Security News
U.S. and international cybersecurity authorities said in a joint LockBit ransomware advisory that the gang successfully extorted roughly $91 million following approximately 1,700 attacks against U.S. organizations since 2020. According to reports received by the MS-ISAC throughout last year, approximately 16% of ransomware incidents affecting State, Local, Tribal, and Tribunal governments were LockBit attacks.
See the NetSPI centralized detective control validation platform in action and learn how it allows companies to create and execute custom procedures using proven technology and expert human penetration testers. Ready to continuously simulate real-world attack behaviors, not just IoCs, and put your detective controls to the test in a way no other organization can? See BAS in action or schedule a 1:1 meeting with the NetSPI BAS team to get started.
Microsoft has released security updates for 78 flaws for June's Patch Tuesday, and luckily for admins, none of these are under exploit. CVE-2023-29357, a Microsoft SharePoint Server Elevation of Privilege Vulnerability, is one that Redmond lists as "Exploitation more likely." This may be because it, when chained with other bugs, was used to bypass authentication during March's Pwn2Own contest.
You can book a DDoS attack on one of countless shady platforms, and then you don't even have to deal with the technology yourself. No matter what, a company's protective measures should always be kept up to date, and you should always question yourself about how well-prepared you are against a DDoS attack - or face severe consequences if you are caught unprepared.
"Dozens" of organizations across the world have been targeted as part of a broad business email compromise campaign that involved the use of adversary-in-the-middle techniques to carry out the attacks. "Following a successful phishing attempt, the threat actor gained initial access to one of the victim employee's account and executed an 'adversary-in-the-middle' attack to bypass Office365 authentication and gain persistence access to that account," Sygnia researchers said in a report shared with The Hacker News.
How? APIs, of course! More formally known as application programming interfaces, API calls are growing twice as fast as HTML traffic, making APIs an ideal candidate for new security solutions aimed at protecting customer data, according to Cloudflare. According to the "Quantifying the Cost of API Insecurity" report, US businesses incurred upwards of $23 billion in losses from API-related breaches in 2022.
Hackers swarm to RDP. An experiment using high-interaction honeypots with an RDP connection accessible from the public web shows how relentless attackers are and that they operate within a daily schedule very much like working office hours. The attack count for the entire year reached 13 million login attempts.
Fortinet says a critical FortiOS SSL VPN vulnerability that was patched last week "May have been exploited" in attacks impacting government, manufacturing, and critical infrastructure organizations. On Friday, Fortinet released security updates to address the vulnerability before disclosing additional details today.
Horizon3 security researchers have released proof-of-concept exploit code for a remote code execution bug in the MOVEit Transfer managed file transfer solution abused by the Clop ransomware gang in data theft attacks. With the release of this RCE PoC exploit, more threat actors will likely move quickly to deploy it in attacks or create their own custom versions to target any unpatched servers left exposed to Internet access.
The Swiss government has disclosed that a recent ransomware attack on an IT supplier might have impacted its data, while today, it warns that it is now targeted in DDoS attacks. Last Tuesday, the Swiss government disclosed that they were impacted by a ransomware attack on Xplain, a Swiss technology provider supplying various government departments, administrative units, and even the country's military force with software solutions.