Interpol, in collaboration with several global law enforcement agencies, initiated Operation Synergia with the aim of apprehending criminals involved in spreading ransomware and conducting malware and phishing attacks. The operation successfully resulted in the seizure of approximately 1300 suspected IP addresses and URLs engaged in ransomware and banking malware dissemination.
Security researchers from the Israeli firm Cycode discovered that Google Bazel, an open-source software tool used for building server applications in data centers, was vulnerable to command injection attacks. This vulnerability poses a significant threat, potentially impacting millions of projects running on platforms such as Kubernetes, Angular, LinkedIn, Uber, Dropbox, Nvidia, Databricks, and Alphabet Inc’s subsidiary.
The Indian subcontinent has issued a cybersecurity warning to all Apple Inc users, alerting them to potential cyber attacks. The advisory states that hackers can exploit vulnerabilities to steal valuable information by bypassing security measures. Devices affected include Apple TVos versions prior to 17.3, Apple Watches prior to 10.3, Watch series 4 and later, iPhone 6, 7, 8, iPhone SE, iPad Air 2, iPad Mini, iPad Touch, iPhone X, iPad 5th gen, iPad Pro (9.7 and 12.9 inches), MacOS Monterey, and MacOS Ventura.
The BlackCat or ALPHV ransomware group claims responsibility for stealing intellectual information from the Defense Counterintelligence and Security Agency. The group threatens to sell the stolen data to adversaries unless their ransom demands are met. Screenshots from the 300GB of data include documents related to Department of Defense employees, social security numbers, billing invoices, FBI and Air Force contract details, and employee work location and clearance levels. This incident follows the Chinese intelligence attack on FBI Director Chris Wray, raising concerns about data security measures.
The Federal Trade Commission (FTC) has issued a new set of data security and retention policies to Blackbaud, a South Carolina-based company, urging it to enhance information security controls related to the generation and storage of user data through its management software. This policy is a response to Blackbaud’s failure to protect user information in early 2020, resulting in fraudulent access to unencrypted customer data.