News Roundup — July 26th 2023 edition
Welcome to this edition of the “Weekly News Roundup,” where we provide a comprehensive overview of the most significant cybersecurity happenings from across the globe. The MOVEit cyberattack saga continues to unfold, with the victim count now extending into thousands of organizations. Google reports an Apple employee discovered but did not report a zero-day exploit, while the Lazarus hacking group stays busy, with GitHub warning of the group targeting developers with malicious projects and further reports of them hijacking Microsoft IIS servers to spread malware. From a regulatory standpoint, the SEC has made a significant move, now requiring companies to disclose cyberattacks within just four days. As vulnerabilities continue to be exploited, CISA has issued warnings to government agencies to patch the Ivanti bug, while Atlassian has had to patch remote code execution vulnerabilities in Confluence and Bamboo, and a critical zero-day exploit has hit Citrix. The Norwegian government also fell victim to a zero-day flaw attack. Meanwhile, the hunt for Twitter laptop scam artists gains traction, and in an international development, Russia’s cybersecurity chief faces a 14-year jail sentence for treason. Alphv ransomware’s new extortion strategy includes a data leak API, and critical vulnerabilities have been found in MikroTik’s RouterOS. Lastly, a US government contractor reports that the MOVEit hackers accessed health data of at least 8 million individuals. Stay tuned for more updates as we continue to monitor the ever-evolving cybersecurity landscape.
