18-Jul-24: In Security News Today

Indian Crypto Exchange WazirX halts withdrawals after losing $230 million, nearly half its reserves

WazirX, a leading Indian cryptocurrency exchange, halted all withdrawals following a security breach that resulted in the loss of $230 million, nearly half of its reserves. The breach occurred in one of WazirX’s multisig wallets, where attackers exploited a vulnerability in the wallet’s management system to transfer the stolen assets to new addresses and convert them into Ethereum and other digital currencies. The exchange has suspended withdrawals and is actively investigating the incident while working with law enforcement and blockchain security firms to recover the lost funds and ensure asset safety for its users​

Nearly 13 Million Australians Affected by MediSecure Attack

The personal and health data of almost 13 million Australians has been exposed due to a cyber-attack on MediSecure, a medical prescription provider. The breach, which occurred in May 2024, impacted individuals who used the MediSecure prescription delivery service between March 2019 and November 2023, compromising sensitive information such as patient prescriptions. MediSecure was able to restore a complete backup of the server for investigation, but warned that the exposed information could lead to increased risks of phishing, identity-related crime, and cyber scams for affected individuals.

Over $1bn in Cryptocurrency Lost to Web3 Cyber Incidents in 2024

In the first half of 2024, over $1.1 billion worth of cryptocurrency was lost in 408 onchain security incidents, with an average cost of $2.9 million per incident. Phishing, private key compromises, and code vulnerabilities were the most common attack vectors, resulting in significant financial losses. Ethereum was the most frequently targeted blockchain, while the overall losses in H1 2024 showed a significant increase compared to the previous year, emphasizing the growing threat landscape in Web3 cybersecurity.

AT&T Reports Arrest Made in April Hack, Updates Affected Customers

AT&T announced the arrest of an individual related to the April 14 hack that compromised the data of 109 million customers. The breach, linked to the ShinyHunters hacker group, involved unauthorized access to call and text records, which did not include customer names but could be cross-referenced with phone numbers to identify individuals. The company is collaborating with the FBI and DOJ, and has advised customers to remain vigilant against potential phishing and smishing attacks while continuing its investigation and efforts to recover the stolen data.

Data About Millions of Trello Users Leaks Online

Trello users are advised to change their login details immediately due to a recent cyberattack on Atlassian, the parent company of Trello, which resulted in sensitive user information being leaked. Data of 15 million Trello users, including account details, names, and email addresses, is now being sold on a hacker forum for a low price, making users vulnerable to scams. To protect themselves, Trello users are urged to update their login credentials promptly.

UK Government Set to Introduce New Cyber Security and Resilience Bill

The UK government has introduced the Cyber Security and Resilience Bill to strengthen cyber defenses and protect essential digital services, building on the NIS Regulations 2018. The bill focuses on critical infrastructure providers, introduces mandatory ransomware reporting, and aims to combat the evolving cyber threats facing organizations. The legislation is seen as a crucial step towards achieving cyber-resilience and boosting economic growth in the digital economy.

US Data Breach Victim Numbers Surge 1170% Annually

The Identity Theft Resource Center (ITRC) reported a significant increase in the number of US data breach victims in Q2 2024, despite a decrease in the actual number of incidents. The rise in victim numbers was attributed to a few large breaches affecting organizations like Prudential Financial and Infosys McCamish System. ITRC’s H1 2024 Data Breach Analysis revealed a 490% increase in data breach victims in the first six months of 2024 compared to the same period in 2023.

Jail Time for Operators of DDoS Service Used to Crash Thousands of Devices

Scott Raul Esparza and Shamar Shattock, operators of the DDoS service Astrostress.com, have been sentenced to prison for their roles in facilitating DDoS attacks on thousands of devices from 2019 to 2022. Esparza, responsible for maintaining the attack servers and marketing the service, pleaded guilty to conspiracy and unauthorized impairment of protected computers and will serve nine months in prison, followed by supervised release. Shattock, who also pleaded guilty, is awaiting sentencing and could face up to five years in federal prison for his involvement in the illegal service that allowed subscribers to overload victims’ networks and devices, effectively shutting them down​

MarineMax Notifying 123,000 of Data Breach Following Ransomware Attack

MarineMax, a major retailer of recreational boats and yachts, recently experienced a ransomware attack by the Rhysida group, resulting in a data breach affecting around 123,000 individuals. The attackers claim to have exfiltrated personally identifiable information and are attempting to auction the stolen data for 15 bitcoin (approximately $1 million). MarineMax has initiated incident response protocols, informed relevant authorities, and continues to assess the impact on its operations, which have not yet been materially affected​.

West African Crime Syndicate Taken Down by Interpol Operation

Law enforcement successfully arrested multiple members of the Black Axe group, a notorious criminal organization involved in various illegal activities, following an Interpol operation. The group’s activities were a significant concern in the Middle East & Africa region, highlighting the importance of international collaboration in combating cybercrime.

SAP AI Core Flaws Expose Sensitive Customer Data and Keys

Security researchers discovered vulnerabilities in SAP AI Core that could allow attackers to execute arbitrary code, access sensitive customer data, and manipulate internal artifacts, impacting related services. The exploits included gaining cluster administrator privileges, accessing cloud credentials, and exposing files on AWS instances. SAP has since fixed the vulnerabilities, ensuring that no customer data was compromised.

DPRK Hackers Tweak Malware to Lure MacOS Users into Video Calls

North Korean state-sponsored hackers have updated their BeaverTail malware to target macOS users by disguising it as a malicious version of a legitimate video-calling service, Microtalk. Cybersecurity researcher Patrick Wardle uncovered this espionage campaign, where victims were tricked into downloading the malware by posing as job interview opportunities. The malware not only steals data but also deploys additional malicious payloads like InvisibleFerret, showcasing the hackers’ social engineering skills despite technical limitations.

Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.