28-Aug-23: In Security News Today

Financial Firms Hit by MOVEit Cyberattacks Face Lawsuits

TD Ameritrade and Charles Schwab are now facing class action lawsuits in the US District Court in Nebraska over the MOVEit zero-day vulnerability breach. The lawsuits accuse these financial services companies of failing to secure sensitive customer financial data, negligence in protecting personally identifiable information (PII), and other offenses linked to the MOVEit compromise. These legal actions come in the wake of similar lawsuits against Prudential and Progress Software, the company behind the MOVEit File Transfer Software used in the attacks.

London Police Warned of Data Breach: Officer Information Compromised

Hackers have accessed the information of around 47,000 officers and staff of Greater London’s Metropolitan Police, including names, ranks, ID numbers, vetting levels, and photos. The breach occurred through a third-party contractor responsible for printing warrant cards and staff passes. While the compromised data did not include personal details like addresses or financial information, the breach has triggered the involvement of the National Crime Agency (NCA) for further investigation.

Experts Uncover How Cybercriminals Could Exploit Microsoft Entra ID for Elevated Privilege

Cybersecurity researchers have discovered a privilege escalation vulnerability in Microsoft Entra ID that allows attackers to exploit an abandoned reply URL. By redirecting authorization codes to themselves, attackers can obtain access tokens and call the Power Platform API to gain elevated privileges. Microsoft has released an update to address the issue, and Secureworks has provided an open-source tool to scan for abandoned reply URLs.

Malicious Rust Libraries Transmitting OS Info to Telegram Channel

Malicious packages were discovered on the Rust programming language’s crate registry, containing functionalities to capture operating system information and transmit it to a Telegram channel. The campaign may have been in its early stages, targeting developers to compromise their machines and deliver rogue updates. This incident highlights the importance of caution and due diligence for developers in their software development activities.

China Unleashes Flax Typhoon APT to Live Off the Land, Microsoft Warns

A China-backed advanced persistent threat (APT) group called Flax Typhoon has been discovered installing a web of persistent, long-term infections in Taiwanese organizations using minimal amounts of malware. The group is living off the land, using legitimate tools and utilities built into the Windows operating system to carry out a stealthy and persistent cyber espionage campaign. Microsoft warns that the group’s techniques could be easily reused in other operations outside the region and advises organizations to patch and update their public-facing servers, monitor for unauthorized changes, and implement multifactor authentication and other security measures.

Data Breach at French Unemployment Agency Exposes Personal Information of 10 Million Individuals

Roughly 10 million individuals may have had their personal information compromised in a data breach at French unemployment agency Pole Emploi. The breach was the result of a cyberattack on one of the agency’s service providers, Majorel. The compromised data includes names and social security numbers, but other personal information such as email addresses, phone numbers, passwords, and bank credentials were not affected.

QakBot, SocGholish, and Raspberry Robin: The Most Popular Malware Loaders in 2023

QakBot, SocGholish, and Raspberry Robin are the top three malware loaders used by cybercriminals, accounting for 80% of observed attacks. QakBot is an evolving threat that can deploy additional payloads and is associated with the BlackBasta ransomware group. SocGholish is deployed through drive-by downloads and has been linked to the Russia-based Evil Corp cybercrime group. Raspberry Robin spreads via removable devices and has been observed targeting financial institutions and government organizations.

Leaseweb Reports Cloud Disruptions Due to Cyberattack

Dutch cloud company Leaseweb experienced a cyberattack last week, leading to the shutdown of critical systems. The company detected unusual activity in certain areas of its cloud environments and took immediate action to reduce potential risks. It is unclear whether the attack involved ransomware or if any customer data was compromised.

Ohio History Organization Suffers Ransomware Attack and Data Breach

Ohio History Connection (OHC) has confirmed that personal information of thousands of individuals was stolen in a ransomware attack in July. The attackers demanded a ransom, which OHC refused to pay, resulting in the stolen data being posted online. The compromised information includes names, addresses, and Social Security numbers, potentially putting approximately 7,600 individuals at risk of identity theft and phishing attacks.

Three Cryptocurrency Firms Suffer Data Breach After SIM Swapping Attack

Three bankrupt cryptocurrency companies, FTX, BlockFi, and Genesis, experienced data breaches after a SIM swapping attack targeted risk and financial advisory firm Kroll. The attacker used SIM swapping to transfer an employee’s T-Mobile phone number to a SIM card controlled by the hacker, allowing them to access systems storing personal information of bankruptcy claimants. The companies have warned customers about potential phishing attempts and scams as a result of the data breach.

KmsdBot Malware Upgraded to Target IoT Devices with Enhanced Capabilities

KmsdBot, a botnet malware, has been updated to target Internet of Things (IoT) devices, expanding its attack surface. The new version includes support for Telnet scanning and more CPU architectures, making it a greater threat to IoT devices. The ongoing activities of the KmsdBot malware campaign highlight the prevalence and vulnerability of IoT devices, making them attractive targets for building a network of infected systems.

Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.