Cyber Threat Report: Cyber Security News for 10/20/23

Tens of Thousands of Cisco Devices Hacked via Zero-Day Vulnerability
The vulnerability carries the highest severity CVSS score possible of 10 and Cisco said it would “grant an attacker full administrator privileges, allowing them to effectively take full control of the affected router. Read More

CISA, FBI Urge Admins to Patch Atlassian Confluence Immediately
CISA, FBI, and MS-ISAC warned network admins today to immediately patch their Atlassian Confluence servers against a maximum severity flaw actively exploited in attacks. Read More

Over 40,000 Admin Portal Accounts Use 'admin' As A Password
REALLY? Shame on you! Security researchers found that IT administrators are using tens of thousands of weak passwords to protect access to portals, leaving the door open to cyberattacks on enterprise networks. Read More

New Jersey Appellate Court Rejects Insurers' Attempt to Expand Scope of the War Exclusions to Cyber Claims
New Jersey Appellate Division rejected the insurers’ attempt to deny coverage and held that the hostile/warlike action exclusion did not apply to non-military, cyber-attack claims. Read More

Cyber Liability: CISOs Must Be Prepared for Accountability
Panel Discusses Strategies for CISOs to Navigate Executive Liability. Read More

FBI Boss Slams ‘Unprecedented’ Chinese Cyberespionage and IP Theft
The domestic intelligence chiefs of the Five Eyes alliance warned businesses that they were seeing a “sharp rise” in attempts by hostile states to steal intellectual property. Read More

Beware The Cost Traps That Can Strain Precious Cybersecurity Budgets
Many products now have charging structures that are very complex, and while the basic version of a solution may look relatively attractive, it is not uncommon that the more advanced features -- often the features the CISO requires -- are charged at additional rates. Read More

US Data Compromises Hit All-Time High
Supply-chain attacks and zero-day exploits, such as the widespread attacks against the MOVEit file-transfer service are surging. More than 2,100 organizations filed data breach notices through the first nine months of 2023, beating the previous record of 1,862 data compromises in 2021. Read More

Research: Cyber Chiefs Don't Trust Their Own Defenses
According to the latest Ernst & Young (EY) figures, only one in five (20%) cybersecurity leaders are confident in their organization’s approach to cybersecurity. Read More

Californian It Company Dna Micro Leaks Private Mobile Phone Data
Hundreds of thousands of clients who opted in for a screen warranty were exposed. Other companies affected by the leak included screen protectors and phone case manufacturers, such as Liquipel and Otterbox. Read More

HEADLINE PRIVACY & IT SECURITY COMPLIANCE NEWS

FBI Director Christopher Wray, speaking at a meeting of Western intelligence agency leaders, has called China's theft of intellectual property through cyber espionage an "unprecedented threat" to global innovation. Wray stressed that China's cyber intrusions and hacking program far exceeded those of any other nation. He also expressed concerns about China's focus on acquiring technology advantages in emerging fields, particularly its use of AI to enhance cyberespionage efforts.

The CISA, FBI, and MS-ISAC have issued a warning to network administrators to immediately patch their Atlassian Confluence servers due to a critical privilege escalation flaw (CVE-2023-22515) actively exploited in attacks. This flaw affects Confluence Data Center and Server versions 8.0.0 and later and can be remotely exploited without user interaction. Atlassian had previously advised users to upgrade to fixed versions or isolate affected instances from the internet after it was identified as a zero-day vulnerability. A Chinese-backed threat group, Storm-0062, has been exploiting this flaw since September 14th of this year. The advisory suggests that widespread exploitation of unpatched Confluence instances may occur, emphasizing the urgency of applying the updates.

Get in touch with us to learn more about how the team of experts at JANUS can help protect your business effectively. Follow us on Twitter and LinkedIn.