Fortune 50 Company Pays Record-Breaking $75M Ransomware Demand
A Fortune 50 company paid a record-breaking $75 million ransom to the ransomware group Dark Angels, significantly surpassing previous ransom payments. Dark Angels specializes in targeting fewer but higher-value victims, exfiltrating large amounts of sensitive data, and avoiding encrypting victims’ data to allow them to continue operating. While their success may influence other ransomware groups to adopt similar tactics, their Achilles’ heel lies in the time-consuming process of exfiltrating massive amounts of data, providing an opportunity for companies to catch them in the act.
Keytronic, an electronic manufacturing services provider, disclosed losses of over $17 million due to a ransomware attack in May. The attack disrupted operations in Mexico and the U.S., leading to additional expenses of $2.3 million and an estimated revenue loss of $15 million. The Black Basta ransomware gang claimed responsibility for the attack, exfiltrating sensitive data including personal information and corporate files.
A US Technology Contractor Has Exposed the Data of 4.6 Million Voters and Election Documents
A US technology contractor, Platinum Technology Resource, exposed the data of 4.6 million voters and election documents from multiple counties in Illinois due to non-password-protected databases. The exposed information included sensitive personal data like full names, addresses, Social Security numbers, and driver’s license numbers. This incident underscores the critical need for robust data protection measures in election systems and highlights the importance of safeguarding voter data to maintain public trust in the democratic process.
New Zero-Day Flaw in Apache OFBiz ERP Allows Remote Code Execution
A new zero-day pre-authentication remote code execution vulnerability (CVE-2024-38856) has been discovered in Apache OFBiz ERP system, affecting versions prior to 18.12.15 with a CVSS score of 9.8. The vulnerability allows unauthenticated users to access functionalities that require login, leading to remote code execution. This flaw, identified by SonicWall, involves a bypass for a previous CVE and exposes critical endpoints to threat actors, potentially enabling the deployment of the Mirai botnet.
North Korean Hackers Attack South Korea’s Construction, Machinery sectors
Two North Korean state-sponsored hacking groups, Kimsuky and Andariel, have intensified cyberattacks on South Korea’s construction, machinery, and urban development sectors to steal commercial secrets. These groups, linked to North Korea’s Reconnaissance General Bureau, have exploited vulnerabilities in software and websites to distribute malware and exfiltrate critical data. The stolen information is believed to be intended for use in North Korea’s industrial development projects, highlighting the need for increased cybersecurity measures in these sectors.
Google has addressed a zero-day vulnerability in the Android kernel that was being exploited in targeted attacks, requiring system execution privileges for successful exploitation. The vulnerability, tracked as CVE-2024-36971, is a use after free (UAF) weakness in the Linux kernel’s network route management, allowing threat actors to alter the behavior of certain network connections. Google has released security updates to patch this and other vulnerabilities, with the patches being rolled out in two sets for August, emphasizing the importance of timely updates for Android devices to mitigate potential risks.
Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.