Github, Telegram Bots, And Qr Codes Abused In New Wave Of Phishing Attacks
Phishing attacks are increasingly leveraging GitHub infrastructure, Telegram bots, and QR codes to evade detection and deliver malware. A recent campaign targeting the insurance and finance sectors uses GitHub links in phishing emails to bypass security measures and deliver the Remcos RAT, exploiting trusted repositories and GitHub comments to propagate malware without leaving traces. Meanwhile, scammers are targeting booking platforms like Airbnb, using compromised accounts and Telegram-based tools to streamline phishing processes, improve victim engagement, and evade law enforcement.
CISA: Hackers Abuse F5 Big-IP Cookies To Map Internal Servers
CISA has issued a warning that cyber threat actors are exploiting unencrypted persistent cookies from the F5 BIG-IP Local Traffic Manager (LTM) to map internal devices within networks. These cookies, which contain encoded data like IP addresses and port numbers, can be abused to identify hidden or vulnerable servers, facilitating network discovery and potential exploitation. CISA recommends administrators encrypt these cookies to prevent such attacks and use F5’s diagnostic tool, BIG-IP iHealth, to detect misconfigurations.
NHS England Warns Of Critical Veeam Vulnerability Under Active Exploitation
NHS England has issued a warning about active exploitation of a critical vulnerability (CVE-2024-40711) in Veeam Backup & Replication, which could allow remote code execution (RCE) with a CVSS score of 9.8. Ransomware groups are leveraging this flaw to create new local administrator accounts for further network compromise, with cases involving Fog and Akira ransomware. Organizations are urged to update Veeam Backup & Replication to version 12.2 or above to mitigate risks, as this vulnerability is actively targeted by threat actors shortly after its disclosure.
Casio Confirms Customer Data Stolen In A Ransomware Attack
Casio has confirmed a ransomware attack that compromised sensitive data, including personal information of employees, job candidates, business partners, and some customers, though payment data remains unaffected. The attack, claimed by the Underground ransomware group, has caused system disruptions, and Casio advises vigilance against phishing attempts as the investigation continues. Casio has notified authorities and urges against sharing leaked information to protect affected individuals’ privacy and prevent further damage.
After Breach Of Billions Of Records, National Public Data Files For Bankruptcy
National Public Data (NPD), a background check company, filed for bankruptcy after a breach exposed 2.7 billion records, including 272 million Social Security numbers. The company faces numerous lawsuits from victims and scrutiny from state prosecutors and the US Federal Trade Commission over the leak, which led to a class-action lawsuit for negligence and unjust enrichment. NPD’s bankruptcy filing aims to manage the financial fallout from lawsuits, civil penalties, and investigations, while experts warn that the stolen data can fuel identity theft and phishing attacks.
Openai Says Iranian Hackers Used Chatgpt To Plan ICS Attacks
OpenAI has disrupted over 20 cyber and influence operations in 2024, including attacks by Iranian and Chinese state-sponsored hackers. The Iranian group CyberAv3ngers, linked to the Islamic Revolutionary Guard Corps, used ChatGPT for reconnaissance and exploitation of industrial control systems (ICS), targeting water utilities in Ireland and the US. Despite their use of AI for tasks like evading detection and scanning vulnerabilities, OpenAI found that these tools provided only incremental capabilities that could be achieved with non-AI tools.
American Water Suffers Network Disruptions After Cyberattack
American Water, the largest publicly traded water utility in the U.S., experienced a cyberattack on October 3, 2024, leading to the shutdown of its online systems, including customer portals and telecommunications. Although water and wastewater services were not affected, the company initiated incident response protocols, disconnected certain systems, and is working with third-party cybersecurity experts to contain the attack. This incident highlights the growing risk of cyberattacks on critical infrastructure, with U.S. authorities continuing to push for stronger cybersecurity regulations for water utilities.
Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.