Misconfigured servers running Apache Hadoop YARN, Docker, Confluence, or Redis are the target of new Golang-based malware that automates the discovery and compromise of the hosts. The malicious tools used in the campaign exploit misconfigurations and an old Atlassian Confluence vulnerability to execute code on the system. Cado Security researchers discovered the campaign and examined the attack payloads, bash scripts, and Golang ELF binaries.

In February, two systems from the Cybersecurity and Infrastructure Security Agency (CISA) were hacked through issues with Ivanti products. Ivanti provides software to manage IT security and system access. This compromise proved that any company is vulnerable to hacking. Sources reveal that the two systems hit were the Infrastructure Protection (IP) Gateway which contains data about U.S. infrastructure, and the Chemical Security Assessment Tool that contains chemical company security plans. CISA has taken those systems and tools offline.

An ad fraud campaign uses thousands of hijacked legitimate domains and subdomains to send millions of spam emails, generating revenue for the threat actors. The "SubdoMailing" campaign distributes malicious ads to get fraudulent clicks for "Ad network" clients. The campaign, active since September 2022, involves hijacking no longer registered or abandoned domains and subdomains belonging to legitimate brands to send spam from attacker-controlled infrastructure. This article continues to discuss findings regarding the massive ad fraud campaign.

Microsoft warns that Russian hackers who launched several high-profile attacks on the US government are now exploiting information stolen from the company's systems in November. According to Microsoft's Security Team, there is evidence that a cyber espionage group tied to Russia's Foreign Intelligence Service (SVR) has been using information pulled from the company's corporate email environment. The hackers are using the information from the incident to gain or attempt to gain unauthorized access to some of the company's source code repositories and internal systems.

The National Cyber Security Centre (NCSC) of Switzerland has recently released a report on its analysis of a data breach following a ransomware attack on Xplain, disclosing that the incident impacted thousands of sensitive Federal government files.  Xplain is a Swiss technology and software solutions provider for various government departments, administrative units, and even the country's military force.  The Play ransomware gang breached the company on May 23, 2023.  During the investigation, the NSCS confirmed that 65,000 government documents were leaked during the breach.