The Information Highway

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned today of ongoing distributed denial-of-service (DDoS) attacks after U.S. organizations across multiple industry sectors were hit. 

American Airlines and Southwest Airlines, two of the largest airlines in the world, disclosed data breaches on Friday caused by the hack of Pilot Credentials, a third-party vendor that manages multiple airlines' pilot applications and recruitment portals.

Grafana has released security fixes for multiple versions of its application, addressing a vulnerability that enables attackers to bypass authentication and take over any Grafana account that uses Azure Active Directory for authentication. 

LastPass password manager users have been experiencing significant login issues starting early May after being prompted to reset their authenticator apps. 

Security researchers have found a simple way to deliver malware to an organization with Microsoft Teams, despite restrictions in the application for files from external sources. 

ChatGPT users should be wary that their personal data might've been leaked online, following the dump of more than 100,000 ChatGPT account credentials on the dark web. As reported by The Hacker News and according to Singapore-based cybersecurity company Group-IB, the credentials for users that logged into ChatGPT ranges from its launch (in June 2022) through May 2023, meaning that it's still an ongoing event. The U.S., France, Morocco, Indonesia, Pakistan, and Brazil seem to have contributed the most users towards the stolen credentials. 

 U.S. and international cybersecurity authorities said in a joint LockBit ransomware advisory that the gang successfully extorted roughly $91 million following approximately 1,700 attacks against U.S. organizations since 2020.

 A suspected pro-China hacker group tracked by Mandiant as UNC4841 has been linked to data-theft attacks on Barracuda ESG (Email Security Gateway) appliances using a now-patched zero-day vulnerability.

The Russian state-sponsored hacking group Gamaredon (aka Armageddon or Shuckworm) continues to target critical organizations in Ukraine's military and security intelligence sectors, employing a refreshed toolset and new infection tactics. 

Microsoft has released an optional fix to address a Kernel information disclosure vulnerability affecting systems running multiple Windows versions, including the latest Windows 10, Windows Server, and Windows 11 releases. 

Initially detailed in September 2022, UNC3886 has been using malicious vSphere Installation Bundles (VIBs) – packages that are typically used to maintain systems and deploy updates – to install backdoors on ESXi hypervisors and gain command execution, file manipulation, and reverse shell capabilities.

Fortinet says a critical FortiOS SSL VPN vulnerability that was patched last week "may have been exploited" in attacks impacting government, manufacturing, and critical infrastructure organizations.