
|
A new Mirai malware |
A new Mirai malware botnet variant has been spotted infecting inexpensive Android TV set-top boxes used by millions for media streaming. |
Mirai variant infects low-cost Android TV boxes for DDoS attacks |
|
RedLine Clipper, Agent Tesla, and OriginBotnet |
Researchers have identified a new phishing campaign that uses Microsoft Word documents to distribute malware that can log what a victim types, syphon cryptocurrency funds, and steal sensitive data. |
Phishing campaign uses Word documents to distribute three malware strains |
|
An unknown backdoor malware named 'Sponsor' |
A nation-state threat actor known as 'Charming Kitten' (Phosphorus, TA453, APT35/42) has been observed deploying a previously unknown backdoor malware named 'Sponsor' against 34 companies around the globe. |
|
|
A new information stealer malware, 'MetaStealer' |
A new information stealer malware has appeared in the wild, stealing a wide variety of sensitive information from Intel-based macOS computers. |
|
|
Bumblebee malware |
The malware loader 'Bumblebee' has broken its two-month vacation with a new campaign that employs new distribution techniques that abuse 4shared WebDAV services. |
Bumblebee malware returns in new attacks abusing WebDAV folders |
|
An info-stealing malware 'LuaDream’ |
A previously unknown threat actor dubbed 'Sandman' targets telecommunication service providers in the Middle East, Western Europe, and South Asia, using a modular info-stealing malware named 'LuaDream'. |
|
|
A malware named 'Deadglyph' |
A novel and sophisticated backdoor malware named 'Deadglyph' was seen used in a cyberespionage attack against a government agency in the Middle East. |
New stealthy and modular Deadglyph malware used in govt attacks |
|
new ZenRAT malware |
Fake Bitwarden sites are pushing installers purportedly for the open-source password manager that carry a new password-stealing malware that security researchers call ZenRAT. |
Fake Bitwarden sites push new ZenRAT password-stealing malware |
|
Menorah malware |
APT34 hackers sent phishing emails to victims believed to be based in Saudi Arabia, ultimately infecting them with the Menorah malware. |
Alleged Iranian hackers target victims in Saudi Arabia with new spying malware |
Vulnerabilities/Patches Discovered in September 2023
|
Date |
Flaws/Fixes |
Summary |
Source Link |
|
September 01, 2023 |
CVE-2023-34039 |
Proof-of-concept exploit code has been released for a critical SSH authentication bypass vulnerability in VMware's Aria Operations for Networks analysis tool (formerly known as vRealize Network Insight). |
Exploit released for critical VMware SSH auth bypass vulnerability |
|
September 04, 2023 |
CVE-2023-28432 and CVE-2023-28434 |
Hackers are exploiting two recent MinIO vulnerabilities to breach object storage systems and access private information, execute arbitrary code, and potentially take over servers. |
Hackers exploit MinIO storage system to breach corporate networks |
|
September 05, 2023 |
CVE-2023-39238, CVE-2023-39239, CVE-2023-39240 |
Three critical-severity remote code execution vulnerabilities impact ASUS RT-AX55, RT-AX56U_V2, and RT-AC86U routers, potentially allowing threat actors to hijack devices if security updates are not installed. |
ASUS routers vulnerable to critical remote code execution flaws |
|
September 06, 2023 |
CVE-2023-35674 |
This high-severity zero-day vulnerability (CVE-2023-35674) is a flaw in the Android Framework that enables attackers to escalate privileges without requiring user interaction or additional execution privileges. |
|
|
September 11, 2023 |
CVE-2023-4863 |
Google released emergency security updates to fix the fourth Chrome zero-day vulnerability exploited in attacks since the start of the year. |
Google fixes another Chrome zero-day bug exploited in attacks |
|
September 12, 2023 |
CVE-2023-26369 |
Adobe has released security updates to patch a zero-day vulnerability in Acrobat and Reader tagged as exploited in attacks. Even though additional information on the attacks is yet to be disclosed, the zero-day is known to affect both Windows and macOS systems. |
Adobe warns of critical Acrobat and Reader zero-day exploited in attacks |
|
September 12, 2023 |
CVE-2023-41064 |
Apple released security updates for older iPhones to fix a zero-day vulnerability tracked as CVE-2023-41064 that was actively exploited to infect iOS devices with NSO's Pegasus spyware. |
|
|
September 15, 2023 |
CVE-2023-4863 |
Mozilla released an advisory warning users of a vulnerability affecting its popular web browser and email client. |
|
|
September 19, 2023 |
CVE-2023-41179 |
Trend Micro fixed a remote code execution zero-day vulnerability in Trend Micro's Apex One endpoint protection solution that was actively exploited in attacks. |
Trend Micro fixes endpoint protection zero-day used in attacks |
|
September 22, 2023 |
CVE-2023-41991, CVE-2023-41992, and CVE-2023-41993 |
Security researchers with the Citizen Lab and Google's Threat Analysis Group (TAG) revealed that three zero-days patched by Apple earlier in the week were abused as part of an exploit chain to install Cytrox's Predator spyware. |
Recently patched Apple, Chrome zero-days exploited in spyware attacks |
|
September 26, 2023 |
CVE-2023-5129 |
Google has assigned a new CVE ID (CVE-2023-5129) to a libwebp security vulnerability exploited as a zero-day in attacks and patched two weeks ago. |
Google assigns new maximum rated CVE to libwebp bug exploited in attacks |
|
September 26, 2023 |
CVE-2023-32315 |
Hackers are actively exploiting a high-severity vulnerability in Openfire messaging servers to encrypt servers with ransomware and deploy cryptominers. |
Hackers actively exploiting Openfire flaw to encrypt servers |
|
September 27, 2023 |
CVE-2023-5217 |
Google has patched the fifth Chrome zero-day vulnerability exploited in attacks since the start of the year in emergency security updates. |
Google fixes fifth actively exploited Chrome zero-day of 2023 |
Warnings/Advisories/Reports/Analysis
|
News Type |
Summary |
Source Link |
|
Report |
Researchers said that ransomware campaigns are using internet-exposed Microsoft SQL databases as a beachhead to launch attacks on victim systems. |
Ransomware attackers are targeting exposed Microsoft SQL databases |
|
Warning |
A team of researchers from the University of Wisconsin-Madison has uploaded to the Chrome Web Store a proof-of-concept extension that can steal plaintext passwords from a website's source code. |
Chrome extensions can steal plaintext passwords from websites |
|
Report |
A new sextortion scam is making the rounds that pretends to be an email from the adult site YouPorn, warning that a sexually explicit video of you was uploaded to the site and suggesting you pay to have it taken down. |
|
|
Warning |
Identity and access management company Okta released a warning about social engineering attacks targeting IT service desk agents at U.S.-based customers in an attempt to trick them into resetting multi-factor authentication (MFA) for high-privileged users. |
Okta: Hackers target IT help desks to gain Super Admin, disable MFA |
|
Report |
The Swedish Authority for Privacy Protection (IMY) has fined insurer Trygg-Hansa $3 million for exposing sensitive data belonging to hundreds of thousands of customers on its online portal. |
Insurer fined $3M for exposing data of 650 k clients for two years |
|
Report |
Online cryptocurrency casino Stake.com announced that its ETH/BSC hot wallets had been compromised to perform unauthorised transactions, with over $40 million in crypto reportedly stolen. |
Crypto casino Stake.com loses $41 million to hot wallet hackers |
|
Report |
An Atlas VPN zero-day vulnerability affecting the Linux client leaks a user's real IP address simply by visiting a website. |
Atlas VPN zero-day vulnerability leaks users' real IP address |
|
Report |
Toyota says a recent disruption of operations in Japan-based production plants was caused by its database servers running out of storage space. |
Toyota says filled disk storage halted Japan-based factories |
|
Report |
Researchers have uncovered a hidden “phishing empire” targeting businesses in Europe, Australia and the U.S. with a sophisticated new tool. |
New phishing tool hijacked thousands of Microsoft business email accounts |
|
Report |
According to cybersecurity researchers, cybercriminals are targeting French-speaking architects, engineers and graphic designers with malware that turns their computers into cryptocurrency mining machines. |
GPU-thirsty hackers target architects, designers with cryptomining malware |
|
Warning |
In January 2021, the Threat Analysis Group (TAG) publicly disclosed a campaign from government backed actors in North Korea who used 0-day exploits to target security researchers working on vulnerability research and development. Recently, TAG became aware of a new campaign likely from the same actors based on similarities with the previous campaign. |
|
|
Report |
Britain’s National Cyber Security Centre (NCSC) and National Crime Agency (NCA) published a joint report detailing the ways in which the ransomware ecosystem is increasingly professionalising “in a bid to gain efficiencies and maximise profits.” |
Don’t focus on ransomware variants, say UK’s national cyber and crime agencies |
|
Warning |
The Associated Press warned of a data breach impacting AP Stylebook customers where the attackers used the stolen data to conduct targeted phishing attacks. |
Associated Press warns that AP Stylebook data breach led to phishing attack |
|
Warning |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered federal agencies to patch security vulnerabilities abused as part of a zero-click iMessage exploit chain to infect iPhones with NSO Group's Pegasus spyware. |
CISA warns govt agencies to secure iPhones against spyware attacks |
|
Report |
Researchers said cybercriminals appeared to have deployed bots to break into customer accounts at several large automakers, then harvested important information about thousands of individual vehicles and offered it for sale in private Telegram channels. |
Nearly 15,000 accounts raided at automaker sites to harvest vehicle IDs, report says |
|
Report |
Reported ransomware attacks on organisations in the United Kingdom reached record levels last year, when criminals compromised data of potentially more than 5.3 million people from over 700 organisations, according to a surprisingly neglected dataset published by the Information Commissioner’s Office (ICO). |
Ransomware attacks hit record level in UK, according to neglected official data |
|
Report |
The U.S. National Security Council (NSC) urged the governments of all countries participating in the International Counter Ransomware Initiative (CRI) to issue a joint statement announcing they will not pay ransoms to cybercriminals, according to three sources with knowledge of the plans. |
White House urging dozens of countries to publicly commit to not pay ransoms |
|
Report |
The BlackCat (ALPHV) ransomware gang now uses stolen Microsoft accounts and the recently spotted Sphynx encryptor to encrypt targets' Azure cloud storage. |
BlackCat ransomware hits Azure Storage with Sphynx encryptor |
|
Report |
The Irish Data Protection Commission (DPC) has fined TikTok €345 million ($368 million) for violating the privacy of children between the ages of 13 and 17 while processing their data. |
TikTok slapped with $368 million fine over child privacy violations |
|
Report |
TikTok is flooded by a surge of fake cryptocurrency giveaways posted to the video-sharing platform, with almost all of the videos pretending to be themes based on Elon Musk, Tesla, or SpaceX. |
|
|
Report |
The Microsoft AI research division accidentally leaked dozens of terabytes of sensitive data starting in July 2020 while contributing open-source AI learning models to a public GitHub repository. |
Microsoft leaks 38TB of private data via unsecured Azure storage |
|
Report |
T-Mobile customers said they could see other peoples' account and billing information after logging into the company's official mobile application. |
T-Mobile app glitch let users see other people's account info |
|
Report |
TikTok is flooded with videos promoting fake nude celebrity photo leaks used to push referral rewards for the Temu online megastore. |
Fake celebrity photo leak videos flood TikTok with Temu referral codes |
|
Report |
The National Student Clearinghouse (NSC) reported that nearly 900 colleges and universities across the U.S. had data stolen during attacks by a Russia-based ransomware gang exploiting the popular MOVEit file-sharing tool. |
MOVEit fallout continues as National Student Clearinghouse says nearly 900 schools affected |
|
Report |
Ukrainian cybersecurity officials said that Russia is stepping up its cyberattacks on Ukraine's law enforcement agencies in an effort to uncover what they know about war crimes committed by Russian soldiers. |
Russian hackers target Ukrainian government systems involved in war crimes investigations |
|
Report |
Suspected Chinese hackers targeted a Middle Eastern telecom organisation and an Asian government in a recent spying operation. The hacking group Budworm, also known as Emissary Panda and APT27 attacked a U.S. state legislature using a Log4j vulnerability and now Budworm used a previously unseen version of its custom backdoor called SysUpdate to spy on the unnamed telecom company and Asian government body. |
Suspected China-based hackers target Middle Eastern telecom, Asian government |
|
Warning |
Progress Software, the maker of the MOVEit Transfer file-sharing platform recently exploited in widespread data theft attacks, warned customers to patch a maximum severity vulnerability in its WS_FTP Server software. |
Progress warns of maximum severity WS_FTP Server vulnerability |
|
Warning |
The FBI has warned about a new trend in ransomware attacks where multiple strains are deployed on victims' networks to encrypt systems in under two days. |
FBI: Dual ransomware attack victims now get hit within 48 hours |
