Payment Gateway Data Breach Affects 1.7 Million Credit Card Owners
Payment gateway provider Slim CD has reported a data breach affecting 1.7 million individuals, with unauthorized access occurring from August 2023 to June 2024. Although hackers obtained credit card and personal information, they did not access card verification numbers, limiting the immediate risk of fraudulent transactions. Slim CD has since enhanced its security measures and advises affected individuals to monitor for signs of fraud and report suspicious activities.
TIDRONE Cyberattackers Target Taiwan’s Drone Manufacturers
TIDrone, a Chinese-speaking threat actor, is targeting military and satellite-related industries, with a focus on Taiwanese drone manufacturers. Leveraging advanced malware tools like “CXCLNT” and “CLNTEND,” the group uses enterprise resource planning (ERP) software and remote desktop tools to infiltrate and disable security defenses. TIDrone’s tactics include UAC bypasses, credential dumping, and anti-analysis techniques, highlighting the evolving sophistication of their cyberattack arsenal.
China’s ‘Earth Lusca’ Propagates Multiplatform Backdoor
Chinese APT Earth Lusca has been using KTLVdoor, a sophisticated multiplatform backdoor that enables full control over compromised environments. This malware, written in Golang with both Windows and Linux versions, disguises itself as system utilities and communicates with over 50 C2 servers, all hosted by Alibaba, suggesting potential future attacks. KTLVdoor employs advanced encryption and obfuscation techniques to evade detection, making it crucial for organizations to adopt proactive, multilayered security defenses to prevent infiltration by this and similar threats.
Two Indicted In US for Running Dark Web Marketplaces Offering Stolen Information
Two individuals, a Kazakhstani and a Russian national, were indicted in the US for running dark web marketplaces that facilitated the trade of personal identifiable information (PII), card data, and banking credentials between 2014 and 2024. Their platforms, such as WWH Club, served as forums for cybercriminals to share techniques for fraud and cyberattacks, offering courses and monetizing through fees and advertising. The defendants face up to 20 years in prison, with their luxury vehicles set for forfeiture as proceeds of their crimes.
Chinese Hackers Exploit Visual Studio Code In Southeast Asian Cyberattacks
Chinese advanced persistent threat (APT) group Mustang Panda has been exploiting Visual Studio Code’s reverse shell feature to conduct espionage on Southeast Asian government entities, marking a new technique that was first demonstrated in late 2023. The campaign involved gaining access to target networks through Visual Studio Code and leveraging OpenSSH for reconnaissance, file transfers, and malware deployment, with indications of possible collaboration between multiple Chinese threat actors. A simultaneous malware cluster using the ShadowPad backdoor suggests either a coordinated effort or independent actors piggybacking on the same network access.
Blind Eagle Targets Colombian Insurance Sector With Customized Quasar Rat
The Blind Eagle APT group has been targeting Colombia’s insurance sector since June 2024, using a customized version of the Quasar RAT known as BlotchyQuasar. The attack begins with phishing emails that simulate notifications from the Colombian tax authority, leading to malicious ZIP files hosted on compromised Google Drive accounts. The malware, enhanced with obfuscation techniques and capabilities to steal sensitive data, relies on Pastebin and Dynamic DNS for command-and-control, while the threat actor hides behind VPNs and compromised routers in Colombia.
Lowe’s Home Warehouse Employees Targeted In Google Ad Phish
A new phishing campaign targeting Lowe’s employees exploited Google ads to direct users to a fraudulent MyLowesLife login page designed to capture their credentials. The attack used AI-generated templates to create deceptive ads that mimicked the legitimate portal, prompting users to enter their Sales Number and Password. Security experts advise employees to avoid clicking on sponsored search results and to use bookmarks to access their portals safely.
Major US Car Rental Breach Exposes Hundreds Of Thousands
Avis Car Rental experienced a significant data breach, with attackers accessing the personal information of nearly 300,000 individuals over a three-day period. The breach, which was discovered on August 5th, 2024, involved unauthorized access to customer data, although specific details about the compromised information remain undisclosed. Avis is offering affected individuals a year of free identity protection services and advises vigilance against potential identity theft or fraud.
New Android Spyagent Malware Uses OCR to Steal Crypto Wallet Recovery Keys
New Android SpyAgent malware, primarily targeting South Korean users, uses optical character recognition (OCR) to steal cryptocurrency wallet recovery keys by scanning images on infected devices. The malware spreads through fake apps disguised as legitimate services, which are distributed via SMS links leading to malicious APK files. Once installed, it captures sensitive data and employs WebSocket connections to evade detection, posing a significant risk to both Android and potentially iOS users.
U.S. Offers $10 Million For Info On Russian Cadet Blizzard Hackers Behind Major Attacks
U.S. authorities, along with international partners, have officially linked the Russian hacking group Cadet Blizzard to GRU’s Unit 29155, accusing them of cyber operations aimed at espionage, sabotage, and disruption since 2020, with a recent focus on undermining aid efforts to Ukraine. The group, also known by several aliases, has been implicated in deploying destructive malware like WhisperGate against Ukrainian targets and has now been charged by the U.S. with computer intrusion and wire fraud. The U.S. Department of State has announced a $10 million reward for information on the group’s activities or members, highlighting their extensive operations targeting critical infrastructure and NATO member countries.
Feds Warn On Russian Actors Targeting Critical Infrastructure
Russian Cyber Unit 29155 has been actively targeting critical infrastructure globally, conducting espionage, sabotage, and other malicious cyber operations since 2020, with a focus on sectors like government, finance, energy, and healthcare. The group deployed WhisperGate malware against Ukrainian organizations in 2022 and expanded attacks to NATO, Latin America, and Central Asia, utilizing tactics like data exfiltration and infrastructure scanning. U.S. agencies advise organizations to strengthen defenses by patching vulnerabilities, network segmentation, and enforcing phishing-resistant multifactor authentication.
Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.