Suspected nation-state threat actors have been exploiting two zero-day vulnerabilities in Ivanti Connect Secure VPN appliances to gain backdoor access to targeted devices.

The Medusa ransomware group has escalated its activities by introducing a dedicated leak site called the Medusa Blog, where they disclose sensitive data from non-compliant victims.

The vulnerability (CVE-2023-7028) allows attackers to reset passwords through unverified email addresses, affecting all self-managed instances of GitLab Community Edition and Enterprise Edition.

The Phemedrone Stealer campaign exploits the Windows Defender SmartScreen Bypass vulnerability (CVE-2023-36025) to infect users and steal data from web browsers, cryptocurrency wallets, and messaging apps.

The settlement includes reimbursement for out-of-pocket losses, credit monitoring, identity theft insurance, and a cash settlement payment for affected individuals, with an additional payment for California residents.

Lush has taken immediate steps to secure and screen all systems in order to contain the incident and limit its impact on their operations, while also informing relevant authorities about the incident.

The most active ransomware groups in 2023 included AlphV, BianLian, Clop, LockBit 3.0, and Play, with AlphV being the most prolific and receiving substantial ransom payments.

Water for People, a nonprofit focused on improving access to clean water, has been targeted by the Medusa ransomware group, highlighting the vulnerability of even non-profit organizations to cyberattacks.

APIs are being used more than ever by businesses to build and provide better sites, apps, and services to consumers. However, if APIs are not managed or secured properly, they can be exploited by hackers to steal sensitive information.

Volt Typhoon is using compromised routers as a command-and-control network and deploying a new web shell called “fy.sh” on targeted Cisco routers, indicating a highly active and sophisticated operation.