Cybersecurity Daily: August 30, 2023

Your daily dose of relevant cybersecurity advisories, industry news, and product updates for August 30, 2023.

Advisories

• VMware Aria vulnerable to critical SSH authentication bypass flaw
• Threat actors started exploiting Juniper flaws shortly after PoC release
• Hacking campaign bruteforces Cisco VPNs to breach networks
• High-Severity Memory Corruption Vulnerabilities Patched in Firefox, Chrome
• Unpatched Citrix NetScaler Devices Targeted by Ransomware Group FIN8
• DreamBus malware exploits RocketMQ flaw to infect servers
• Roblox and Rust Developers Targeted With Malicious Packages
• China-Linked BadBazaar Android Spyware Targeting Signal and Telegram Users
• Threat Actors Abuse Google Groups to Send Fake order Notifications
• Attackers can discover IP address by sending a link over the Skype mobile app
• BGP Flaw Can Be Exploited for Prolonged Internet Outages

Industry News

• U.S. Hacks QakBot, Quietly Removes Botnet Infections
• Ransomware Campaign Targeting MOVEit Impacts 60 Million People
• Barracuda Email Hack leaks government emails in America
• Meta Cripples China’s Signature ‘Spamouflage’ Influence Op
• University of Michigan shuts down network after cyberattack
• Suspected Met Police data breach potentially exposes sensitive officer, staff information
• PurFoods Mom’s Meals Reports Data Breach Exposing Social Security Numbers of Over 1.2 Million Consumers
• Two Men Arrested Following Poland’s Railway System Signals Hack
• Hackers infiltrated Japan’s National Center of Incident Readiness and Strategy for Cybersecurity (NISC) for months
• Genworth Financial Under Investigation for Data Breach
• Kroll Employee SIM-Swapped for Crypto Investor Data
• Two LAPSUS$ Hackers Convicted in London Court for High-Profile Tech Firm Hacks
• “Earth Estries” Cyberespionage Group Targets Government, Tech Sectors

Products & Service

• Microsoft adds HSTS support to Exchange Server 2016 and 2019
• Google Cloud announces Duet AI enhancements for Mandiant, Chronicle
• Meter collaborates with Cloudflare to launch DNS Security
• GitHub Enterprise Server Gets New Security Capabilities
• Tenable unveils web application and API scanning capabilities for Nessus Expert
• MixMode enhances Generative AI Platform to improve threat detection
• ComplyCube Field Redaction removes sensitive fields from documents

For the latest news on malware and ransomware, check out our weekly Malware Roundup.