Hello Cybersecuriters! 🍩

Let's dive into this week’s cybersecurity highlights. If you would like to be a sponsor, then do reach out to us on [email protected]

A new vulnerability in OpenSSH has been discovered, putting Linux systems at risk. Security experts are urging users to update their OpenSSH installations immediately to avoid potential exploitation by hackers.

In a concerning data breach incident, the database and private chats of BreachForums, a popular hacker forum, are up for sale on the dark web. This breach highlights the importance of robust security measures to safeguard sensitive information.

The Cybersecurity and Infrastructure Security Agency (CISA) has identified a flaw in Ivanti Endpoint Manager that could leave organizations vulnerable to cyberattacks. Organizations using this software are advised to apply the available patch promptly.

💻 Malware and Vulnerabilities

• A recent attack against Microsoft's email infrastructure by a Chinese nation-state actor referred to as Storm-0558 is said to have a broader scope than previously thought.

• Apple has rolled out security updates to iOS, iPadOS, macOS, tvOS, watchOS, and Safari to address several security vulnerabilities, including one actively exploited zero-day bug in the wild.

• A new exploit technique targeting a recent Citrix Application Delivery Controller (ADC) and Gateway vulnerability can be used against thousands of unpatched devices, cybersecurity firm Bishop Fox claims.

📈 Breaches and Incidents

• Telekom Malaysia Data Breach – Malaysia faced another data breach, highlighting the challenges in securing its vast digital landscape.

• Government services provider Maximus this week revealed that the personal information of up to 11 million individuals was stolen in the MOVEit cyberattack earlier this year.

• Several UK NHS ambulance organizations have been struggling to record patient data and pass it to other providers following a cyber-attack aimed at health software company Ortivus.

🚨 Threat Intel & Info Sharing

• More than half of all cyberattacks on government agencies, critical infrastructure organizations and state-level government bodies involved the use of valid accounts, according to a new report from the Cybersecurity and Infrastructure Security Agency (CISA).

• CISA and Partners Release Joint Cybersecurity Advisory on Preventing Web Application Access Control Abuse where these vulnerabilities are frequently exploited by malicious actors in data breach incidents and have resulted in the compromise of personal, financial, and health information of millions of users and consumers.

• First Known Targeted Open Source Software Supply Chain Attacks Against The Banking Sector. These attacks were discovered in the first half of 2023, showcasing advanced techniques used by attackers, such as the targeting of specific components in web assets of a victim bank by attaching malicious functionalities to them

📊 Trends, Reports, Analysis ​

• Threat actors are showing an increased interest in generative artificial intelligence tools, with hundreds of thousands of OpenAI credentials for sale on the dark web and access to a malicious alternative for ChatGPT.

⚖️ Laws, Policy, Regulations

• Supply chain compromise, open-source technology and rapid advances in artificial intelligence capabilities pose significant challenges to safeguarding AI, experts told a Senate panel Tuesday.

😊 Picture of the week

We hope you enjoyed your weekly digest! ☕🥮If you want to sponsor our next edition or advertise on our site, drop us an email [email protected].

If you liked our content, and be a part of our Cybersecurity journey, then you can get updates on our The Cybersecurity Club site, and why not consider joining our Discord Community or our LinkedIn Group.

Thank you for being a part of our newsletter community. Stay informed, stay inspired, and stay connected. Until next time!