News – March 2023

  • Ransomware Attack Hits Ship-Tracking Firm Royal Dirkzwager

    March 22, 2023

    A team of ransomware hackers have published proprietary inside data allegedly obtained the Dutch shipping intelligence agency Royal Dirkzwager, according to cybsersecurity trade press. The leak purportedly include employee passports, contracts and other sensitive information. The hackers claim to have more data that is yet to be released, reports Security Week. Read more… Source: The Maritime Executive  

  • UK Government sets out strategy to protect NHS from cyber attacks

    March 22, 2023

    The government will provide a plan to promote cyber resilience across the health and care sectors by 2030, protecting both services and patients. New strategy sets out 5 key ways to build cyber resilience in health and care by 2030 Cyber strategy will protect health and adult social care functions and services, which the whole nation depends ...

  • Understanding Cyber Threats in Transport

    March 21, 2023

    This new report maps and analyses cyber incidents in relation to aviation, maritime, railway and road transport covering the period of January 2021 to October 2022. The report brings new insights into the cyber threats of the transport sector. In addition to the identification of prime threats and the analysis of incidents, the report includes an ...

  • China used stolen data to expose CIA operatives in Africa and Europe

    March 21, 2023

    Around 2013, U.S. intelligence began noticing an alarming pattern: Undercover CIA personnel, flying into countries in Africa and Europe for sensitive work, were being rapidly and successfully identified by Chinese intelligence, according to three former U.S. officials. The surveillance by Chinese operatives began in some cases as soon as the CIA officers had cleared passport control. Read ...

  • CISA and NSA Release Enduring Security Framework Guidance on Identity and Access Management

    March 21, 2023

    As part of the Enduring Security Framework (ESF), the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) has released Identity and Access Management Recommended Best Practices Guide for Administrators. These recommended best practices provide system administrators with actionable recommendations to better secure their systems from threats to Identity and Access Management ...

  • Patch CVE-2023-23397 Immediately: What You Need To Know and Do

    March 21, 2023

    CVE-2023-23397 is a critical privilege elevation/authentication bypass vulnerability in Outlook, released as part of the March Patch Tuesday set of fixes. The vulnerability, which affects all versions of Windows Outlook, was given a 9.8 CVSS rating and is one of two zero-day exploits disclosed on March 14. Trend Micro researchers summarize the points that security teams ...

  • Clop ransomware claims Saks Fifth Avenue, retailer says mock data stolen

    March 21, 2023

    The Clop ransomware gang claims to have attacked Saks Fifth Avenue on its dark web leak site. The cyber security incident is among Clop’s ongoing attacks against vulnerable GoAnywhere MFT servers belonging to established enterprises. Although the company states no real customer data is impacted, it did not address if corporate or employee data was stolen. Read ...

  • Australian FinTech takes itself offline to deal with cyber incident that caused data leak

    March 21, 2023

    Latitude Financial has blamed a supplier for leaking creds that caused vast PII leak Australian outfit Latitude Financial has taken itself offline, and even stopped serving customers, while it tries to clean up an attack on its systems. The listed company last week called a halt to trade in its shares and filed news that it ...

  • Hackers mostly targeted Microsoft, Google, Apple zero-days in 2022

    March 20, 2023

    Hackers continue to target zero-day vulnerabilities in malicious campaigns, with researchers reporting that 55 zero-days were actively exploited in 2022, most targeting Microsoft, Google, and Apple products. Most of these vulnerabilities (53 out of 55) enabled the attacker to either gain elevated privileges or perform remote code execution on vulnerable devices. Read more… Source: Bleeping Computer  

  • BianLian ransomware crew goes 100% extortion after free decryptor lands

    March 20, 2023

    The BianLian gang is ditching the encrypting-files-and-demanding-ransom route and instead is going for full-on extortion. Cybersecurity firm Avast’s release in January of a free decryptor for BianLian victims apparently convinced the miscreants that there was no future for them on the ransomware side of things and that pure extortion was the way to go. Read more… Source: The ...

  • Ferrari reports cyber incident with ransom demand; no impact to operations

    March 20, 2023

    Italian luxury sports car maker Ferrari SpA said on Monday that a hacker recently demanded ransom from the company related to certain client contact details, adding that the breach had no impact on the company’s operations. Ferrari said it notified its customers of the potential data exposure and the nature of the incident. Read more… Source: Yahoo! News  

  • New ‘HinataBot’ botnet could launch massive 3.3 Tbps DDoS attacks

    March 19, 2023

    A new malware botnet was discovered targeting Realtek SDK, Huawei routers, and Hadoop YARN servers to recruit devices into DDoS (distributed denial of service) swarm with the potential for massive attacks. The new botnet was discovered by researchers at Akamai at the start of the year, who caught it on their HTTP and SSH honeypots, seen ...

  • Emotet malware now distributed in Microsoft OneNote files to evade defenses

    March 18, 2023

    The Emotet malware is now distributed using Microsoft OneNote email attachments, aiming to bypass Microsoft security restrictions and infect more targets. Emotet is a notorious malware botnet historically distributed through Microsoft Word and Excel attachments that contain malicious macros. If a user opens the attachment and enables macros, a DLL will be downloaded and executed that ...

  • KillNet and affiliate hacktivist groups targeting healthcare with DDoS attacks

    March 17, 2023

    In the last year, geopolitical tension has led to an uptick of reported cybercrime events fueled by hacktivist groups. The US Cybersecurity and Infrastructure Security Agency (CISA) published an advisory to warn organizations about these attacks and teamed with the FBI on a distributed denial-of-service (DDoS) response strategy guide. KillNet, a group that the US ...

  • CISA Releases Eight Industrial Control Systems Advisories

    March 16, 2023

    CISA released eight Industrial Control Systems (ICS) advisories on March 16, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-23-075-01 Siemens SCALANCE, RUGGEDCOM Third-Party ICSA-23-075-02 Siemens RUGGEDCOM CROSSBOW V5.3 Read more… Source: U.S. Cybersecurity and Infrastructure ...