A stealthy China-based group managed to establish a persistent foothold into critical infrastructure organizations in the U.S. and Guam without being detected, Microsoft and the “Five Eyes” nations said on Wednesday.
The tech giant’s threat intelligence team is tracking the activity, which includes post-compromise credential access and network system discovery, under the name Volt Typhoon.
The

The Philadelphia Inquirer says ransomware operators lied when claiming they
stole a trove of data in a cyberattack on the newspaper’s servers.

The Cuba ransomware operation – said to be responsible for more than 100
cyberattacks that resulted in $60 million in extorted payments – claimed
responsibility Tuesday for such an attack on The Philadelphia Inquirer
[https://www.inquirer.com/news/philadelphia-inquirer-ransomware-cuba-fbi-20230523.html]
.

The group alleged it had stolen financial docume

GitLab, the popular web-based DevOps lifecycle platform, is urging its users to
apply a newly released security patch after discovering a high-severity path
traversal vulnerability.

The flaw, tagged as CVE-2023-2825
[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2825], holds maximum
severity status (CVSS score of 10.0) due to its potential impact. It affects
version 16.0.0 of both the GitLab Community Edition (CE) and the Enterprise
Edition (EE).

A cybersecurity researcher called ‘pw

The Iranian threat actor known as Agrius is leveraging a new ransomware strain called Moneybird in its attacks targeting Israeli organizations.
Agrius, also known as Pink Sandstorm (formerly Americium), has a track record of staging destructive data-wiping attacks aimed at Israel under the guise of ransomware infections.
Microsoft has attributed the threat actor to Iran’s Ministry of

Google on Wednesday announced the 0.1 Beta version of GUAC (short for Graph for Understanding Artifact Composition) for organizations to secure their software supply chains.
To that end, the search giant is making available the open source framework as an API for developers to integrate their own tools and policy engines.
GUAC aims to aggregate software security metadata from different sources

Iran-linked threat actor Tortoiseshell targeted shipping, logistics, and financial services companies in Israel with watering hole attacks. ClearSky Cyber Security uncovered a watering hole attack on at least eight Israeli websites belonging to shipping, logistics, and financial services companies and attributed them with low confidence to the Iran-linked APT group Tortoiseshell (aka TA456 or Imperial […]

The post Iran-linked Tortoiseshell APT behind watering hole attacks on shipping and logistics Israeli websites appeared first on Security Affairs.