Two giants of the banking and legal sectors have recently been breached by suspected ransomware actors.  Allen & Overy is one of the UK's "Magic Circle" law firms.  It is believed that LockBit was behind the ransomware attack on Allen & Overy since they are listed on the gang's leak site.  The company stated that investigations to date have confirmed that data in its core systems, including its email and document management system, has not been affected.

Audio deepfakes have raised concerns among cybersecurity experts as scammers increasingly use voice-related Artificial Intelligence (AI) schemes for various malicious activities. With AI-driven audio generation making it challenging to distinguish between real and fake audio, You "Neil" Zhang of the University of Rochester's Audio Information Research (AIR) Lab is developing new audio deepfake detection systems. Zhang is also working on watermarking techniques for the audio generation process that will help identify the source of deepfakes.

According to researchers at Microsoft Threat Intelligence, the Russia-linked Cl0p ransomware group behind the wave of MOVEit Transfer-related attacks has been exploiting a previously unknown bug in the SysAid Information Technology (IT) support software. SysAid is an international software company based in Israel whose products are used by many organizations worldwide. Its software offers help desk, asset management, remote control, patch management, and other services to support IT operations.

The FBI is warning of ransomware threat actors targeting casino servers and using legitimate system management tools to gain network access. To breach casinos, ransomware gangs continue to rely on third-party gaming vendors. According to the agency, new trends include ransomware actors exploiting vulnerabilities in vendor-controlled remote access to casino servers and companies being victimized through legitimate system management tools to elevate network permissions.

According to Aqua Security researchers, attackers could exploit flaws in the vulnerability disclosure process of open-source projects to gather the information they need to launch attacks before patches are made available. The maintainer is aware of "half-day" vulnerabilities, and information about them is publicly available on GitHub or the National Vulnerability Database, but there is still no official fix.

The attorney general of the state of New York recently announced that a medical company has been fined $450,000 over a data breach resulting from a ransomware attack.  According to the New York AG's office, US Radiology Specialists, a major private radiology group, was targeted in a ransomware attack in December 2021.  The incident resulted in the personal and health information of nearly 200,000 patients, including 92,000 New Yorkers, getting compromised.

Jen Easterly, Director of the Cybersecurity and Infrastructure Security Agency (CISA), and Baek Jong-wook, the Republic of Korea's Deputy Director of the National Intelligence Service (NIS), have signed a Memorandum of Understanding (MoU) outlining collaboration areas under the bilateral Cyber Framework signed by President Biden and Republic of Korea President Yoon in April. The Cyber Framework declares cooperation with Korea in CISA mission areas, including sharing technical and operational cyber threat information and best practices in cyber crisis management.

The National Security Agency (NSA), the Office of the Director of National Intelligence (ODNI), the Cybersecurity and Infrastructure Security Agency (CISA), and industry partners have published "Securing the Software Supply Chain: Recommended Practices for Software Bill of Materials Consumption." This Cybersecurity Technical Report (CTR) aims to help software developers, suppliers, and customer stakeholders ensure the integrity and security of software through contractual agreements, software updates, notifications, and vulnerability mitigations.

The US Cybersecurity and Infrastructure Security Agency (CISA) has added the Service Location Protocol (SLP) vulnerability, tracked as CVE-2023-29552 with a CVSS score of 7.5, to its Known Exploited Vulnerabilities (KEV) catalog. The SLP is a legacy service discovery protocol that enables computers and other devices to find services in a local area network without initial configuration. The flaw is a Denial-of-Service (DoS) vulnerability that an unauthenticated, remote attacker can exploit to register arbitrary services.

Russia's Sandworm Advanced Persistent Threat (APT) group used Living-off-the-Land (LotL) techniques to cause a power outage in a Ukrainian city during missile strikes in October last year. Sandworm, which is linked to Russia's Main Center for Special Technologies, has a long history of cyberattacks in Ukraine, including the 2015 and 2016 BlackEnergy-induced blackouts, the NotPetya wiper, and more recent campaigns that overlap with the Ukraine war. This article continues to discuss the Sandworm APT's disruption of power in Ukraine.