10/27/23: Ransomware gangs, data breaches & more

Here are this week's security highlights:

Agencies seeing steep decrease in known exploited vulnerabilities

A catalog of exploited vulnerabilities run by the top cybersecurity agency in the U.S. is having a significant effect on the security of federal civilian agencies, according to Congressional testimony from a senior official. The Cybersecurity and Infrastructure Security Agency (CISA) has run its Known Exploited Vulnerabilities (KEV) catalog for more than two years, and it has quickly become the go-to repository for vulnerabilities actively being exploited by hackers worldwide.

SIM swappers work directly with ransomware gangs

In a highly unusual marriage in the cybercrime underground, English-speaking members of “the Comm,” a wide-spanning entity that includes SIM swappers and physically violent criminals, are working with the Eastern European ransomware group called ALPHV, two cybersecurity industry sources told 404 Media . 404 Media granted the sources anonymity to speak more candidly about developments in the cybercrime ecosystem. ALPHV is connected to the recent hack of MGM casinos.

Cloudflare sees surge in hyper-volumetric HTTP DDoS attacks

A Cloudflare report shared with BleepingComputer reveals that, during Q3 2023, the internet company mitigated thousands of hypervolumetric HTTP DDoS attacks. Over 89 of these attacks exceeded 100 million requests per second (rps), and the largest one peaked at 201 million rps, three times larger than the previous record, which occurred in February 2023.

Google expands Vulnerability Rewards Program

With artificial intelligence the biggest thing in technology in years, attackers and other miscreants increasingly use AI to improve their attack techniques. In response to the rising threat, 谷歌 announced an expansion of its Vulnerability Rewards Program to encompass threats specific to generative artificial intelligence. Also announced were two new ways to strengthen the AI open-source supply chain.

Okta's most recent data breach

The scope and scale of Okta 's most recent breach are still coming together as new customers share details about how they were targeted. On Oct. 20, Okta said a hacker had used a stolen password to access the company's support case management system. Hackers collected customers' HTTP archive, or HAR files, which Okta's support team uses to replicate customers' problems when they call for support. These files include authentication cookies and session tokens, which allow hackers to impersonate users on a legitimate network.

Subscribe for weekly security highlights!

If you're attending Kubecon, here are all the ways to find us :)