15-Mar-24: In Security News Today

International Monetary Fund email accounts hacked in cyberattack

The International Monetary Fund (IMF) disclosed a cyber incident where 11 IMF email accounts were breached earlier this year. The IMF, a major financial institution funded by 190 member countries, is headquartered in Washington, D.C. The investigation is ongoing, with no evidence of attackers accessing other systems beyond the compromised email accounts.

Kubernetes Vulnerability Allows Remote Code Execution on Windows Endpoints

A critical vulnerability, CVE-2023-5528, affects Kubernetes, allowing remote code execution on Windows endpoints in default installations. The flaw involves improper processing of YAML files, potentially enabling attackers to execute arbitrary code with system privileges. Kubernetes versions up to 1.28.3 are vulnerable; updating to version 1.28.4 or later is recommended to mitigate the risk.

Admin of major stolen account marketplace gets 42 months in prison

Sandu Boris Diaconu, a Moldovan national, has been sentenced to 42 months in prison for operating E-Root, a marketplace selling access to hacked computers. Diaconu pleaded guilty to conspiracy and possession charges, was extradited to the U.S., and authorities believe over 350,000 credentials were listed for sale on the platform. E-Root facilitated cybercriminals in gaining unauthorized access to victims’ systems and offered illicit services like an online payment system and cryptocurrency exchange.

US moves to recover $2.3 million from “pig butchers” on Binance

The U.S. Department of Justice is reclaiming $2.3 million in cryptocurrency associated with a ‘pig butchering’ fraud scheme that targeted 37 individuals in the U.S. Pig butchering scams involve deceiving victims into depositing cryptocurrency into fake investment platforms. Law enforcement traced the funds to two Binance wallets holding $2.3 million, linked to 36 victims of various fraud schemes.

Malicious Ads Targeting Chinese Users with Fake Notepad++ and VNote Installers

Chinese users searching for Notepad++ and VNote on Baidu are being targeted with malicious ads leading to trojanized software and the deployment of Geacon, a Golang-based Cobalt Strike implementation. The fake websites distribute modified installers capable of executing various malicious activities, including creating SSH connections and taking screenshots. Malvertising campaigns have also been used to distribute other malware like FakeBat through MSIX installer files posing as legitimate software.

Discontinued Security Plugins Expose Many WordPress Sites to Takeover

Two discontinued MiniOrange plugins, Malware Scanner and Web Application Firewall, have introduced a critical vulnerability to WordPress sites, allowing unauthenticated users to escalate privileges and potentially take over sites. Identified as CVE-2024-2172 with a CVSS score of 9.8, this flaw enables password changes without authentication, posing a significant risk of site compromise. Users are advised to delete these plugins immediately to mitigate the threat.

Former telecom manager admits to doing SIM swaps for $1,000

A former telecom manager in New Jersey pleaded guilty to conspiracy charges for performing unauthorized SIM swaps for financial gain, enabling an accomplice to hack customer accounts. SIM swapping involves porting a person’s phone number to a SIM card controlled by an attacker, often through social engineering or insider assistance. The manager’s actions allowed the accomplice to access victims’ accounts, leading to potential financial losses and privacy breaches.

Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.