Hackers are targeting CVE-2023-49103, a critical ownCloud vulnerability that exposes admin passwords, mail server credentials, and license keys in containerized deployments. The ownCloud product is a popular open-source file synchronization and sharing solution for those who want to manage and share data through a self-hosted platform. On November 21, the developers of the software released security bulletins for three vulnerabilities that could lead to data breaches, suggesting that ownCloud administrators implement the recommended mitigations.

Law enforcement agencies in seven countries recently teamed up with Europol and Eurojust to dismantle a major Ukraine-based ransomware operation.  According to Europol, 30 properties were searched on November 21 in four regions of Ukraine, resulting in the arrest of a 32-year-old who is allegedly the operation’s ringleader, as well as four key accomplices.  This law enforcement activity is part of an operation that resulted in the arrests of a dozen individuals back in 2021.  Europol noted that the cybercrime operation targeted thousands of entities across 71 countries.

Google is disputing a recent report by a security vendor about a design flaw in Google Workspace that exposes users to data theft and other potential security issues. According to Hunters Security, a flaw in Google Workspace's domain-wide delegation feature allows attackers to steal email from Gmail, exfiltrate data from Google Drive, and perform other unauthorized actions within Google Workspace Application Programming Interfaces (APIs) on all identities in a targeted domain.

On Monday, Ardent Health Services announced that its clinical and financial operations had been disrupted by a ransomware attack discovered on Thanksgiving morning.  The company noted that the incident forced it to take systems offline and suspend user access to IT applications, including corporate servers and internet and clinical programs.  The company stated that while this incident temporarily disrupts certain aspects of Ardent’s clinical and financial operations, patient care continues to be delivered safely and effectively in its hospitals, emergency rooms, and clinics.

According to new data from Truecaller, US consumers were deluged with an estimated two billion spam and scam calls last month.  The company noted that although the October 2023 figures are down from a high of over 2.6 billion spam calls in November 2022, they still represent nearly six nuisance or malicious calls per person per month.  In 2023 to date, the company estimates that Americans have wasted around 195 million hours answering these calls.

A collaboration between the tech startup Tide Foundation and RMIT University is turning groundbreaking research into a cybersecurity capability. Critical infrastructure in Australia, including ports, energy grids, and water supplies, reported 143 cyberattacks in the past year, up from 95 incidents the previous year. Clare O'Neil, Federal Minister for Cybersecurity, recently announced that 168 of the country's critical infrastructure assets would require improved cybersecurity, nearly doubling the 87 assets previously considered systems of national significance.

University of Bristol cyber-physical security researchers warn that smart farming devices can introduce digital security risks unless they are protected with encryption and other often overlooked security methods. One key takeaway from their paper "The Internet of Insecure Cows - A Security Analysis of Wireless Smart Devices Used for Dairy Farming" is that farmers have no way of knowing which agriculture technology products are secure by design or how effective their security controls may be.

A cyberattack affecting multiple conveyancing firms has disrupted House sales and purchases across the UK.  CTS, a legal sector specialist infrastructure service provider, recently confirmed in a statement that it has experienced a service outage caused by a cyberattack.  The firm said the cyberattack has impacted a portion of the services it delivers to some of its clients.  The firm noted that the outage is believed to have affected up to 200 law firms that use CTS’ services.

Ukraine's defense intelligence directorate claims to have conducted a successful cyber operation against the Russian government's civil aviation agency, Rosaviatsia. Rosaviatsia is in charge of overseeing and ensuring the safety of Russia's civil aviation industry. As a result of the hack, the agency obtained "a large volume of confidential documents," including a list of daily reports from Rosaviatsia. This appears to be the first time the Ukrainian government has accepted responsibility for a cyber operation against a Russian target.

The Municipal Water Authority of Aliquippa (MWAA) was targeted by the Iranian hacker group called Cyber Av3ngers, who took control of one of its booster stations. The attack did not affect the facility's operations, water supply, or drinking water. It is a public utility that provides water service to Aliquippa, Pennsylvania residents and businesses. In order to make sure that its customers have access to clean, safe, and reliable water, the MWAA runs and maintains a network of water mains, pipes, and treatment facilities.