First, we have this “human error” mistake with email to report today. Hamish McNeilly reports: An email containing the names of vulnerable children was mistakenly sent to other parents and guardians, prompting an apology from Te Whatu Ora Southern. Dozens of parents and guardians received the email on Tuesday from the Vera Haywood Centre, a…
CISA Advisory: Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells
Release Date: July 20 Alert Code: AA23-201A Summary The Cybersecurity and Infrastructure Security Agency (CISA) is releasing this Cybersecurity Advisory to warn network defenders about exploitation of CVE-2023-3519, an unauthenticated remote code execution (RCE) vulnerability affecting NetScaler (formerly Citrix) Application Delivery Controller (ADC) and NetScaler Gateway. In June 2023, threat actors exploited this vulnerability as…
Clop gang to earn over $75 million from MOVEit extortion attacks
Lawrence Abrams takes us through a recent Coveware report on Clop’s shifting strategies and how recent trends in exfiltration-only have impacted the amount of ransom victims are paying. Read his article on BleepingComputer. Related: Coveware: Ransom Monetization Rates Fall to Record Low Despite Jump In Average Ransom Payments
How we tried to book a train ticket and ended up with a databreach with 245,000 records
To celebrate Franco-German friendship, German Transport Minister Wissing and his French counterpart Beaune came up with something special: 30,000 free Interrail tickets per country for travel in Germany and France for young adults between 18 and 27. Codename: “Passe France Allemagne” However, many things went wrong when the Interrail passes were distributed. In the following, we want…
WormGPT: Cybercriminals AI Tool Gained Over 5,000 Subscribers in Just a Week
Tushar Subhra Dutta reports: The revolutionary innovations by AI (Artificial Intelligence) include generative AI that has various creative potential, but along with that it also raises serious concerns with malicious tools like WormGPT. Since it’s a powerful generative AI-based tool, WormGPT enables attackers to create their own custom hacking tools that pose major cybersecurity challenges. Just after…
SEC to Consider Cyber Rules Next Week
Micaela McMurrough, Ashden Fein, David H. Engvall, Caleb Skeath, Kerry Burke, and Shayan Karbassi of Covington and Burling write: According to a recently-released meeting agenda, the Securities and Exchange Commission’s (“SEC”) upcoming July 26, 2023 meeting will include consideration of adopting rules to enhance disclosures regarding cybersecurity risk management, governance, and incidents by publicly traded companies….