Cybersecurity Daily: September 8, 2023

Your daily dose of relevant cybersecurity advisories, industry news, and product updates for September 8, 2023.

Advisories

• Apple patches two zero-days under attack (CVE-2023-41064, CVE-2023-41061)
• A malvertising campaign is delivering a new version of the macOS Atomic Stealer
• Cisco BroadWorks impacted by critical authentication bypass flaw
• Cisco ASA Zero-Day Exploited in Akira Ransomware Attacks
• Zero-Day Alert: Latest Android Patch Update Includes Fix for Newly Actively Exploited Flaw
• Researchers Discover Critical Vulnerability in PHPFusion CMS
• Hackers Target High-Privileged Okta Accounts via Help Desk
• A zero-day in Atlas VPN Linux Client leaks users’ IP address
• 9 Alarming Vulnerabilities Uncovered in SEL’s Power Management Products
• CISA warns of critical Apache RocketMQ bug exploited in attacks
• CISA Warning: Nation-State Hackers Exploit Fortinet and Zoho Vulnerabilities
• Google Looker Studio abused in cryptocurrency phishing attacks
• Multiple ArubaOS vulnerabilities Let Attackers Execute Arbitrary Code

Industry News

• W3LL Store: How a Secret Phishing Syndicate Targets 8,000+ Microsoft 365 Accounts
• Expect SQL Server failures as Microsoft disables old TLS in Windows
• LockBit Leaks Documents Filched From UK Defense Contractor
• Meta Takes Down Thousands of Accounts Involved in Disinformation Ops from China and Russia
• IBM Addresses Data Incident for Janssen CarePath Database
• Google’s Souped-up Chrome Store Review Process Foiled by Data-Stealer
• Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach
• Chinese cyberspies obtained Microsoft signing key from Windows crash dump due to a mistake
• North Korean Hackers Exploit Zero-Day Bug to Target Cybersecurity Researchers
• Dymocks Booksellers suffers data breach impacting 836k customers
• Tesla data breach lawsuit and Johnson and Johnson data breach details
• New quantum random number generator could revolutionize encryption

Products & Service

• Orca’s new LLM tool to help detect Log4j-like exploits
• Hornetsecurity Releases 365 Total Protection Plan 4 for Microsoft 365
• Proofpoint unveils new features to break cyberattack chain
• IBM Expands Cloud Security and Compliance Center
• Perception Point tackles QR code phishing attacks
• Keeper Introduces Major Password Manager Update for iOS

For the latest news on malware and ransomware, check out our latest Weekly Malware Roundup.