'CitrixBleed' Linked to Ransomware Hit on China's State-Owned Bank
Meanwhile, CISA joins the call to patch CVE-2023-4966 immediately amid reports of mass-exploit activity; at least 5,000 orgs remain exposed.
https://www.darkreading.com/vulnerabilities-threats/ransomware-hit-china-owned-bank-citrixbleed-flaw
State of Maine Becomes Latest MOVEit Victim to Surface
The state said 1.3 million individuals have been affected by this breach, which includes Social Security numbers and taxpayer information.
https://www.darkreading.com/attacks-breaches/state-maine-latest-moveit-victim
Leaky DICOM Medical Standard Exposes Millions of Patient Records
A 30-year-old, rarely updated protocol for medical devices has exposed reams of highly personal data, thanks to a lack of proper security throughout owner environments.
https://www.darkreading.com/risk/leaky-dicom-medical-protocol-exposes-millions-patient-records
ChatGPT: OpenAI Attributes Regular Outages to DDoS Attacks
ChatGPT and the associated APIs have been affected by regular outages, citing DDoS attacks as the reason — the Anonymous Sudan group claimed responsibility.
https://www.darkreading.com/attacks-breaches/chatgpt-openai-attributes-regular-outages-ddos-attacks
'Shields Ready' Critical Infrastructure Initiative Addresses Inevitable Cyberattack
A cyberattack is coming, disasters are certain, and the US government wants critical infrastructure firms ready to handle any disruption. Welcome to Shields Ready.
https://www.darkreading.com/ics-ot/shields-ready-initiative-inevitable-cyberattacks
Microsoft: Iran's Cyberattacks on Israel Exaggerated & Fabricated
Despite claims to the contrary, Iranian cyberattackers have been less strategic and more opportunistic over the last month as the Israel-Hamas war continues.
https://www.darkreading.com/dr-global/microsoft-iran-cyberattacks-israel-exaggerated-fabricated
Navigating Tech Risks in Modern M&A Waters
Executives must rise to the challenge and take immediate action to grasp the intricacies of data, technology, and infrastructure within M&A.
https://www.darkreading.com/risk/navigating-tech-risks-modern-m-a-waters
First Wave of Vulnerability-Fixing AIs Available for Developers
GitHub joins a handful of startups and established firms in the market, but all the products are essentially "caveat developer" — let the developer beware.
https://www.darkreading.com/emerging-tech/first-wave-vulnerability-fixing-ai-available-developers
MOVEit Hackers Pivot to SysAid Zero-Day in Ransomware Attacks
The Clop ransomware group is actively exploiting a SysAid zero-day flaw after running rampant through enterprise systems using MOVEit file transfer bug.
https://www.darkreading.com/attacks-breaches/moveit-hackers-sysaid-zero-day-ransomware
'BlazeStealer' Python Malware Allows Complete Takeover of Developer Machines
Checkmarx researchers warn that BlazeStealer can exfiltrate information, steal passwords, disable PCs, and take over webcams.
What We Can Learn from Major Cloud Cyberattacks
Analysis of six major cloud incidents shows how some common mistakes can lead to serious consequences.
https://www.darkreading.com/dr-global/what-we-can-learn-from-major-cloud-cyberattacks
Treasury Markets Disrupted by ICBC Ransomware Attack
The US Treasury states that it is in contact with financial regulators as it monitors the breach.
https://www.darkreading.com/attacks-breaches/treasury-markets-disrupted-from-icbc-ransomware-attack
When Good Security Awareness Programs Go Wrong
Avoid making these mistakes when crafting a security awareness strategy at your organization.
https://www.darkreading.com/edge-articles/when-good-security-awareness-programs-go-wrong
How to Outsmart Malware Attacks That Can Fool Antivirus Protection
One of the main challenges for Android users is protecting themselves malicious applications that can damage devices or perform other harmful actions.
Imperial Kitten APT Claws at Israeli Industry With Multiyear Spy Effort
The Iran-linked group uses redirected websites to compromise victims and exfiltrate data in a campaign over 2022 and 2023.
https://www.darkreading.com/dr-global/imperial-kitten-israeli-industry-multiyear-spy-effort
Worldwide Hacktivists Take Sides Over Gaza, With Little to Show for It
Keyboard warriors are claiming to contribute to the Gaza war with OT attacks. You should be skeptical.
https://www.darkreading.com/dr-global/worldwide-hacktivists-take-sides-over-gaza-with-little-show
There's Only One Way to Solve the Cybersecurity Skills Gap
The cybersecurity skills gap is making businesses more vulnerable, but it won't be fixed by upskilling high-potential recruits alone.
https://www.darkreading.com/operations/there-s-only-one-way-to-solve-the-cybersecurity-skills-gap
Sandworm Cyberattackers Down Ukrainian Power Grid During Missile Strikes
A premier Russian APT used living-off-the-land techniques in a major OT hit, raising tough questions about whether or not we can defend against the attack vector.
https://www.darkreading.com/ics-ot/sandworm-cyberattackers-ukrainian-power-grid-missile-strikes
Evasive Jupyter Infostealer Campaign Showcases Dangerous Variant
The attacks are another manifestation of the concerning rise in information stealers for harvesting data and enabling persistent access to enterprise networks.
https://www.darkreading.com/attacks-breaches/evasive-jupyter-infostealer-campaign-dangerous-variant
Ransomware Mastermind Uncovered After Oversharing on Dark Web
Meet "farnetwork," one of the most prolific RaaS operators around, who spilled too many details during an affiliate "job interview."
https://www.darkreading.com/threat-intelligence/ransomware-mastermind-uncovered-oversharing-dark-web