Security News

Threat actors are exploiting a zero-day vulnerability in the service management software SysAid to gain access to corporate servers for data theft and to deploy Clop ransomware. [...]

OpenAI has been addressing "Periodic outages" due to DDoS attacks targeting its API and ChatGPT services within the last 24 hours. While the company didn't immediately provide any details on the root cause of these incidents, OpenAI confirmed earlier today that they're linked to ongoing distributed denial-of-service attacks.

Russian financial organization Sberbank states in a press release that two weeks ago it faced the most powerful distributed denial of service attack in recent history. Russian outlet Interfax reports that the attack reached one million requests per second, which the organization said was roughly four times the size of the most powerful DDoS Sberbank had experienced up until then.

For SOC teams to be able to defend their organization against ransomware attacks, they need to have the right security toolset, but also an understanding of the three primary ransomware attack stages. Instead, there are often many different indicators of compromise at different stages of the attack that seem benign when looked at individually.

The Pakistan-linked threat actor known as SideCopy has been observed leveraging the recent WinRAR security vulnerability in its attacks targeting Indian government entities to deliver various remote access trojans such as AllaKore RAT, Ares RAT, and DRat. Enterprise security firm SEQRITE described the campaign as multi-platform, with the attacks also designed to infiltrate Linux systems with a compatible version of Ares RAT. SideCopy, active since at least 2019, is known for its attacks on Indian and Afghanistan entities.

Cyber threat maps are one of the most visually engaging tools in the arsenal of cybersecurity professionals. These real-time visualizations provide a global perspective on digital threats, showcasing the intensity and frequency of attacks as they happen.

Attackers are exploiting a recently patched and critical severity Atlassian Confluence authentication bypass flaw to encrypt victims' files using Cerber ransomware. Described by Atlassian as an improper authorization vulnerability and tracked as CVE-2023-22518, this bug received a 9.1/10 severity rating, and it affects all versions of Confluence Data Center and Confluence Server software.

Internet-exposed Apache ActiveMQ servers are also targeted in TellYouThePass ransomware attacks targeting a critical remote code execution vulnerability previously exploited as a zero-day. One week after Apache patched this critical ActiveMQ vulnerability, Huntress Labs and Rapid7 both reported spotting attackers exploiting the bug to deploy HelloKitty ransomware payloads on customers' networks.

Israeli higher education and tech sectors have been targeted as part of a series of destructive cyber attacks that commenced in January 2023 with an aim to deploy previously undocumented wiper malware. "The attacks are characterized by attempts to steal sensitive data, such as personally identifiable information and intellectual property," Palo Alto Networks Unit 42 said in a new report shared with The Hacker News.

Allied Pilots Association, a labor union representing 15,000 American Airlines pilots, disclosed a ransomware attack that hit its systems on Monday. APA said that its IT team and outside experts are working on restoring systems impacted by the ransomware attack from backups, with an initial focus on first bringing back pilot-facing products and tools in the hours and days ahead. The union has launched an investigation led by third-party cybersecurity experts to assess the full extent of the incident and its impact on data stored on compromised systems.