25-Apr-24: In Security News Today

Ransomware payments surpass $1 billion in 2023, report finds

Ransom payments reached over $1 billion in 2023, marking a significant increase in both the scale and cost of ransomware attacks. The Ransomware Task Force (RTF) emphasizes that despite efforts to combat this threat, major challenges persist and half of the proposed strategic recommendations remain under-implemented. The need for intensified collaborative efforts, including legislative actions and international cooperation, is critical to address the evolving and increasingly costly ransomware landscape.

Supplement maker hack allegedly exposes 1M customers

Piping Rock, a supplement manufacturer, experienced a data breach resulting in unauthorized access to over 2.1 million emails, potentially impacting nearly one million customers. The leaked data includes names, addresses, and purchase histories. This breach’s details were confirmed by a Cybernews investigation and were publicly posted on a data leak forum by the perpetrator.

Scammers bypassing Google ad checks to impersonate real brands

Scammers are increasingly manipulating Google’s ad system to impersonate reputable brands, redirecting users to fraudulent sites. Using advanced techniques such as cloaking, they present legitimate content to Google’s bots while showing malicious sites to real users. Security experts recommend vigilance with sponsored search results and the use of protective browser extensions to guard against such malvertising threats.

WP Automatic WordPress plugin hit by millions of SQL injection attacks

Hackers are exploiting a critical vulnerability (CVE-2024-27956) in the WP Automatic WordPress plugin to create admin accounts and plant backdoors on websites. Over 5.5 million attack attempts have been observed, with hackers renaming the vulnerable file ‘csv.php’ and installing additional plugins for file uploads. To prevent compromise, administrators are advised to update the plugin to version 3.92.1 and regularly back up their websites.

Iran Dupes US Military Contractors, Gov’t Agencies in Years-Long Cyber Campaign

An elite team of Iranian state-sponsored hackers infiltrated hundreds of thousands of employee accounts at US companies and government agencies from 2016 to 2021, aiming to steal military secrets. The hackers posed as a cybersecurity company, using social engineering tactics like spearphishing and posing as women to trick victims into clicking on malicious links. The extent of data compromise and whether classified information was accessed remains unclear, and the indicted hackers are currently at large with a reward of up to $10 million offered for information leading to their apprehension.

US Takes Down Illegal Cryptocurrency Mixing Service Samourai Wallet

The US Department of Justice collaborated with Iceland’s authorities to seize Samourai Wallet’s web servers and domain, along with removing its Android app from the Google Play Store in the US. The co-founders, Keonne Rodriguez and William Lonergan Hill, were charged with conspiracy to commit money laundering and operate an unlicensed money-transmitting business. Samourai Wallet, a cryptocurrency mixing service operational since 2015, facilitated over $2bn in unlawful transactions and laundered over $100m in criminal proceeds, serving as a haven for criminals to engage in large-scale money laundering.

North Korea APT Triumvirate Spied on South Korean Defense Industry For Years

A triumvirate of North Korean advanced persistent threat (APT) groups has been conducting extensive espionage on the South Korean defense industry over several years. These groups have effectively compromised multiple South Korean entities to gather intelligence and strategic information. The prolonged cyber-espionage campaign highlights significant vulnerabilities in national security measures and underscores the need for enhanced cybersecurity protocols in sensitive sectors.

Over 1,400 CrushFTP servers vulnerable to actively exploited bug

Over 1,400 CrushFTP servers are vulnerable to a critical server-side template injection (SSTI) bug, allowing unauthenticated attackers to achieve remote code execution. Rapid7 confirmed the severity of the flaw, emphasizing the risk of arbitrary file read and authentication bypass. CrowdStrike reported targeted attacks exploiting the zero-day, urging users to promptly apply patches to safeguard against ongoing exploitation attempts.

LA County Health Services: Patients’ data exposed in phishing attack

The Los Angeles County Department of Health Services experienced a data breach due to a phishing attack, where 23 employees had their credentials stolen. Patients’ personal and health information, including medical records and contact details, were exposed. While no evidence of misuse was found, affected individuals are advised to verify the accuracy of their medical records and the health system has taken steps to enhance cybersecurity measures.

Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.

Leave a Reply

Your email address will not be published. Required fields are marked *