26-Jun-24: In Security News Today

Polyfill.io Supply Chain Attack Smacks Down 100K+ Websites

The domain polyfill[.]io, used by over 100,000 websites to deliver JavaScript code, has been compromised in a supply chain attack after being purchased by a Chinese organization. Malicious code is being injected into websites, leading to potential data theft, clickjacking, and other attacks. Security researchers advise website owners to remove any references to the polyfill[.]io domain and take immediate action to secure their websites.

LockBit lied: Stolen Data is From a Bank, not US Federal Reserve

LockBit ransomware group falsely claimed to have hit the US Federal Reserve, stating they stole 33 terabytes of sensitive banking information. However, it was revealed that the threat actors actually targeted an individual bank, Evolve Bank & Trust, not the Fed. This false claim is seen as a desperate attempt by LockBit to regain relevance after facing disruptions earlier this year.

Protection Plus Solutions, a Background Check Service Provider, Has Leaked Thousands of PDF files Containing Individuals’ SSNs, Passport Details, and Criminal Records

Sensitive information from Protection Solutions has been exposed online, including passport details, ID cards, driver’s licenses, and birth certificates. This leak, comprising over 500,000 documents from various countries, could be exploited for identity theft and fraud. The breach highlights the critical need for robust data protection measures and immediate action to secure and mitigate the impact on affected individuals.

Cyber Attackers Turn to Cloud Services to Deploy Malware

Fortinet’s FortiGuard Labs revealed that threat actors are increasingly using legitimate cloud services for malicious activities, such as utilizing cloud servers for command and control operations to enhance malware capabilities. The report highlighted examples like RATs stored on Amazon Web Services and crypters distributed via DriveHQ. Additionally, new malware strains like ‘Skibidi’ are exploiting vulnerabilities in routers and products to amplify their impact, emphasizing the need for organizations to strengthen their cloud security defenses through multi-layered approaches.

Chinese and North Korean Cybercriminals Target Global Infrastructure with Ransomware

Chinese and North Korean threat actors have been identified in ransomware attacks targeting government and critical infrastructure sectors worldwide between 2021 and 2023. The ChamelGang group, associated with China, has been using ransomware like CatB to target organizations in India and Brazil, while another cluster of attacks has been linked to Chinese and North Korean state-sponsored groups. These cyber espionage operations using ransomware not only aim for financial gain but also serve to cover the tracks of threat actors, blurring the lines between cybercrime and cyber espionage.

Apple Patches AirPods Bluetooth Vulnerability That Could Allow Eavesdropping

Apple has released a firmware update to address a vulnerability (CVE-2024-27867) in AirPods that could allow unauthorized access by spoofing the intended source device. This could enable an attacker in Bluetooth range to eavesdrop on private conversations. The issue has been resolved with improved state management in the latest firmware updates for AirPods and Beats devices.

Data of 100K Hey You Users allegedly for sale on the dark web

A data breach has reportedly exposed the personal information of approximately 100,000 users of the Hey You app, an Australian Food Ordering App. The compromised data, allegedly being sold on the dark web, includes names, email addresses, phone numbers, and order details, raising significant privacy and security concerns. Cybersecurity professionals should monitor this incident closely and advise affected users to change passwords and be vigilant against potential phishing attacks​.

Cybercriminals Steal Over $2 Million in Cryptocurrency From CoinStats Wallets

North Korean cybercriminals, identified as the Lazarus Group, stole over $2 million from 1,590 cryptocurrency wallets hosted by CoinStats. The breach occurred after some users received phishing messages, leading to a malicious website, although not all affected users reported receiving such messages. CoinStats swiftly shut down its app to mitigate the attack and clarified that only a small fraction of wallets directly created within CoinStats were compromised, while wallets connected for read-only access remained secure.

Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.