Security Bulletin

Attackers are breaching cloud environments and playing games with corporate Microsoft 365 apps, and further victims are likely to come.

The unrelated cyberattacks both occurred in January.

Also in this issue: How the SEC's reporting rules are being weaponized, quishing attacks plaguing execs, and tabletop exercises making a comeback.

MacOS data exfiltration malware poses as an update for Visual Studio code editor.

New rewards of $10 million are being offered by the U.S. State Department in exchange for any information regarding the identities or whereabouts of the leaders of the Hive ransomware operation, which had been dismantled in an international law...

Escalating cybersecurity threats against election systems ahead of November's presidential polls have prompted the Cybersecurity and Infrastructure Security Agency to introduce a new program aimed at improving state and local governments' defenses...

FedScoop reports that federal IT officials have called upon the Cybersecurity and Infrastructure Security Agency to strengthen security standards and coordination with other government agencies.

More than 33 million individuals across France, or almost half of the country's population, were confirmed by the country's data protection authority CNIL to have had their data compromised following data breaches at French healthcare and insurance...

Hyundai Motor Europe has confirmed investigating a cyberattack in early January, which it had disclosed as IT issues, BleepingComputer reports.

Major California-based union Service Employees International Union Local 1000 has disclosed having its network disrupted by a cyberattack last month, which the LockBit ransomware operation claimed to have resulted in the theft of 308GB of data...

The U.S. Credit Union Service has exposed more than 3 million records as a result of a misconfigured cloud database suspected to be a customer relationship management system of Michigan-based credit union service provider CU Solutions Group, Hackread...

BleepingComputer reports that updated variants of the Android malware XLoader, also known as MoqHao, that allowed automated execution after installation have emerged.