Cybersecurity Daily: November 2, 2023

Your daily dose of relevant cybersecurity advisories, industry news, and product updates for November 2, 2023.

Alerts & Advisories

• Alert: F5 Warns of Active Attacks Exploiting BIG-IP Vulnerability
• Urgent: New Security Flaws Discovered in NGINX Ingress Controller for Kubernetes
• Critical Atlassian Confluence flaw can lead to significant data loss
• Microsoft Temporarily Disables SketchUp Support After Discovery of 117 Vulnerabilities
• Researchers Find 34 Windows Drivers Vulnerable to Full Device Takeover
• Cisco Patches 27 Vulnerabilities in Network Security Products
• New malware campaign uses MSIX packages to infect Windows PCs
• Safari Side-Channel Attack Enables Browser Theft
• Hackers Weaponize HWP Documents to Attack Defense and Press Sectors
• Google Dynamic Search Ads Abused to Unleash Malware ‘Deluge’
• UAE Cyber Council Warns of Google Chrome Vulnerability
• Elektra-Leak’ Attackers Harvest AWS Cloud Keys in GitHub Campaign
• New macOS ‘KandyKorn’ malware targets cryptocurrency engineers
• Critical Apache ActiveMQ Vulnerability Exploited to Deliver Ransomware
• Cisco AnyConnect SSL VPN Flaw Let Remote Attacker Launch DoS Attack
• Researchers Uncover Wiretapping of XMPP-Based Instant Messaging Service

Cybersecurity News

• Okta discloses a new data breach after a third-party vendor was hacked
• After Major Cloud Hacks, Microsoft Unveils ‘Secure Future Initiative’
• Octo Tempest Group Threatens Physical Violence as Social Engineering Tactic
• Boeing confirms cyberattack amid LockBit ransomware claims
• Researchers Expose Prolific Puma’s Underground Link Shortening Service
• FBI Director Warns of Increased Iranian Attacks
• SEC sues SolarWinds and its CISO for fraudulent cybersecurity disclosures
• US Leads 40-Country Alliance to Cut Off Ransomware Payments
• 28 countries reach landmark agreement on “safe and responsible” AI development
• Canada Bans WeChat and Kaspersky Apps On Government Devices
• AP News Site Hit by Apparent Denial-of-Service Attack
• BlackCat ransomware claims breach of healthcare giant Henry Schein
• Mortgage giant Mr. Cooper hit by cyberattack impacting IT systems
• Hacktivist Activity Related to Gaza Conflict Dwindles
• FSB arrests Russian hackers working for Ukrainian cyber forces
• New CVSS 4.0 vulnerability severity rating standard released

Products & Service

• Samsung Galaxy users to get new Auto Blocker Mobile Security
• ReasonLabs Unveils RAV VPN for Apple iOS
• Red Sift adds protection against phishing, BEC, and brand abuse
• Claroty and Rockwell Automation expand capabilities with SaaS-powered OT security solution
• Enzoic unveils BIN Monitoring to reduce credit card fraud
• SAIC evolves its AI and ML ecosystem to improve government mission outcomes
• OneSpan Trust Vault protects documents against emerging technologies and security threats

For the latest news on malware and ransomware, check out our latest Weekly Malware Roundup.