Simon Hendery reports: Evidence suggests the notorious Qakbot malware gang continued staging cyberattacks in August, even as authorities seized its‘ infrastructure and dismantled the formidable botnet it had built up over several years. Before the FBI-led operation that took down the botnet, QakBot (also known as “QBot,” “QuackBot” and “Pinkslipbot”) was the most common malware…
NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations
Alert Code AA23-278A EXECUTIVE SUMMARY The National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint cybersecurity advisory (CSA) to highlight the most common cybersecurity misconfigurations in large organizations, and detail the tactics, techniques, and procedures (TTPs) actors use to exploit these misconfigurations. Through NSA and CISA Red and Blue…
HC3: Monthly Cybersecurity Vulnerability Bulletin
October 05, 2023 TLP:CLEAR Report: 202310051200 September Vulnerabilities of Interest to the Health Sector In September 2023, vulnerabilities to the health sector have been released that require attention. This includes the monthly Patch Tuesday vulnerabilities released by several vendors on the second Tuesday of each month, along with mitigation steps and patches. Vulnerabilities for September…
Record Numbers of Ransomware Victims Named on Leak Sites
James Coker reports: The number of victims named on ransomware leak sites reached “unprecedented levels” in the four months from March to June 2023, according to Secureworks’ 2023 State of the Threat report. At current levels, 2023 is on course to be the biggest year on record for victim naming on so-called ‘name and shame’ sites since…
Data of 900 Hongkongers exposed after hackers breach WhatsApp accounts of social services and schools
Connor Mycroft reports: Almost 900 Hong Kong people were victims of data breaches over the last month after fraudsters hijacked the WhatsApp accounts of social services and schools, the city’s privacy commissioner revealed on Thursday. The Office of the Privacy Commissioner for Personal Data said that fraudsters had hacked the WhatsApp accounts of five social welfare services…
Blackbaud settles breach probe by states for nearly $50M
Steven Ardary reports: A South Carolina software company has agreed to a multi-million dollar settlement for a 2020 ransomware event that exposed the personal information of millions of consumers in the United States. South Carolina Attorney General Alan Wilson announced that Blackbaud would pay $49.5 million to states settling allegations that the company violated state…