Take action on the latest cybersecurity events

Cybersecurity advisories and events as they happen, with a clear action you can take.

published: July 24, 2023
Between July 17, 2023, and July 24, 2023, there were 10 advisory/vulnerability events and 24 incident/data breach events, impacting a total of 3,709,686 individuals across various industries, with healthcare being the most affected sector. The weirdest and biggest one is a data breach of dating apps.
The Clop ransomware gang is trying to maximize profit by creating easily accessible websites on the regular internet to leak stolen data from specific victims. This approach aims to increase the pressure on victims to pay the ransom by making the threat of data leakage more immediate and tangible.
Microsoft has attempted to explain that the Storm-0558 breach exposing email organizations, but it seems the issue is much worse - the exploit also exposes Azure Active Directory. Exploiting Azure Active Directory poses a severe risk as it serves as the source of truth for all identity questions and allows threat actors to impersonate accounts in various Microsoft applications. Microsoft is now facing criticism for lack of transparency and requiring customers to pay extra for access to essential audit logs for detection and remediation purposes.
Security researchers discovered Bad.Build, a critical vulnerability in Google Cloud Build, enabling attackers to inject malicious code into container images in the Artifact Registry, posing risks such as malware infections, data manipulation, data theft, and denial-of-service attacks. The flaw is related to default permissions, granting attackers access to audit logs with a list of permissions for all Google Cloud Platform (GCP) accounts, potentially facilitating targeted attacks through spear phishing, social engineering, or exploitation of intermediary targets.
published: July 18, 2023
During the week between July 10, 2023, and July 17, 2023, a total of 16 advisory/vulnerability events and 36 incident/data breach events were witnessed. Two practical knowledge items were shared. The incidents impacted a total of 13,745,120 individuals, with the finance industry being the most affected, followed by government and healthcare with six incidents. Notable vulnerabilities and incidents include exploits targeting ICS systems, Rockwell Automation components, SAP products, and critical data breaches affecting HCA Healthcare, gaming Razer, US government email accounts.
Hos you attack cybersecurity professional? You give them an fake exploit to a vulnerability, then hide malware inside it. A fake proof of concept (PoC) claims to exploit a high-severity flaw CVE-2023-35829 but when executed, installs a Linux password-stealing code.
The MalCare WordPress plugin, along with similar plugins WPRemote and Blogvault, is vulnerable due to its use of broken cryptography for authenticating API requests, allowing attackers who gain access to the shared secret to execute unauthorized commands on connected WordPress sites; a suggested alternative implementation involves using an asymmetric key signing mechanism for improved security.
published: July 10, 2023
It's been a terrible week for number of exposed individuals in data breaches. In the week between July 3, 2023, midnight and July 10, 2023, midnight, there were a total of 8 advisory/vulnerability events and 31 incident/data breach events. The total number of impacted individuals across 13 incidents was 105,223,569 with the largest breach being the Bangladesh e-government website exposes personal data incident exposing 50,000,000 individuals.
published: July 3, 2023
In the week between June 26, 2023, and July 3, 2023, there were 10 advisory/vulnerability events, 31 incident/data breach events, and 1 practical knowledge item shared. The total number of impacted individuals across 11 incidents was 4,320,447, with the largest breach involving the BlackCat gang suspected of hacking NHS trust and exposing 2.5 million individuals. The incidents were predominantly in the healthcare industry, followed by finance, education, government and insurance.
published: June 26, 2023
In the week between June 19, 2023, and June 26, 2023, there were a total of 10 advisory/vulnerability events and 36 incident/data breach events. The incidents impacted a total of 3,745,301 individuals across various industries, with the largest breach affecting 2,500,000 individuals. Among the incidents, the healthcare industry experienced the highest number of incidents with 10, followed by finance with 9 incidents.