Last seen on November 2nd, 8Base is a ransomware collective that initiated its operations in April 2022. Despite its relatively short time in the cyber landscape, the group has swiftly garnered a reputation for its forceful strategies and the substantial volume of victims it has affected. Its primary focus centers on small and medium-sized businesses (SMBs) across diverse sectors such as business services, retail, finance, manufacturing, and information technology.

On October 31st, Atlassian disclosed a significant security vulnerability tracked as CVE-2023-22518, affecting all versions of Confluence Data Center and Confluence Server software. This vulnerability, rated with a critical severity score of 9.1 in the Common Vulnerability Scoring System (CVSS), has the potential to result in substantial data loss if exploited by threat actors. Its critical nature arises from its capacity to inflict severe consequences on an organization’s data integrity.

One of the ransomware rising stars (or should we say villians) of 2023 has been Akira. It was first discovered in March 2023 and since then Akira has already compromised at least 63 victims. Interestingly, Akira is offered as a ransomware-as-a-service and preliminary research suggests a connection between the Akira group and threat actors associated with the notorious ransomware operation Conti.

Cyberint’s holistic approach offers unmatched visibility, in-depth threat insights, and continuous risk monitoring with an unparalleled market understanding, according to Frost & Sullivan. Tel Aviv, Israel – November 1st, 2023 – Cyberint, the leader in impactful intelligence, is proud to announce that it has been recognized as the “Company of the Year” in the Global External Risk Mitigation & Management (ERMM) industry by Frost and Sullivan.

When it comes to cybersecurity in Asia today, some of the key threats that organizations face – like ransomware and phishing – are consistent risks that all cybersecurity teams are surely familiar with. But others are more fluid and may evolve rapidly. Cyberattacks related to hacktivism, for example, are a growing threat in the APAC region, and generative AI technology is also impacting Asia cybersecurity challenges in novel ways.

Okta, a provider of identity and authentication management services, reported that threat actors were able to access private customer data by obtaining credentials to its customer support management system. According to Okta’s Chief Security Officer, David Bradbury, the threat actor had the capability to view files uploaded by specific Okta customers in recent support cases.

A critical vulnerability, known as CVE-2023-46747, has been discovered in the widely used F5 BIG-IP Configuration Utility. This vulnerability has been assigned a CVSS score of 9.8 (critical), denoting its high severity. What makes it particularly alarming is its potential to allow unauthenticated attackers to execute arbitrary system commands, which could lead to a compromise of the system.

As the cybercrime industry continues to provide us with new Malware as a Service (MaaS) products, we have become used to seeing the operators advertising and developing the panels underground. An allegedly legitimate software company named Venom Control Software emerged, offering a Remote-Access-Tool (RAT) for “hackers and pen-testers”.

Over the past week, an establishment of a new ransomware franchise has emerged named GhostLocker. Ghost Locker is a new Ransomware-as-a-Service (Raas) established by several hacktivist groups led by GhostSec. Recently, many hacktivist groups have tried to engage in cybercrime activities in order to sustain themselves and GhostLocker seems to be one of these cases. In fact, some ransomware groups have already migrated to using GhostLocker instead of their original products.

Artificial Intelligence, often abbreviated to AI, refers to the development of computer systems capable of carrying out tasks and rendering decisions that traditionally demand human intelligence. This entails the creation of algorithms and models that empower machines to acquire knowledge from data, discern patterns, and adjust to unique information or scenarios.