News – October 2023

October 26, 2023

A group of academic researchers has developed a speculative execution attack named “iLeakage” that can extract sensitive data, such as passwords and emails, on recent Apple devices via the Safari web browser. iLeakage has been developed by a team of academics from Georgia Tech, the University of Michigan, and Ruhr University Bochum after extensive examination of ...

October 26, 2023

Kansas officials are calling a massive computer outage that’s kept most of the state’s courts offline for two weeks a “security incident” and, while they have provided no explanation, experts say it has all the hallmarks of a ransomware attack. The disruption has left attorneys unable to search online records and forced them to file motions ...

October 26, 2023

Zhang Hongliang, a former restaurant manager in central China, took various gigs in and outside China to support his family after losing his job during the COVID-19 pandemic. In March, a job offer to teach Chinese cooking at a restaurant led him into a cyber scam compound in Myanmar, where he was instead ordered to ...

October 26, 2023

The Department of Homeland Security (DHS) and Federal Bureau of Investigation (FBI) are issuing this Public Service Announcement to highlight potential threats in the United States from a variety of actors in response to the HAMAS attacks on Israel on 7 October and subsequent activities in the region, including additional calls by foreign terrorist organizations ...

October 26, 2023

It’s just another cryptocurrency miner… Nobody would even suspect the mining malware was merely a mask, masquerading behind an intricate modular framework that supports both Linux and Windows. It comes equipped with a built-in TOR network tunnel for communication with command servers, along with update and delivery functionality through trusted services such as GitLab, GitHub, ...

October 25, 2023

Based on Okta’s statement on October 20 regarding a recent security breach, it has been determined that the threat actor successfully gained access to Okta’s customer support system. Once inside the system, the threat actor was able to view files uploaded by Okta customers in relation to recent support cases with valid session tokens. By ...

October 25, 2023

Microsoft has been tracking activity related to the financially motivated threat actor Octo Tempest, whose evolving campaigns represent a growing concern for organizations across multiple industries. Octo Tempest leverages broad social engineering campaigns to compromise organizations across the globe with the goal of financial extortion. With their extensive range of tactics, techniques, and procedures (TTPs), ...

October 25, 2023

Mystic Stealer is a relatively new downloader and information stealer that emerged in early 2023. The malware harvests data from a large number of web browsers and cryptocurrency wallet applications. Mystic can also be used to steal Steam game credentials and arbitrary files from an infected system. Mystic stands out for the level of obfuscation ...

October 25, 2023

Cyber Security & Cloud Expo Global, one of the most highly anticipated events in the tech and cyber community, is back, and it promises to be bigger and more transformative than ever. Scheduled to take place from November 30th to December 1st, 2023, at the renowned Olympia London, this event is set to bring together over ...

October 24, 2023

This Zscaler ThreatLabz blog serves as a brief synopsis of the key points revealed in their 2023 Enterprise IoT and OT Threat Report. The report explores the growth of Internet of Things (IoT) device traffic and IoT malware attacks, in addition to how legacy vulnerabilities, targeted devices, and specific industries have become central players in the ...