Data Leak Exposes 14,000 US Medical Professionals: What We Know So Far
A misconfiguration in the systems of MNA Healthcare, a Florida-based recruitment company, exposed a database backup containing sensitive information of 14,000 medical professionals. The leaked data, which included encrypted Social Security Numbers (SSNs), personal contact details, work history, and communication records, has heightened the risk of identity theft, phishing attacks, and fraud. Despite securing the misconfiguration, the leak highlights potential broader security issues within the company’s infrastructure, particularly concerning the encryption of SSNs and other sensitive information.
Experts Identify 3 Chinese-Linked Clusters Behind Cyberattacks In Southeast Asia
Chinese-linked threat clusters, Alpha, Bravo, and Charlie, are behind a series of cyberattacks targeting Southeast Asian government organizations as part of a state-sponsored campaign codenamed Crimson Palace. The clusters utilize compromised networks and C2 frameworks like Cobalt Strike to deploy malware, conduct reconnaissance, and exfiltrate sensitive data, with Cluster Alpha handling infiltration, Bravo focusing on persistence, and Charlie driving data theft. Their operations showcase advanced techniques such as DLL hijacking, bypassing EDR, and leveraging open-source tools alongside bespoke malware, highlighting a sophisticated and evolving espionage effort.
NoName Ransomware Gang Deploying Ransomhub Malware In Recent Attacks
NoName ransomware gang, tracked by ESET as CosmicBeetle, has been evolving its operations by deploying custom tools like ScRansom, a Delphi-based file encryptor from the Spacecolon malware family. This group gains access through brute-force attacks and exploits vulnerabilities such as EternalBlue and ZeroLogon, before executing ScRansom, which employs AES-CTR-128 and RSA-1024 encryption. Recently, NoName appears to be working with RansomHub, using its EDR-killing tools and deploying LockBit ransomware tactics, indicating continued development and increasing complexity in their operations.
New PIXHELL Attack Exploits Screen Noise To Exfiltrates Data From Air-Gapped Computers
New research has introduced the PIXHELL attack, a sophisticated side-channel exploit that uses noise from LCD screens to exfiltrate data from air-gapped computers. This attack manipulates pixel patterns to generate acoustic signals within the 0-22 kHz frequency range, which are then captured and decoded by nearby devices, bypassing traditional air-gapping defenses. Recommended countermeasures include employing acoustic jammers, monitoring audio spectra for anomalies, and restricting physical access to sensitive systems.
Gallup Poll Bugs Open Door To Election Misinformation
Two XSS vulnerabilities in Gallup’s website could have allowed attackers to execute arbitrary code, steal sensitive data, or take over user accounts, potentially manipulating poll results during a critical election period. The vulnerabilities, a reflected XSS with a CVSS score of 6.5 and a DOM-based XSS scoring 5.4, were promptly addressed after Checkmarx researchers reported them in June 2024. As misinformation remains a top global concern, cybersecurity teams must prioritize secure coding practices to safeguard sensitive platforms, especially during election cycles.
Cosmicbeetle Deploys Custom Scransom Ransomware, Partnering With Ransomhub
CosmicBeetle has introduced a custom ransomware strain called ScRansom, targeting various sectors across multiple continents, and is believed to be collaborating with the RansomHub group. The attacks exploit vulnerabilities like CVE-2023-27532 and employ tools such as RealBlindingEDR to disable security processes, enhancing the effectiveness of the Delphi-based ransomware. Additionally, ransomware groups like RansomHub are evolving tactics to disable Endpoint Detection and Response (EDR) systems, including the use of the POORTRY driver to act as an EDR wiper and new tools like EDRKillShifter.
Ransomhub Ransomware Abuses Kaspersky Tdsskiller To Disable EDR Software
RansomHub ransomware is exploiting Kaspersky’s legitimate TDSSKiller tool to disable endpoint detection and response (EDR) services, including Malwarebytes’ Anti-Malware Service, allowing them to bypass security defenses. After disabling EDR, they deploy the LaZagne credential-harvesting tool to extract logins from various application databases for lateral movement within the network. To defend against this, cybersecurity professionals should enable tamper protection on EDR solutions and monitor for TDSSKiller’s execution and specific command flags that disable services.
Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.