Category: Security Affairs

US CISA added four vulnerabilities (tracked as CVE-2023-36844, CVE-2023-36845, CVE-2023-36846, and CVE-2023-36847) in Juniper devices to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added six new vulnerabilities to its Known Exploited Vulnerabilities catalog, five issues impacting Juniper…

Read more →

The LockBit ransomware group published data allegedly stolen from the aerospace giant Boeing in a recent attack. The Boeing Company, commonly known as Boeing, is one of the world’s largest aerospace manufacturers and defense contractors.  In 2022, Boeing recorded $66.61 billion…

Read more →

North Korea-linked APT group Sapphire Sleet set up bogus skills assessment portals in attacks aimed at IT job seekers. The North Korea-linked APT group Sapphire Sleet (aka APT38, BlueNoroff, CageyChameleon, and CryptoCore) is considered a sub-group of the popular Lazarus…

Read more →

The Lorenz extortion group leaked the data stolen from the Texas-based Cogdell Memorial Hospital. In early November, the Cogdell Memorial Hospital (Scurry County Hospital District) announced it was experiencing a computer network incident that prevented the hospital from accessing some…

Read more →

The State of Maine disclosed a data breach that impacted about 1.3 million people after an attack hit its MOVEit file transfer install. The State of Maine was the victim of the large-scale hacking campaign that targeted organizations using the MOVEit file transfer…

Read more →

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Police…

Read more →

The Royal Malaysian Police announced the seizure of the notorious BulletProftLink phishing-as-a-service (PhaaS) platform. The Royal Malaysian Police announced to have dismantled the notorious BulletProftLink phishing-as-a-service (PhaaS) platform. A joint international operation conducted by the Malaysian police, the FBI, and the Australian…

Read more →

The Serbian citizen Milomir Desnica (33) has pleaded guilty to running the dark web Monopoly drug marketplace. Milomir Desnica, a 33-year-old Serbian citizen, admited to being responsible for operating the illicit Monopoly drug marketplace on the dark web. The man…

Read more →

McLaren Health Care (McLaren) experienced a data breach that compromised the sensitive personal information of approximately 2.2 million individuals. McLaren Health Care (McLaren) disclosed a data breach that occurred between late July and August. The security breach exposed the sensitive…

Read more →

After ChatGPT, Anonymous Sudan took down the Cloudflare website with a distributed denial-of-service (DDoS) attack. The hacktivist group Anonymous Sudan claimed responsibility for the massive distributed denial-of-service (DDoS) attack that took down the website of Cloudflare. Cloudflare confirmed that a DDoS attack…

Read more →

The Industrial and Commercial Bank of China (ICBC) suffered a ransomware attack that disrupted trades in the US Treasury market. The Industrial and Commercial Bank of China (ICBC) announced it has contained a ransomware attack that disrupted the U.S. Treasury…

Read more →

Microsoft spotted the exploitation of a SysAid zero-day vulnerability in limited attacks carried out by the Lace Tempest group. Microsoft reported the exploitation of a zero-day vulnerability, tracked as CVE-2023-47246, in the SysAid IT support software in limited attacks. The…

Read more →

On-demand moving and delivery platform Dolly.com allegedly paid a ransom but crooks found an excuse not to hold their end of the bargain. Cybercriminals are hardly a trustworthy bunch. Case in point: Dolly.com. The Cybernews research team believes that the…

Read more →

OpenAI confirmed that the outage suffered by ChatGPT and its API on Wednesday was caused by a distributed denial-of-service (DDoS) attack. OpenAI confirmed earlier today that the outage suffered by ChatGPT and its API on Wednesday was caused by a distributed…

Read more →

Mandiant reported that Russia-linked Sandworm APT used a novel OT attack to cause power outages during mass missile strikes on Ukraine. Mandiant researchers reported that Russia-linked APT group Sandworm employed new operational technology (OT) attacks that caused power outages while…

Read more →

US CISA added the vulnerability CVE-2023-29552 in the Service Location Protocol (SLP) to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability CVE-2023-29552 (CVSS score: 7.5) in the Service Location Protocol (SLP) to its Known Exploited Vulnerabilities catalog.…

Read more →

The largest and oldest bank in Russia Sberbank faced the record-breaking DDoS attack that reached 1 million RPS. Sberbank , the Russian banking and financial services giant, announced that it was recently hit by a record-breaking distributed denial of service…

Read more →

Security firm Sumo Logic disclosed a security breach after discovering the compromise of its AWS account compromised last week. Sumo Logic is a cybersecurity company that specializes in cloud-based log management and analytics. The company disclosed a security breach after…

Read more →

The FBI published a PIN alert warning of ransomware operators compromising third-party vendors and services for initial access to target environments. The Federal Bureau of Investigation (FBI) published a Private Industry Notification (PIN) to warn of ransomware initial access trends…

Read more →

Five Canadian hospitals were victims of a ransomware attack, threat actors claim to have stolen data from them and leaked them. Five Canadian hospitals revealed they were victims of ransomware attacks after threat actors leaked alleged stolen data. The impacted…

Read more →