23-Sep-24: In Security News Today

New Mallox Ransomware Linux Variant Based On Leaked Kryptina Code

Mallox ransomware affiliates have been using a modified version of the leaked Kryptina ransomware source code to target Linux systems, representing a shift from their previous Windows-only focus. This new “Mallox Linux 1.0” variant retains Kryptina’s core encryption and decryption mechanisms but has been rebranded with only superficial changes, such as modified ransom notes. The incident highlights the evolving ransomware landscape, as Mallox expands its reach to Linux and VMWare ESXi systems, with affiliates possibly using multiple versions in their attacks.

Ally Bank May Have Compromised Your Personal Data In An April Data Breach

Ally Bank is facing a class-action lawsuit after an April 2023 data breach exposed sensitive customer information, including Social Security numbers, allegedly sold on the dark web. The breach impacted both current and former customers, with attackers gaining access through a third-party vendor’s system. Ally Bank is offering affected customers three years of identity theft protection, while cybersecurity experts warn of increasing attacks on banks due to the value of sensitive financial data.

Commerce Dept. Proposes Ban On Automotive Software & Hardware From China, Russia

The U.S. Department of Commerce has proposed a ban on automotive software and hardware from foreign adversaries, particularly China and Russia, citing national security concerns. This move would affect nearly all Chinese vehicles in the U.S. market, prohibiting their sale and the testing of self-driving cars, and requiring American automakers to remove any foreign adversary technology. The proposal, targeting connected vehicles due to the risk of surveillance and remote control threats, is expected to take effect by 2027 for software and 2029 for hardware.

Vulnerabilities Found In Popular Houzez Theme And Plugin

Two vulnerabilities, CVE-2024-22303 and CVE-2024-21743, were found in the Houzez WordPress theme and Login Register plugin, which could allow unauthorized privilege escalation and account takeover. The primary issues stemmed from insufficient authorization checks, including weaknesses in password reset and email modification processes. Both vulnerabilities have been patched, and users are advised to upgrade to version 3.3.0 or higher to mitigate potential risks.

Android Malware ‘Necro’ Infects 11 Million Devices Via Google Play

Necro malware has infected 11 million Android devices through malicious SDKs embedded in legitimate apps like Wuta Camera and Max Browser, both available on Google Play. The malware uses various techniques, including invisible WebViews, subscription fraud tools, and proxy mechanisms, to generate fraudulent revenue and facilitate malicious activities. In addition to Google Play, Necro is also spread via unofficial app mods of popular software like WhatsApp and Spotify, further extending its reach.

Man Scams $4M From Mostly Elderly Victims

A federal jury convicted Roger Roger, 40, for leading a telemarketing scheme that defrauded primarily elderly victims of over $4 million from a call center in Costa Rica. Posing as U.S. government officials, he and his co-conspirators tricked victims into believing they had won sweepstakes prizes, requiring them to make fraudulent upfront payments for taxes and fees. The operation utilized VoIP technology to obscure their identities and facilitate the illegal transfer of funds to Costa Rica, with Roger now facing up to 25 years in prison for various fraud and money laundering charges.

China’S ‘Earth Baxia’ Spies Exploit Geoserver To Target Apac Orgs

China’s Earth Baxia APT group is targeting organizations in the APAC region, including Taiwan, Japan, and the Philippines, using spear-phishing tactics and exploiting a vulnerability in GeoServer software (CVE-2024-36401). Their attacks focus on government agencies and critical infrastructure, often utilizing malicious decoy documents related to significant conferences. Compromised systems typically involve the installation of Cobalt Strike or a custom backdoor known as EagleDoor, facilitating extensive data exfiltration and lateral movement within networks.

Russian Cyber-Attacks Home In On Ukraine’S Military Infrastructure

Recent findings by Ukraine’s State Service of Special Communications and Information Protection reveal a strategic shift among Russian-aligned cyber threat actors, moving from broad data exfiltration efforts to targeted cyber espionage against military infrastructure. In the first half of 2024, cyber-attacks on Ukraine’s defense sectors surged to 276 incidents, with notable activity from five specific threat groups employing remote access Trojans to control compromised systems. The report highlights an overall 19% increase in cyber incidents, driven by lower-severity attacks, and underscores the urgent need for licensed software to mitigate vulnerabilities associated with malware from pirated programs.

After Summer Leak, Disney Is Doing Away With Slack For Good

Disney is discontinuing the use of Slack following a significant data breach where a hacktivist group, NullBulge, stole over 1 terabyte of internal data, allegedly aided by an insider. The transition away from Slack, mandated by senior leadership, aims to enhance the company’s cybersecurity posture and is expected to be completed by Q2 FY25. This incident highlights the vulnerabilities of internal communication platforms and underscores the necessity for companies to implement behavioral analysis and monitoring to prevent unauthorized data access.

Cert/CC Warns Of Unpatched Critical Vulnerability In Microchip Asf

The CERT Coordination Center has issued a warning regarding a critical vulnerability (CVE-2024-7490) in Microchip’s Advanced Software Framework (ASF) 3, which may enable remote code execution through specially crafted DHCP requests. The flaw arises from improper input validation in the implementation of the Tinydhcp server, leading to a stack-based overflow. Microchip recommends migrating to actively maintained software, as the affected version is no longer supported and no practical solution exists to mitigate the vulnerability.

Hacker Selling Dell Employees’ Data After A Second Alleged Data Breach

A hacker known as “grep” has reportedly breached Dell Technologies twice within a week, compromising over 3.5GB of sensitive data related to more than 10,000 employees. The breaches, allegedly facilitated by vulnerabilities in Dell’s Atlassian tools, expose employee IDs and personal information, raising concerns about potential phishing and social engineering threats. Despite Dell’s acknowledgment of the first incident, the company has yet to release an official statement regarding either breach, highlighting ongoing security challenges faced by the organization.

Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.