Cyber Threat Report: Cyber Security News for 11/03/23

Report Links ChatGPT to 1265% Rise in Phishing Emails
Other key findings include an average of 31,000 daily phishing attacks, with 68% of these identified as text-based BEC. Read More

Atlassian Warns of Exploit for Confluence Data Wiping Bug, get Patching
Atlassian warned admins that a public exploit is now available for a critical Confluence security flaw that can be used in data destruction attacks targeting Internet-exposed and unpatched instances. Read More

Massive MOVEit Hack: 630K+ US Defense Officials’ Emails Breached
Bloomberg reports that the US Department of Justice is amongst the government agencies targeted in the MOVEit Transfer vulnerability exploitation spree. Read More

For the SEC, the Fraud case Against SolarWinds is a Cybersecurity Warning Shot
Legal, risk management and cybersecurity experts say companies are now on notice to prioritize internal controls, investor transparency, and material disclosure requirements. Read More

Probe of School Surveillance Software Finds Privacy Abuses, Inaccurate Results
An investigation into the educational technology company GoGuardian revealed the surveillance software used by schools across the country has routinely invaded students’ privacy and incorrectly flagged non-explicit content as harmful. Read More

Four Dozen Countries Declare they won’t pay Ransomware Ransoms
The coalition aims to encourage members to no longer pay ransoms demanded by criminal hacking groups to discourage attacks from taking place. Read More

Companies Scramble to Integrate Immediate Recovery into Ransomware Plans
More than one-third of companies still do not have a well-rounded, holistic ransomware strategy in place, Immediate recovery is crucial for businesses’ survival. Read More

Mass Exploitation of ‘Citrix Bleed’ Vulnerability Underway
Thousands of Citrix NetScaler ADC and Gateway instances remain unpatched against a critical vulnerability that is being widely exploited, security researchers warn. Read More

Cybersecurity Workforce Shortage Reaches 4 Million Despite Significant Recruitment Drive
Two-thirds of organizations lack the staff needed to prevent and troubleshoot security issues. Read More

Connecticut AG Demands Answers from 23andMe After Data Breach
The attorney general of Connecticut is questioning whether genetic testing giant 23andMe violated data privacy laws after hackers tried to sell the information of millions of 23andMe users on a cybercrime forum last month. Read More

HEADLINE PRIVACY & IT SECURITY COMPLIANCE NEWS

According to a 2023 Phishing Report done by the company, SlashNext, there has been a significant rise in malicious phishing emails since the end of last year. In the report, threats were analyzed across multiple mediums–email, mobile, and browser channels– for over 12 months. The report attributes these trends to the growing role of generative AI, particularly in the creation of sophisticated Business Email Compromise (BEC) and phishing messages, emphasizing the need for enhanced cybersecurity measures and AI-driven solutions.

Atlassian warns administrators of a critical Confluence security vulnerability, CVE-2023-22518, with a 9.1/10 severity rating affecting all Confluence Data Center and Server versions. A public exploit is now available for this vulnerability, enabling data destruction attacks on unpatched instances, though it doesn't allow data theft. Atlassian has released patches and advises immediate upgrades, with mitigation measures recommended for cases where immediate patching is not feasible, including blocking Internet access to unpatched servers.

Get in touch with us to learn more about how the team of experts at JANUS can help protect your business effectively. Follow us on Twitter and LinkedIn.