Monthly Archives: September 2023

Chinese Hackers TAG-74 Targets South Korean Organizations in a Multi-Year Campaign

A “multi-year” Chinese state-sponsored cyber espionage campaign has been observed targeting South Korean academic, political,...

26
Sep
Critical JetBrains TeamCity Flaw Could Expose Source Code and Build Pipelines to Attackers

A critical security vulnerability in the JetBrains TeamCity continuous integration and continuous deployment (CI/CD) software...

26
Sep
MPTS2023
September 26, 2023

The NIST workshop on Multi-Party Threshold Schemes (MPTS) 2023 will gather diverse public feedback about...

New scheme ready for Cyber Incident Exercising providers
September 25, 2023

A new Cyber Incident Exercising scheme is now open for organisations to apply to be...

Ukrainian Military Targeted in Phishing Campaign Leveraging Drone Manuals

Ukrainian military entities are the target of a phishing campaign that leverages drone manuals as...

25
Sep
T-Mobile data breach exposes personal customer information
September 25, 2023

Customer payment information and purchase history was visible to other customers...

Watch the Webinar — AI vs. AI: Harnessing AI Defenses Against AI-Powered Risks

Generative AI is a double-edged sword, if there ever was one. There is broad agreement...

25
Sep
Are You Willing to Pay the High Cost of Compromised Credentials?

Weak password policies leave organizations vulnerable to attacks. But are the standard password complexity requirements...

25
Sep
From Watering Hole to Spyware: EvilBamboo Targets Tibetans, Uyghurs, and Taiwanese

Tibetan, Uyghur, and Taiwanese individuals and organizations are the targets of a persistent campaign orchestrated...

25
Sep
New Report Uncovers Three Distinct Clusters of China-Nexus Attacks on Southeast Asian Government

An unnamed Southeast Asian government has been targeted by multiple China-nexus threat actors as part...

25
Sep
Deadglyph: New Advanced Backdoor with Distinctive Malware Tactics

Cybersecurity researchers have discovered a previously undocumented advanced backdoor dubbed Deadglyph employed by a threat actor known...

23
Sep
Apple and Chrome Zero-Days Exploited to Hack Egyptian ex-MP with Predator Spyware

The three zero-day flaws addressed by Apple on September 21, 2023, were leveraged as part of an...

23
Sep
New Variant of Banking Trojan BBTok Targets Over 40 Latin American Banks

An active malware campaign targeting Latin America is dispensing a new variant of a banking...

22
Sep
How to Interpret the 2023 MITRE ATT&CK Evaluation Results

Thorough, independent tests are a vital resource for analyzing provider’s capabilities to guard against increasingly...

22
Sep
Iranian Nation-State Actor OilRig Targets Israeli Organizations

Israeli organizations were targeted as part of two different campaigns orchestrated by the Iranian nation-state...

22
Sep
High-Severity Flaws Uncovered in Atlassian Products and ISC BIND Server

Atlassian and the Internet Systems Consortium (ISC) have disclosed several security flaws impacting their products...

22
Sep
Apple Rushes to Patch 3 New Zero-Day Flaws: iOS, macOS, Safari, and More Vulnerable

Apple has released yet another round of security patches to address three actively exploited zero-day...

22
Sep
Mysterious ‘Sandman’ Threat Actor Targets Telecom Providers Across Three Continents

A previously undocumented threat actor dubbed Sandman has been attributed to a set of cyber attacks targeting...

21
Sep
Researchers Raise Red Flag on P2PInfect Malware with 600x Activity Surge

The peer-to-peer (P2) worm known as P2PInfect has witnessed a surge in activity since late August 2023,...

21
Sep
The Rise of the Malicious App

Security teams are familiar with threats emanating from third-party applications that employees add to improve...

21
Sep
Microsoft SAS misconfiguration causes 38TB data leak
September 21, 2023

The data leaked included Microsoft Teams messages, passwords and private keys...

China Accuses U.S. of Decade-Long Cyber Espionage Campaign Against Huawei Servers

China’s Ministry of State Security (MSS) has accused the U.S. of breaking into Huawei’s servers,...

21
Sep
Cyber Group ‘Gold Melody’ Selling Compromised Access to Ransomware Attackers

A financially motivated threat actor has been outed as an initial access broker (IAB) that...

21
Sep
Ukrainian Hacker Suspected to be Behind “Free Download Manager” Malware Attack

The maintainers of Free Download Manager (FDM) have acknowledged a security incident dating back to...

21
Sep
Beware: Fake Exploit for WinRAR Vulnerability on GitHub Infects Users with VenomRAT

A malicious actor released a fake proof-of-concept (PoC) exploit for a recently disclosed WinRAR vulnerability...

21
Sep
Building on our history of cryptographic research
September 20, 2023

The NCSC has published new cryptographic research on robust cryptography – we explain its significance...

Finnish Authorities Dismantle Notorious PIILOPUOTI Dark Web Drug Marketplace

Finnish law enforcement authorities have announced the takedown of PIILOPUOTI, a dark web marketplace that...

20
Sep
Critical Security Flaws Exposed in Nagios XI Network Monitoring Software

Multiple security flaws have been disclosed in the Nagios XI network monitoring software that could...

20
Sep
What’s Wrong With This Picture? NIST Face Analysis Program Helps to Find Answers
September 20, 2023

Two NIST evaluation studies will help software better detect photo spoofs and image quality issues....

Do You Really Trust Your Web Application Supply Chain?

Well, you shouldn’t. It may already be hiding vulnerabilities. It’s the modular nature of modern...

20
Sep