Health Data of 4M Stolen in Cl0p MOVEit Breach of Colorado Department
The Colorado Department of Health Care Policy & Financing (HCPF) has suffered a cyberattack by the Cl0p ransomware group, resulting in the theft of personal health data belonging to approximately 4 million members of state health programs. The attack targeted the MOVEit Managed File Transfer platform, which is used by IBM, a third-party contractor with HCPF. The breach exposed personally identifiable information (PII) and personal health data, highlighting the need for organizations to protect sensitive data managed by third-party contractors.
Interpol Shuts Down Phishing Service ’16shops’
Interpol, along with law enforcement agencies and cybersecurity firms, has shut down the notorious phishing-as-a-service platform ’16shops’ after a global investigation. The platform sold phishing kits to criminals, which were used in attacks against 70,000 victims in 43 countries. Three individuals in Indonesia and Japan were arrested in connection with the platform, highlighting the growing threat of phishing attacks and the need for international collaboration in combating cybercrime.
QwixxRAT: New Remote Access Trojan Emerges via Telegram and Discord
A new remote access trojan (RAT) called QwixxRAT is being advertised for sale on Telegram and Discord. The RAT stealthily collects sensitive data from Windows machines and sends it to the attacker’s Telegram bot, providing unauthorized access to the victim’s information. QwixxRAT has anti-analysis features and a clipper that accesses sensitive information from the device’s clipboard for illicit fund transfers.
US DOJ Seizes Web Domain Connected to Crimeware-as-a-Service Activities
The US Department of Justice (DOJ) has seized the web domain LolekHosted.net, which was allegedly involved in a range of crimeware-as-a-service activities. The DOJ has charged a Polish man named Artur Karol Grabowski in connection with running the service, but he is currently a fugitive. The site was a bulletproof host that facilitated cybercrime activities such as ransomware attacks, brute force attacks, and phishing.
Chinese Hackers Breach Japan’s Defense Networks, Highlighting Cybersecurity Concerns
Chinese military hackers compromised classified defense networks in Japan in 2020, gaining deep and persistent access to sensitive computer systems. The breach, one of the most damaging in Japan’s modern history, has raised concerns about cybersecurity and intelligence-sharing between the US and Japan. The Japanese government has since taken steps to strengthen its networks and boost its cybersecurity capabilities, but work remains to be done to ensure the security of critical services and military operations.
Ongoing Xurum Attacks Exploit Critical Magento 2 Vulnerability on E-commerce Sites
E-commerce sites using Adobe’s Magento 2 software are being targeted by ongoing Xurum attacks since January 2023. The attacks exploit a now-patched critical security flaw in Adobe Commerce and Magento Open Source, allowing arbitrary code execution. The attackers, believed to be of Russian origin, are interested in payment stats from the past 10 days and have been observed infecting websites with JavaScript-based skimmers to collect credit card information.
Charming Kitten Targets Iranian Dissidents with Advanced Cyber Attacks
Germany’s Federal Office for the Protection of the Constitution (BfV) has warned of cyber attacks targeting Iranian dissidents since the end of 2022. The attacks, attributed to Charming Kitten, involve elaborate social engineering and phishing techniques. The threat actor impersonates journalists and NGO employees to build rapport with victims and steal their credentials.
New Financial Malware ‘JanelaRAT’ Targets Latin American Users
Researchers have discovered a new financial malware called JanelaRAT that specifically targets users in Latin America. The malware is capable of capturing sensitive information from compromised Windows systems and primarily focuses on financial and cryptocurrency data from Latin American banks and financial institutions. JanelaRAT uses DLL side-loading techniques to evade detection and has the ability to capture windows titles, track mouse inputs, log keystrokes, take screenshots, and harvest system metadata.
Multiple Flaws in CyberPower and Dataprobe Products Put Data Centers at Risk
Multiple security vulnerabilities have been discovered in CyberPower’s PowerPanel Enterprise Data Center Infrastructure Management (DCIM) platform and Dataprobe’s iBoot Power Distribution Unit (PDU), which could allow unauthenticated access and potentially catastrophic damage. The vulnerabilities, ranging from authentication bypass to remote code execution, could be exploited to shut down data centers, compromise data, and launch large-scale attacks. These flaws have been addressed in the latest software and firmware updates, but the researchers warn that a single vulnerability could lead to a complete compromise of the internal network and enable attacks on connected cloud infrastructure.
Zoom ZTP & AudioCodes Phones Flaws Uncovered, Exposing Users to Eavesdropping
Multiple security vulnerabilities have been discovered in AudioCodes desk phones and Zoom’s Zero Touch Provisioning (ZTP) that could allow attackers to gain remote control of the devices. This access could be used to eavesdrop on rooms or phone calls, attack corporate networks, and create a botnet. The vulnerabilities are related to the lack of client-side authentication in the provisioning process and improper authentication in the cryptographic routines of AudioCodes VoIP desk phones.
New Python URL Parsing Flaw Could Enable Command Execution Attacks
A high-severity security flaw has been disclosed in the Python URL parsing function that could be exploited to bypass domain or protocol filtering methods, resulting in arbitrary file reads and command execution. The flaw, assigned the identifier CVE-2023-24329, arises from a lack of input validation and can be used to bypass blocklisting methods by supplying a URL that starts with blank characters. This vulnerability has been addressed in Python versions >= 3.12, 3.8.x >= 3.8.17, and 3.7.x >= 3.7.17.
Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.
Hey There, I am Amey Anekar - Cyber Security Specialist with a passion for solving security problems even when resources are limited. I've been fortunate to develop a knack for gauging an organization's cyber security posture and helping them plan a transition towards becoming more resilient in the face of cyber threats. It's a privilege to be able to contribute to the field and assist organizations in safeguarding their digital assets.