Daily Cybersecurity Update, June-30, 2023

infosecbulletin Friday , June 30 2023 Daily Security Update

LockBit is back in the headlines as one of its sub-groups claimed to have attacked the world’s largest chip maker – TSMC. It has asked for a hefty ransom, the refusal of which would lead to the publishing of stolen data. Speaking of ransomware attacks, the University of Manchester breach also impacted over a million NHS patients, including records of patients who have suffered major trauma. Moving on to another critical news, researchers have recorded a massive surge in the exploitation of remote servers. Without much ado, here’s everything you need to know from the last 24 hours.

National Hazard Agency, a LockBit ransomware sub-group, claims to have hacked Taiwan Semiconductor Manufacturing Company (TSMC) and is demanding a ransom of $70 million. The deadline for payment is August 6.
A ransomware attack on the University of Manchester compromised the NHS patient data set of 1.1 million patients across 200 hospitals. The information includes NHS numbers, records of trauma patients, and the first three letters of patients’ postcodes.
The number of individuals impacted by hackers exploiting vulnerabilities in the MOVEit software has surpassed 16 million. This number is expected to rise significantly. Additionally, 158 organizations have disclosed falling victim to the exploitation of the flaw by the Cl0p ransomware gang.
A threat group claiming affiliation with the Wagner Group launched a cyberattack on Russian satellite communications provider Dozor-Teleport. The group leaked 700 files, including documents and images, allegedly belonging to the company.
MITRE has released a list of the top 25 most dangerous vulnerabilities in software. The list was created by analyzing 43,996 CVE entries from NIST’s National Vulnerability Database (NVD).
The pro-Russian crowdsourced DDoS project, named DDoSia, experienced a massive 2,400% growth in less than a year. The project now has over 10,000 participants conducting attacks on Western organizations, according to Sekoia.
MIT researchers developed the Metior framework that provides a quantitative assessment of cybersecurity obfuscation schemes. The framework can help engineers evaluate the effectiveness of different security approaches.
A new report by ReliaQuest recorded almost 5,000 instances of remote server exploitation, including RDPs and VPNs. This makes it the most commonly used attack technique in 2022.
Network assurance firm IP Fabric raised $25 million in a Series B funding round. The round was led by One Peak, with participation from Senovo and Presto Ventures.
Israel-based application security platform Nokod Security announced a $8 million seed-stage funding round. The round was led by Acrew Capital, with investment from Meron Capital and Flint Capital.