Hacktivists Exploits Winrar Vulnerability In Attacks Against Russia And Belarus
Hacktivist group Head Mare has been targeting organizations in Russia and Belarus by exploiting the CVE-2023-38831 vulnerability in WinRAR to deploy custom malware and ransomware. The group utilizes a range of tools including PhantomDL, PhantomCore, and LockBit to execute and disguise attacks, often disguising malicious files as legitimate applications. Their tactics involve phishing campaigns with double-extension files and deploying ransomware for data encryption and ransom demands, setting them apart from other attackers in the region.
Halliburton Confirms Data Stolen In Recent Cyberattack
Halliburton confirmed that a recent cyberattack by the RansomHub ransomware group led to the unauthorized exfiltration of sensitive data from its systems, causing significant IT and business disruptions. The company is still assessing the full scope of the breach while coordinating with Mandiant for investigation and remediation. Although the financial impact is currently deemed immaterial, Halliburton acknowledges potential risks from legal actions and changes in customer behavior.
Clearview Ai Fined $33.7 Million By Dutch Data Protection Watchdog Over ‘Illegal Database’ Of Faces
The Dutch Data Protection Agency fined Clearview AI €30.5 million ($33.7 million) for creating an illegal database of billions of facial images, violating the EU’s General Data Protection Regulation (GDPR). The agency also prohibited Dutch companies from using Clearview’s services and warned of additional penalties if the breaches continue. Clearview AI disputes the fine, arguing that it doesn’t fall under EU jurisdiction as it has no operations or customers within the EU.
Intel Responds To SGX Hacking Research
Intel has responded to claims by researcher Mark Ermolov, who demonstrated the extraction of critical cryptographic keys from Intel’s Software Guard Extensions (SGX), potentially undermining the platform’s security. While Intel acknowledged the research, they emphasized that the vulnerabilities were only exploitable on systems with physical access and lacking recent mitigations. However, Ermolov warns that the compromised keys, shared across chips of the same microarchitecture, could enable broader attacks, including the forging of SGX Remote Attestation, a critical security feature.
Rocinante Trojan Poses As Banking Apps To Steal Sensitive Data From Brazilian Android Users
A new Android banking trojan named Rocinante is targeting Brazilian users by posing as legitimate banking apps to steal sensitive information through phishing screens and keylogging via Accessibility Service. The malware, influenced by earlier strains like ERMAC, enables full remote device takeover and exfiltrates data to a Telegram bot, making it highly effective in capturing personal information such as passwords and account numbers. Rocinante is distributed through phishing sites and is part of a broader trend in Latin America, including similar malware campaigns targeting Spanish and Portuguese-speaking regions.
TFL Claims Cyber-Incident Is Not Impacting Services
Transport for London (TfL) is responding to an ongoing cybersecurity incident that has not affected transport services or compromised customer and employee data. The organization is collaborating with the National Crime Agency (NCA) and the National Cyber Security Centre (NCSC) to investigate and mitigate the breach while implementing measures to prevent further unauthorized access. This event underscores the critical importance of continuous and coordinated cybersecurity efforts to protect national infrastructure from evolving threats.
Russian State-Owned Social Network VK Breached Again, Affecting 390M Users
Russian social media giant VK (VKontakte) experienced a significant data breach in September 2024, compromising the personal information of 390.4 million users, including IDs, names, and locations. The breach was disclosed by a threat actor known as Hikki-Chan on BreachForums, who claimed the data was obtained through a third-party compromise and made available for minimal cost. This incident follows previous breaches, with VK’s history of exposed user data highlighting ongoing security vulnerabilities in the platform.
New Flaws In Microsoft macOS Apps Could Allow Hackers To Gain Unrestricted Access
Eight vulnerabilities in Microsoft macOS applications like Outlook, Teams, and Word allow attackers to bypass Apple’s Transparency, Consent, and Control (TCC) framework, enabling unauthorized access to sensitive data and elevated privileges. Exploiting these flaws, adversaries can inject malicious libraries into legitimate processes, leveraging the app’s existing permissions to perform actions such as sending emails or recording media without user consent. While Microsoft deems the risk low, the vulnerabilities highlight significant weaknesses in macOS’s permission enforcement and app sandboxing mechanisms, necessitating further security measures.
Ransomhub Ransomware Group Targets 210 Victims Across Critical Sectors
RansomHub, a ransomware-as-a-service (RaaS) platform evolved from Cyclops and Knight, has targeted over 210 victims across critical sectors since its emergence in February 2024. Utilizing a double extortion model, the group exfiltrates data and encrypts systems, employing a range of tools and exploiting known vulnerabilities to gain initial access. Their attack volume has surged significantly, now accounting for a substantial percentage of all ransomware activity, with an increasing trend in complex extortion tactics including triple and quadruple extortion strategies.
China’s Volt Typhoon Exploits Zero-Day In Versa’s SD-Wan Director Servers
China’s Volt Typhoon group has been exploiting a zero-day vulnerability in Versa Networks’ Director Servers (CVE-2024-39717) to intercept credentials and escalate privileges, potentially impacting many large organizations. The flaw, related to Versa’s SD-WAN technology, has been actively exploited since at least June 2024, prompting the U.S. CISA to add it to its Known Exploited Vulnerability database. Versa has issued patches and mitigation advice, urging customers to upgrade and secure their systems against this ongoing threat.
Rapid Growth Of Password Reset Attacks Boosts Fraud And Account Takeovers
Password reset attacks have surged, with a four-fold increase in the last year, primarily driven by bot-based operations, which rose by 1680%. This trend has led to significant fraud and account takeovers, especially targeting media streaming, e-commerce, and mobile services, with desktop users particularly vulnerable due to weaker security measures compared to mobile apps. The report highlights the need for enterprises to strengthen their password reset functionalities, as they often overlook securing these interfaces compared to login systems, leaving them vulnerable to the same exploits.
Cyberattackers Spoof Palo Alto VPNs to Spread Wikiloader Variant
Cyber attackers are exploiting search engine optimization (SEO) poisoning to masquerade as sellers of Palo Alto Networks’ GlobalProtect VPN software, distributing a new variant of WikiLoader malware. Initially discovered by Proofpoint in 2022, WikiLoader is a downloader malware that is now being spread more effectively through attacker-controlled webpages placed at the top of search results, bypassing traditional phishing methods. The campaign, detected by Palo Alto’s Unit 42, has primarily targeted the US higher education and transportation sectors, as well as organizations in Italy.
Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.