22-Apr-24: In Security News Today

Attacker dumps data of 2.8 million Giant Tiger customers

A threat actor claimed responsibility for a March 2024 data breach at Giant Tiger, exposing 2.8 million customer records including email addresses, names, addresses, and phone numbers. The hacker dropped the data set for free on a forum, requiring ‘8 credits’ to unlock the download link. Giant Tiger attributed the breach to a cybersecurity incident with a third-party vendor, urging customers to be cautious of messages regarding payment information.

Attackers Have Penetrated Volkswagen Group’s Systems, Stealing Over 19,000 Documents with Intellectual Property

Volkswagen Group experienced a significant breach where attackers, suspected to be from China, infiltrated their systems for over five years, exfiltrating around 19,000 documents related to engine and transmission development, including electric vehicle innovations. The German automaker’s security team has recovered some of the stolen files, indicating the potential for a larger undisclosed impact. This extended breach, highlighted by evidence from IP addresses and time zone analyses, underscores a major espionage effort targeting critical technological advancements in the automotive industry.

Synlab Italia suspends operations following ransomware attack

Synlab Italia, part of a global network, suspended all medical diagnostic services in Italy following a ransomware attack that compromised their IT systems. The attack, detected on April 18, led to the shutdown of all computers to contain the breach. While efforts are underway to restore services and eliminate malware, customers are advised to stay updated through the company’s website and social media channels.

Rural Texas Towns Report Cyberattacks That Caused One Water System to Overflow

Recent cyberattacks in rural Texas have impacted local water systems, including an overflow incident caused by Russian hacktivist group infiltrations. These attacks targeted multiple towns, with one resulting in 37,000 failed login attempts over four days. Despite rapid responses from local authorities to mitigate damage, these incidents underscore the increasing vulnerability of public utilities to cyber threats and emphasize the need for enhanced security measures.

Researchers Uncover Windows Flaws Granting Attackers Rootkit-Like Powers

Researchers have discovered Windows flaws in the DOS-to-NT path conversion process that can be exploited by threat actors to gain rootkit-like capabilities, allowing them to hide files, processes, and carry out malicious actions without admin permissions. These vulnerabilities have led to the discovery of security shortcomings, including an elevation of privilege deletion vulnerability, an elevation of privilege write vulnerability, a remote code execution vulnerability, and a denial-of-service vulnerability impacting Process Explorer. The implications of these vulnerabilities extend beyond Microsoft Windows, highlighting the importance for all software vendors to address known issues to prevent significant security risks.

Ukrainian Soldiers’ Apps Increasingly Targeted for Spying

Ukrainian soldiers’ messaging apps are increasingly targeted by hackers for spying, as reported by CERT-UA. The surge in attacks is attributed to a group known as UAC-0184, deploying various malware like HijackLoader and Remcos. Russian hackers have also been previously identified targeting Ukraine’s military messaging apps, aiming to exfiltrate encrypted communications and sensitive data.

51% of Enterprises Experienced a Breach Despite Large Security Stacks

Despite investing in large security stacks, 51% of enterprises experienced a breach in the past 24 months, leading to unplanned downtime, data exposure, and financial loss. Enterprises prioritize pentesting but struggle with a frequency gap between IT environment changes and security validation testing. Organizations are adopting more cybersecurity tools to manage risk, with an average of 53 security solutions in use, but face resource constraints and network downtime concerns related to pentesting.

MITRE Breached by Nation-state Threat Actor via Ivanti Zero-days

MITRE Corporation was breached by a nation-state threat actor through two zero-day vulnerabilities in Ivanti’s Connect Secure VPN devices, leading to lateral movement and compromise of the company’s VMware infrastructure. The attackers exploited the vulnerabilities to hijack VPN sessions, maintain persistence with webshells and backdoors, exfiltrate data, and create staging virtual machines. MITRE responded by taking down the affected environment, initiating an investigation, and sharing advice for defenders to monitor VPN traffic, segment networks, and use threat intelligence feeds.

An Unrestricted File Upload Vulnerability in the Forminator Plugin Impacts Hundreds of Thousands of WordPress Sites

Japan’s CERT has warned of multiple vulnerabilities in the Forminator WordPress plugin, including a critical flaw allowing unrestricted file uploads, potentially leading to remote code execution and sensitive data exposure. The plugin, with over 500,000 installations, is susceptible to attacks exploiting CVE-2024-28890, CVE-2024-31077, and CVE-2024-31857. Admins are urged to update to version 1.29.3 to mitigate these risks, as over 200,000 sites remain vulnerable to cyber attacks.

Cannes Hospital Cancels Medical Procedures Following Cyberattack

Cannes Hospital was forced to cancel non-urgent medical procedures and revert to manual operations after a cyberattack led to a shutdown of its IT systems. The hospital has prioritized emergency and essential services while cooperating with regional healthcare entities to manage patient needs effectively. No data theft or ransom demands have been reported, though the recovery of IT services is anticipated to be a prolonged process.

Researchers Observe a Flood of Crude and Amateurish Ransomware

Sophos X-Ops researchers report an upsurge in the sale of inexpensive, rudimentary ransomware on the dark web, referred to as “junk guns.” These low-cost ransomware tools are accessible for as little as $20, attracting lower-skilled criminals targeting small businesses and individuals. Despite their affordability and simplicity, these ransomware variants represent a growing risk to smaller targets, emphasizing the need for heightened awareness and defense measures in cybersecurity practices.

Ransomware Double-Dip: Re-Victimization in Cyber Extortion

A new trend in ransomware attacks involves “double-dipping” where threat actors repeatedly target previously victimized entities, often through re-use of stolen data or access. This cyclic victimization not only compounds the distress for affected organizations but also signifies a shift towards more aggressive extortion tactics in the cybercrime ecosystem. The increasing frequency of such re-attacks highlights a critical vulnerability in cybersecurity defenses and emphasizes the necessity for improved protective measures and response strategies.

Almost 200,000 data tracking attempts were made in just 30 days on a regular Android device through installed apps.

A recent study using /e/OS on an Android device revealed nearly 195,000 data tracking attempts within a month from 34 third-party apps, indicating a significant privacy risk. Data collected ranged from user demographics to sensitive information, with some data being sent to servers in Russia and China. The pervasive nature of this tracking emphasizes the challenges in avoiding surveillance, even with stringent privacy settings.

Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.

Leave a Reply

Your email address will not be published. Required fields are marked *