On November 17, 2023, the Cybersecurity & Infrastructure Security Agency (CISA) released a supplemental mitigation guide for the healthcare and public health sector to the Cyber Risk Summary for those sectors published on July 19, 2023.

“This guide provides defensive mitigation strategy recommendations and best practices to combat pervasive cyber threats affecting this critical infrastructure

On November 13, 2023, Governor Kathy Hochul released proposed cybersecurity regulations applicable to all hospitals located within the state of New York. The Governor has included $500 million in grant funding in her FY24 budget to assist health care facilities with upgrading their systems to comply with the new requirements.

According to the Governor’s press

Boeing has confirmed that its parts and distribution site has been attacked by LockBit ransomware, which is believed to be Russian based. Boeing has said that the attack has not affected flight safety. Boeing is investigating the attack.

LockBit publicly claimed responsibility for the attack and boasted that it had stolen “sensitive data” from Boeing

According to Bleeping Computer, crypto fraud researchers at ZachXBT, and MetaMask developer Taylor Monahan have reported that on October 25, 2023, “hackers have stolen $4.4 million in cryptocurrency using private keys and passphrases stored in stolen LastPass databases.”

According to a post by ZachXBT, “Just on October 25, 2023, alone another~$4.4M was drained from

The Cybersecurity & Infrastructure Security Agency (CISA), FBI, and MS-ISAC recently released an urgent Joint Advisory on the Atlassian Confluence Vulnerability CVE-2023-22515.

According to the Alert, “this critical vulnerability affects certain versions of Atlassian Confluence Data Center and Server, enabling malicious threat actors to obtain initial access to Confluence instances by creating unauthorized Confluence administrator

On October 12, 2023, the Health Sector Cybersecurity Coordination Center (HC3) issued an Alert to the healthcare industry about a “new threat actor and ransomware,” NoEscape, which is threatening health care organizations.

According to the Alert, the cybercriminals behind NoEscape “have constructed their malware and its associated infrastructure entirely from scratch.” Offering Ransomware-as-a-Service, they

The Cybersecurity & Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) released a Joint Cybersecurity Advisory on October 11, 2023, urging companies (particularly those in the critical infrastructure sector) to take steps to mitigate cyber threats for AvosLocker Ransomware.

The Advisory urges companies to:

  • Restrict Remote Desktop Protocol