19-Mar-24: In Security News Today

Malware Exposes Fujitsu Customer Data

Fujitsu, a global business technology giant, issued an apology for exposing customer data after discovering malware on its computers. The incident led to immediate disconnection of affected systems and enhanced monitoring. Cybersecurity experts emphasize the importance of understanding the breach, proactive security measures, and the need for organizations to refocus on data security to combat cyber threats.

Illicit Marketplace Admin Sentenced to 42 Months for Selling 350K Stolen Credentials

A Moldovan national was sentenced to 42 months in prison for operating the E-Root Marketplace, selling over 350,000 stolen credentials. The marketplace used a distributed network to hide identities and offered compromised computer credentials for sale. Law enforcement seized the infrastructure associated with E-Root and Perfect Money, which was used for transactions, to prevent further cybercrime activities.

Mintlify Data Breach Leads to Exposure of Customer GitHub Tokens

Mintlify, an AI-powered code documentation firm, disclosed a data breach leading to the exposure of 91 customer GitHub tokens after detecting unauthorized requests to its servers. In response, the company revoked all GitHub token access and launched a bug bounty program to address the vulnerability and improve security measures. This incident underscores the importance of robust security practices for companies handling access to sensitive repositories.

48 Government Organizations Compromised by Chinese Nation State Attacks

Trend Micro researchers uncovered a Chinese cyber-espionage campaign, Earth Krahang APT, potentially connected to the shadowy ‘cybersecurity’ firm I-Soon. The campaign targeted 116 organizations in 35 countries, with a focus on government entities in southeast Asia. Earth Krahang’s tactics include using malicious access to government infrastructure for cyber-espionage, building VPN servers on compromised servers, and stealing email credentials for exfiltration, with overlaps identified with the previously discovered Chinese actor Earth Lusca.

Data Wiping Malware AcidRain Detected in the Wild

A new variant of the data-wiping malware AcidRain, named AcidPour, has been discovered targeting Linux x86 devices. This ELF binary malware is designed to erase content from RAID arrays and UBI file systems. The attacks have been linked to Russia, Ukraine, and the European Union, with the exact scale and intended victims still unknown.

Misconfigured Firebase Instances Expose 125 Million User Records

Researchers uncovered misconfigurations in Firebase instances, leading to the exposure of 125 million user records, including names, email addresses, plaintext passwords, and confidential messages, across 900 websites. These vulnerabilities highlighted significant security risks for affected services, including Chattr, an AI hiring system. The findings stress the necessity of proper Firebase configuration and proactive security measures to protect sensitive user data.

Hackers Exploiting Popular Document Publishing Sites like FlipSnack, Issuu, and Marq for Phishing Attacks

Threat actors are using digital document publishing (DDP) sites like FlipSnack and Issuu to carry out phishing attacks, credential harvesting, and session token theft, leveraging the sites’ favorable reputation and lack of appearance on web filter blocklists. By hosting phishing lures on DDP sites, attackers aim to evade email security controls and exploit the transient file hosting feature of these platforms. The attackers embed links to malicious documents hosted on DDP sites in phishing emails, leading victims to bogus sites mimicking legitimate login pages to steal credentials or session tokens.

Nations Direct Mortgage Data Breach Impacts 83,000 Individuals

Nations Direct Mortgage notified over 83,000 individuals of a data breach in December 2023, where unauthorized access to systems exposed personal information, including Social Security numbers and loan details. Although there’s no evidence of data misuse, the company has offered identity monitoring services to impacted individuals and faces a class action lawsuit, highlighting the importance of robust cybersecurity measures in protecting sensitive information.

Cyberattackers Use Sophisticated Evasion tactics to Compromise Hundreds of Microsoft Office Users

A malicious email campaign named PhantomBlu is targeting US-based organizations by impersonating an accounting service and delivering the NetSupport RAT through Microsoft Office Word files. The campaign uses a sophisticated evasion tactic by manipulating Object Linking and Embedding (OLE) templates to execute malicious code while evading detection. To avoid compromise, experts recommend educating employees on spotting malicious emails, avoiding clicking on attachments from untrusted sources, and reporting suspicious messages to IT administrators.

Conversation Overflow’ Cyberattacks Bypass AI Security to Target Execs

A new cyberattack method called ‘Conversation Overflow’ is being used to bypass AI- and ML-enabled security platforms by embedding hidden text in phishing emails. This tactic aims to deceive AI/ML algorithms by mimicking ‘known good’ communication, allowing cybercriminals to trick systems into categorizing the emails as safe. Security professionals are advised to actively test for ‘unknown unknowns’ in their environments and invest in cybersecurity solutions leveraging ML and AI to combat evolving AI-powered threats.

Ukraine Arrests Fraudsters Trying to Sell 100 Million Stolen Accounts

Ukrainian cyber police, with the help of national police, apprehended three individuals for hijacking over 100 million emails and Instagram accounts using brute-force techniques. The cybercriminals monetized their activities by selling access to compromised accounts on the darknet, leading to fraudulent money transfers. Authorities seized computers and mobile phones during the operation, and the suspects face up to 15 years in prison for unauthorized interference in information systems.

Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.