16-Sep-24: In Security News Today

Fortinet Confirms Customer Data Breach Via Third Party

Fortinet confirmed a data breach affecting a small number of customers after a hacker leaked 440GB of data from a third-party cloud-based SharePoint site. The incident highlights the risks of using SaaS and cloud environments without proper security measures, emphasizing the need for practices like multifactor authentication, restricted access, and encrypted data storage. Experts suggest that organizations must continuously monitor cloud assets and enforce security best practices to minimize vulnerabilities in third-party platforms.

Advanced Phishing Attacks Put X Accounts At Risk

Cybercriminals are bypassing X’s (formerly Twitter) security measures, including two-factor authentication (2FA), through advanced phishing attacks like adversary-in-the-middle (AiTM) and SIM-swapping techniques. These methods enable hackers to intercept or redirect authentication codes, allowing account takeover, often leading to cryptocurrency scams or phishing attacks targeting followers of high-profile accounts. Researchers warn that other online platforms are similarly vulnerable and recommend stronger measures like passkeys or FIDO2 hardware authenticators to mitigate risks.

FBI, CISA Warn Of Fake Voter Data Hacking Claims

Hackers are falsely claiming to have compromised US voter information to create distrust in election security, but the FBI and CISA affirm no such breaches have affected election integrity. While some voter data is indeed public, recent hacking claims, including those targeting a New York county’s database, have been debunked as attempts to mislead. Additionally, threat actors from Iran have been implicated in interfering with US presidential campaigns through email and WhatsApp attacks.

North Korean Hackers Target Cryptocurrency Users On Linkedin With Rustdoor Malware

North Korean hackers are leveraging LinkedIn to target cryptocurrency users with the RustDoor malware, which is disguised as part of a legitimate coding test from a fake recruiter. The attack involves a Visual Studio project that installs two payloads, “VisualStudioHelper” and “zsh_env,” which act as backdoors for further exploits. This sophisticated social engineering campaign underscores the need for vigilance and robust security training, particularly for those in the cryptocurrency sector.

Ransomware Group Leaks Data Allegedly Stolen From Kawasaki Motors

RansomHub, a ransomware group, has leaked 487 gigabytes of data stolen from Kawasaki Motors Europe (KME) after the company’s failed attempt to meet their ransom demands. KME had initially managed to isolate and recover most of its systems following the cyberattack, restoring over 90% of server functionality. Despite these efforts, RansomHub proceeded to publish the stolen data on their leak site, adding KME to their list of victims.

88,000 Impacted By Access Sports Data Breach Resulting From Ransomware Attack

Access Sports Medicine & Orthopaedics experienced a ransomware attack, compromising the personal and health information of over 88,000 individuals, including Social Security numbers and financial data. The ransomware group Inc Ransom claimed responsibility, publishing stolen files and sensitive documents in June 2024. Despite offering fraud protection services, Access Sports has no evidence that the stolen data has been misused so far.

North Korea’s Lazarus Group Has $5M Frozen In Stablecoins

Lazarus Group, a notorious North Korean hacking collective, has had nearly $5 million in stablecoins frozen by issuers like Tether and Circle, following an investigation by blockchain analyst ZachXBT. The frozen funds, now totaling almost $7 million, are linked to crypto hacks that occurred between August 2020 and October 2023, with ZachXBT tracing the group’s tactics of converting stolen crypto to fiat through Chinese over-the-counter traders. Despite this success, Circle faced criticism for its delayed response in freezing illicit assets compared to other stablecoin issuers.

Data Stolen In Ransomware Attack That Hit Seattle Airport

The Port of Seattle confirmed that a ransomware attack in August caused significant disruptions at Seattle-Tacoma International Airport, affecting critical services such as passenger displays, Wi-Fi, and airport applications. The Rhysida ransomware gang is believed to have stolen data, though the investigation into the extent of the breach is ongoing, and the Port has refused to pay the ransom. While most systems have been restored, the Port remains vigilant as it anticipates the possible online leak of the stolen data.

Hadooken’ Malware Targets Oracle’s Weblogic Servers

The Hadooken malware, identified by Aqua Nautilus researchers, targets Oracle WebLogic Servers, deploying both a cryptominer and the Tsunami DDoS bot through brute-forcing admin panels. The malware uses Python and shell scripts to download and execute the payload, potentially moving laterally by exploiting SSH credentials found on compromised systems. Aqua’s analysis suggests Hadooken could be expanded to target other platforms, with possible links to ransomware families like Rhombus and NoEscape, although no ransomware was deployed during this attack.

Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.