26-Apr-24: In Security News Today

Kaiser Permanente: Data Breach May Impact 13.4 Million Patients

Kaiser Permanente, a major healthcare service provider, revealed a data breach potentially affecting 13.4 million individuals in the U.S. Personal information was leaked to third-party trackers on their websites and mobile apps, including IP addresses, names, and user interactions. While sensitive data like SSNs and financial details were not compromised, Kaiser Permanente has taken steps to address the incident and will notify those affected as a precaution.

Hackers leak London Stock Exchange Group’s (LSEG) World-Check Screening Database With Over Five Million Records

Hackers leaked the World-Check database from the London Stock Exchange Group, exposing over 5 million records on entities and individuals linked to risks like financial crime and terrorism. The breach, attributed to a group called GhostR, involved data illicitly obtained from a client’s system, not directly from LSEG systems. This database is crucial for entities performing “know your customer” checks to prevent illicit financial activities.

New Brokewell Malware Takes Over Android Devices, Steals Data

Security researchers have discovered a new Android banking trojan named Brokewell that captures device events, steals data, and offers remote control capabilities. The malware is distributed through a fake Google Chrome update, mimics login screens to steal credentials, and can remotely control infected devices. Developed by an individual known as Baron Samedit, Brokewell is expected to be further developed and offered to other cybercriminals, posing a significant threat to Android users. To protect against such malware, users are advised to avoid downloading apps from outside Google Play and ensure Play Protect is active on their devices.

North Korea’s Lazarus Group Deploys New Kaolin RAT via Fake Job Lures

The Lazarus Group, linked to North Korea, used fake job offers to distribute a new remote access trojan called Kaolin RAT in attacks targeting individuals in Asia. The RAT was used to deploy the FudModule rootkit, exploiting a now-patched admin-to-kernel exploit. The sophisticated attack chain showcases Lazarus Group’s continuous innovation and resource allocation, posing a significant challenge to cybersecurity efforts.

Godfather Banking Trojan Spawns 1.2K Samples Across 57 Countries

The Godfather mobile banking Trojan has spawned over 1,000 samples across 57 countries, targeting hundreds of banking apps. Mobile malware-as-a-service operators are rapidly generating unique samples to evade security software, posing a significant challenge to mobile security. Security solutions are struggling to keep up with the increasing number of malware samples, emphasizing the need for adaptive solutions and behavioral analysis to combat evolving mobile threats.

Researchers Found 18 Vulnerabilities in Brocade SANnav

A security assessment of Brocade’s SANnav Management Portal revealed 18 vulnerabilities, including hardcoded Docker keys. The vulnerabilities allowed attackers to compromise the SANNav appliance, Fibre Channel switches, and intercept credentials in clear-text communication. Insecure configurations such as lack of encryption for management protocols, hardcoded credentials in Postgres, and insecure Docker instances with read/write access to critical files were identified, posing significant risks to the system’s security.

Autodesk hosting PDF files used in Microsoft phishing attacks

Autodesk is unknowingly hosting malicious PDF files used in sophisticated Microsoft phishing attacks, where victims are tricked into revealing their login credentials. The attackers leverage compromised email accounts to send convincing phishing emails with links to documents on Autodesk Drive, leading to fake Microsoft login forms. The scale and customization of these attacks indicate automation and targeted compromises, emphasizing the importance of vigilance against such threats and the need for hosting companies to prevent abuse of their infrastructure.

Researchers Sinkhole PlugX Malware Server With 2.5 Million Unique IPs

Researchers at Sekoia sinkholed a PlugX malware server, observing 2.5 million unique IP connections from infected hosts in over 170 countries. By acquiring control of the C2 server, they were able to analyze traffic, map infections, and prevent further malicious activities. Sekoia has formulated disinfection strategies to address the challenge of removing PlugX from infected systems and USB drives, calling for national cybersecurity teams to join the effort.

Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.

Leave a Reply

Your email address will not be published. Required fields are marked *