01-Apr-24: In Security News Today

OWASP Discloses Data Breach caused by Wiki Misconfiguration

OWASP Foundation disclosed a data breach caused by a misconfiguration of its old Wiki web server, exposing resumes of members between 2006 and 2014. Personally identifiable information like names, email addresses, and phone numbers were compromised. OWASP took steps to address the breach, including removing resumes from the site, purging the Cloudflare cache, and reaching out to the Web Archive to remove exposed information.

Yacht Retailer MarineMax Discloses Data Breach after Cyberattack

MarineMax, a yacht retailer, disclosed a data breach after a cyberattack where attackers stole employee and customer data. The breach involved personal information and financial documents, with the Rhysida ransomware gang claiming responsibility and attempting to sell the stolen data. The group has a history of targeting various organizations, including healthcare and entertainment sectors, and is known for leaking data when ransom demands are not met.

Vultur Android Banking Trojan Returns with Upgraded Remote Control Capabilities

The Vultur Android banking trojan has resurfaced with upgraded capabilities, including improved anti-analysis techniques and the ability to remotely interact with infected devices. The malware is distributed through trojanized apps on the Google Play Store and employs techniques like TOAD to spread. Additionally, the Octo Android banking trojan has transitioned to a malware-as-a-service operation, offering advanced features like keylogging and remote access to devices.

Threat Indicators Show 2024 Is Already Promising to be Worse Than 2023

The first two months of 2024 have seen a dramatic increase in cyber threats, with a 429% rise in data breaches and a 23% increase in ransomware attacks compared to the same period in 2023. The United States bore the brunt of over 60% of data breaches. Despite significant law enforcement actions against groups like LockBit, the impact on cybercrime activities remains uncertain, underscoring the need for comprehensive threat intelligence and a reconsideration of reliance on common vulnerability databases.

AT&T Says Data From 73 Million Accounts Leaked on Dark Web

AT&T reported a data leak involving personal information from 73 million current and former customers, with 7.6 million account passcodes being reset. The leaked data, including Social Security numbers, appeared on the dark web and is believed to be from 2019 or earlier. AT&T is investigating the source of the data and is offering credit monitoring to those affected.

Shopping Platform PandaBuy Data Leak Impacts 1.3 Million Users

Over 1.3 million customer records from PandaBuy online shopping platform were exposed due to a breach by threat actors exploiting vulnerabilities. The leaked data includes personal information like names, phone numbers, emails, and addresses. PandaBuy has not officially addressed the breach, leading to concerns about the security of user data and the platform’s response to the incident.

Malicious Apps Caught Secretly Turning Android Phones into Proxies for Cybercriminals

Malicious Android apps discovered on the Google Play Store are turning mobile devices into residential proxies for cybercriminals without users’ knowledge. These apps utilize a Golang library to transform devices into proxy nodes, allowing threat actors to obfuscate their origins and conduct various attacks. The apps were removed by Google, but the threat actor behind the operation is selling access to the proxy network created by infected devices through services like LumiApps and Asocks.

Linux Version of DinodasRAT Spotted in Cyber Attacks Across Several Countries

A Linux version of the DinodasRAT backdoor malware has been detected targeting countries like China, Taiwan, Turkey, and Uzbekistan. This C++-based malware can harvest sensitive data, establish persistence on hosts, and evade detection by using encryption and other techniques. The Linodas variant of DinodasRAT is designed to target Linux servers, granting attackers complete control over infected machines and enabling data exfiltration and espionage.

Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.