Cyware Monthly Threat Intelligence

Monthly Threat Briefing • August 1, 2023
Monthly Threat Briefing • August 1, 2023
Significant advancements in cybersecurity measures have been made recently by the U.S. General Services Administration (GSA). It has taken two important steps: enhancing identity verification with a new program and allocating significant funds to fortify the cybersecurity posture of the Department of Labor and Environmental Protection Agency. In a notable move towards enhancing vulnerability assessment, the Forum of Incident Response and Security Teams (FIRST) has publicly launched CVSS 4.0.
In a series of alarming cyber incidents, multiple high-profile organizations have fallen victim to data breaches and cyberattacks, raising concerns over data security. The Egyptian Ministry of Health and Population experienced a massive data breach. Pepsi Bottling Ventures also suffered a significant breach, exposing the sensitive personal, financial, and health data of employees. The North Korean Lazarus hacking group orchestrated a daring $60 million cryptocurrency heist at Alphapo, leaving its mark on the digital world.
Recent cybersecurity incidents exposed significant vulnerabilities across various software systems, raising concerns among organizations and users alike. Ivanti's Endpoint Manager Mobile (EPMM) was targeted by threat actors exploiting highly-critical bugs. Meanwhile, NoEscape, a rebranded version of Avaddon ransomware, wreaked havoc on enterprises through double extortion attacks, encrypting files on Windows, Linux, and VMWare ESXi servers. The emergence of new malware variants like Abyss Locker and CherryBlos/FakeTrade further added to the complexity of the cybersecurity landscape.