Hello Cybersecuriters! 🍩

In the world of cybersecurity, this week was marked by a series of intriguing and concerning developments. Let's dive into the highlights.

The United States Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory, AA23-165A, warning organizations about the potential threats posed by the operators behind the notorious LockBit ransomware that have managed to amass a staggering $91 million in ransom payments. These funds were acquired through over 1,700 targeted attacks on organizations across the United States.

Meanwhile, the dark underbelly of cybercrime exposed itself once again, this time with a Pakistani taxi app called Bykea falling victim to a hacking incident. The finger of suspicion pointed towards Indian hackers, illustrating the ongoing tensions between the two countries. However, the incident also shed light on the need for improved cybersecurity measures across all sectors.

Another noteworthy event involved the notorious Clop ransomware gang leaking the data of their first victims. This incident underscored the ever-present threat posed by ransomware attacks, emphasizing the importance of robust cybersecurity protocols and preparedness to mitigate such risks.

Moving onto the international stage, the European Parliament took a stand against spyware by calling for comprehensive investigations and safeguards to prevent its abuse. With the increasing prevalence of surveillance technologies, protecting individual privacy and ensuring accountability become paramount concerns.

In France, the passage of a controversial bill allowing remote phone surveillance sparked privacy concerns among citizens. The legislation's potential impact on personal privacy rights prompted heated debates and discussions around striking the right balance between security and individual liberties.

Furthermore, an alleged Microsoft data breach made headlines as a group identifying themselves as Anonymous Sudan claimed to possess and offer 30 million stolen credentials for sale. This incident highlighted the lucrative nature of stolen data and the persistent threat faced by individuals and organizations alike.

Lastly, the Swedish Authority for Privacy Protection (IMY) has taken action against four companies, CDON, Coop, Dagens Industri, and Tele2, for using Google Analytics to transfer personal data to the United States. With increasing scrutiny around data privacy, the incident reinforced the urgency for companies to prioritize transparency and compliance with evolving regulations.

💻 Malware and Vulnerabilities

• Majority of Fortinet Firewalls Found Vulnerable to CVE-2023-27997

• Criminals target businesses with malicious extension for Meta's Ads Manager and accidentally leak stolen accounts with over 800 victims worldwide

• Chinese Hackers Deploy Microsoft-Signed Rootkit to Target Gaming Sector

• MOVEit Transfer customers warned to patch new critical flaw

📈 Breaches and Incidents

• China-Based Hacker Hijacked EU, US Government Emails 26 Countries Hit by Espionage Group Storm-0558 Through Microsoft Outlook Flaw

• Clop Crime Group Adds 62 Ernst & Young Clients to Leak Sites Victims Include Airline, Banks, Hospitals, Retailers in Canada

• Deutsche Bank AG has confirmed to BleepingComputer that a data breach on one of its service providers has exposed its customers' data in a likely MOVEit Transfer data-theft attack

• Radisson Hotels, major insurance firms become latest MOVEit victims to disclose breaches

• U.S. healthcare giant HCA Healthcare says about 11 million patients’ data may have had their data stolen after a posting on a known cybercrime forum claimed it was selling the data.

• Staff and Patients at the UK's Barts Health NHS Trust Hit With Extortion Threat Wondering if Private Data, Stolen from Their Employer's IT Systems by a Ransomware Gang, Is Going to Be Splurged Online After a Deadline to Prevent Publication Passed.

🚨 Threat Intel & Info Sharing

• Microsoft disclosed an unpatched zero-day vulnerability in multiple Windows and Office products that has been actively exploited in the wild. The issue, tracked as CVE-2023-36884, was exploited by nation-state actors and cybercriminals to gain remote code execution via malicious Office documents.

• Threat actors are targeting NATO and groups supporting Ukraine in a spear-phishing campaign distributing the RomCom RAT.

📊 Trends, Reports, Analysis ​

• VMware warned customers of the availability of an exploit code for the critical RCE vulnerability CVE-2023-20864 in the VMware Aria Operations for Logs analysis tool (formerly vRealize Log Insight).

⚖️ Laws, Policy, Regulations

• Recently the French government passed a controversial bill granting power to authorities to remotely access cameras, microphones, and GPS on individual phones for the intent of surveillance.

• The European Supervisory Authorities (EBA, EIOPA and ESMA – the ESAs) launched today a public consultation on the first batch of policy products under the Digital Operational Resilience Act (DORA). This includes four draft regulatory technical standards (RTS) and one set of draft implementing technical standards (ITS). These technical standards aim to ensure a consistent and harmonised legal framework in the areas of ICT risk management, major ICT-related incident reporting and ICT third-party risk management. The consultation runs until 11 September 2023.

• President Biden lays out plans for implementing US National Cybersecurity Strategy which is being described as a ‘living document’ that will take into account current and ongoing cybersecurity threats.

😊 Picture of the week

We hope you enjoyed your weekly digest! ☕🥮If you want to sponsor our next edition or advertise on our site, drop us an email to [email protected].

If you liked our content, be a part of our Cybersecurity journey, then you can get updates on our The Cybersecurity Club site, and why not consider joining our Discord Community or our LinkedIn Group.

Thank you for being a part of our newsletter community. Stay informed, stay inspired, and stay connected. Until next time!