background pattern

Christmas comes early for threat actors: Attack traps containers in Australian port & ransomware gang reports its own victim to the authorities

Christmas Threats
case study thumbnail

Lead Article

'DP World' Attack: 30,000 containers trapped after Australian Port Breached

Read more
case study thumbnail

Proxy botnet infiltrates thousands of systems across the globe

Read more
case study thumbnail

'Citrix Bleed' Zero-day exploited in the wild as proof-of-concept circulates

Read more
case study thumbnail

Feature Article

Ransomware gang reports its own victim to authorities for failing to disclose attack

Read more

Ransomware insights

According to Cybersixgill’s data, 530 ransomware results were detected on our Investigative Platform in November, in comparison with 283 results in October. The ransomware gang BlackBasta were responsible for 130 ransomware attacks this month. The top targeted industries were education, healthcare and manufacturing. North America, Germany and the UK were the top targeted countries.


The top CVE’s this month based on Cybersixgill’s data

  1. 1.


    The current DVE score is 10. Cisco is aware of active exploitation of a previously unknown vulnerability in the web UI feature of Cisco IOS XE Software when exposed to the internet or to untrusted networks. This vulnerability allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access.

    CVSS: 10

    DVE: 10

  2. 2.


    The current DVE score is 9.98. Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.

    CVSS: 7.5

    DVE: 9.98

  3. 3.


    The current DVE score is 9.75. A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 16.6.1 and iPadOS 16.6.1, macOS Monterey 12.6.9, macOS Ventura 13.5.2, iOS 15.7.9 and iPadOS 15.7.9, macOS Big Sur 11.7.10. Processing a maliciously crafted image may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

    CVSS: 3.1

    DVE: 9.75


Malware insights

The most mentioned malware for November 2023

In November, Lumma malware had the highest number of mentions on the underground according to the Cybersixgill Investigative Portal.

Lumma malware, also known as Lumma Stealer, is a data-stealing malware that emerged in 2022. It is primarily distributed through phishing emails, YouTube campaigns, and spear-phishing websites. Lumma Stealer is designed to steal sensitive information from infected systems, including passwords, cookies, autofill data, desktop files, and even cryptocurrency wallets.

ransomware groups

Live from the newsroom

  1. 2024 Predictions: AI Becomes More Accessible as Cybersecurity Vendors Address Data Reliability, Diversity, and Privacy

    See Details
  2. 2024 Predictions: AI Will be Used as an Attack Tool and Target

    See Details
  3. Solving the CTI Paradox: Don’t let too much data paralyze your security team

    See Details