10-Oct-24: In Security News Today

Marriott Settles Over Data Breach That Exposed Millions Of Guests

Marriott International has settled for $52 million with the FTC and U.S. states over data breaches affecting 344 million guests between 2014 and 2020. As part of the settlement, Marriott will implement a comprehensive information security program, including multi-factor authentication and encryption, and offer customers more control over their personal data. The breaches, attributed to poor security practices, exposed sensitive information like passport details and payment card data, with the FTC criticizing Marriott for misleading consumers about its data security standards.

Customer Data Of Major US Asset Managers Exposed: Over 70K Investors Affected

Fidelity Investments, a major US asset manager with $4.9 trillion under management, experienced a data breach where over 77,000 customer records were exposed between August 17th and 19th, 2024. Attackers accessed personal details using two newly established accounts, though customer account access was not compromised. In response, Fidelity terminated unauthorized access, launched an investigation, and is offering affected customers 24 months of free credit monitoring and identity restoration services to mitigate identity theft risks.

Internet Archive Hacked, Data Breach Impacts 31 Million Users

Internet Archive’s “The Wayback Machine” suffered a major data breach, exposing 31 million user records, including email addresses and Bcrypt-hashed passwords, after a threat actor compromised the site. The stolen data, confirmed to be legitimate, was shared with the “Have I Been Pwned” service, allowing affected users to check their exposure. Simultaneously, the Internet Archive has faced DDoS attacks, although it is not believed that the data breach and DDoS incidents are linked.

Gitlab Warns Of Critical Arbitrary Branch Pipeline Execution Flaw

GitLab has released patches addressing several critical vulnerabilities in both the Community and Enterprise Editions, including the highly severe CVE-2024-9164, which allows unauthorized users to execute CI/CD pipelines on any repository branch. This flaw, rated 9.6 on the CVSS scale, poses significant risks such as unauthorized code execution and data exposure, affecting versions 12.5 through 17.4.1. GitLab users are strongly urged to upgrade to the patched versions (17.4.2, 17.3.5, and 17.2.9), while GitLab Dedicated customers remain unaffected due to automatic updates.

This Trojan Disguises As Google Chrome Or Nordvpn To Wipe Out Your Accounts

The Octo2 malware, an evolved version of the notorious Octo (ExobotCompact) banking trojan, poses a significant threat by disguising itself as apps like Google Chrome and NordVPN, enabling attackers to steal credentials and perform unauthorized actions remotely. Its use of a Dynamic Domain Generation Algorithm (DGA) makes it difficult to detect, as it frequently changes its command and control (C2) addresses. To mitigate risks, cybersecurity professionals are urged to monitor DNS traffic for suspicious domains, use malware detection tools, and enhance collaboration within the security community to combat this evolving threat

Over 10M Conversations Exposed In AI Call Center Hack

A recent data breach in the Middle East compromised over 10 million interactions from an AI-powered call center platform, exposing personally identifiable information (PII) such as national IDs. Cybersecurity firm Resecurity revealed that attackers gained unauthorized access to the platform’s management dashboard, which could enable sophisticated fraud, phishing, and social engineering attacks. The incident highlights the growing vulnerability of AI-driven systems, emphasizing the need for enhanced cybersecurity measures tailored to the unique risks posed by AI technologies.

Microsoft Outlook Bug Blocks Email Logins, Causes App Crashes

Microsoft is investigating a bug in its Outlook desktop app that causes crashes, high memory usage, and prevents users from logging in. Initially believed to affect only European users, reports now show the issue also impacts users worldwide, including Outlook Web Access (OWA) in the U.S. The company is analyzing memory dumps and telemetry data to identify the root cause, with concerns that other Microsoft 365 services might also be impacted.

OpenAI Blocks 20 Global Malicious Campaigns Using AI For Cybercrime And Disinformation

OpenAI has disrupted over 20 malicious campaigns that exploited its platform for cybercrime and disinformation. These activities involved debugging malware, generating fake social media profiles, and creating content related to elections in multiple countries. Despite these efforts, OpenAI noted that no significant breakthroughs in malware creation or widespread influence were observed, though threat actors continue evolving their tactics.

Cyrisma Raises $7 Million For Risk Management Platform

Cyrisma, a cybersecurity startup specializing in risk management for managed service providers (MSPs), has raised $7 million in a Series A funding round led by Blueprint Equity. The company’s platform helps MSPs identify vulnerabilities, track compliance, and manage AI-driven security risks across the attack surface, offering tools for mitigation and reporting. With this new funding, Cyrisma plans to accelerate product development, expand its sales and marketing efforts, and enhance customer support.

Underground Ransomware Claims Attack On Casio, Leaks Stolen Data

Underground ransomware gang has claimed responsibility for a cyberattack on Casio, which occurred on October 5, resulting in system disruptions and potential data theft. The group leaked sensitive information on its dark web portal, including employee personal data, legal documents, financial records, and confidential project information, raising concerns about the impact on Casio’s operations and intellectual property. The Underground group, linked to the Russian cybercrime faction RomCom, employs advanced tactics such as exploiting vulnerabilities in Microsoft Office to maintain prolonged access to compromised systems while evading detection.

US, UK Warn Of Russian APT29 Hackers Targeting Zimbra, Teamcity Servers

U.S. and U.K. cyber agencies have issued a warning about Russian APT29 hackers, linked to the SVR, exploiting vulnerabilities in Zimbra and JetBrains TeamCity servers at a mass scale. The advisory emphasizes the importance of patching exposed servers against CVE-2022-27924 and CVE-2023-42793, which have been used for credential theft and supply-chain attacks, respectively. Given APT29’s history of targeting critical sectors, including government and private organizations, network defenders are urged to implement security updates and reinforce security controls to mitigate potential breaches.

Chinese Influencers Reportedly Using Lebanon Pager Attacks To Spread iPhone Rumors

Chinese influencers are spreading misleading rumors about iPhones, suggesting they may explode, using a 13-year-old video of a modified iPhone explosion to sway public opinion against Apple. This campaign appears to be fueled by rising nationalism and aims to promote local Chinese smartphone brands amidst declining Apple sales in China. Despite attempts by some state media to counteract the misinformation, the rumors are gaining traction, with some companies even banning iPhones among employees.

Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.