CyberSecurity Newsletter July 8th 2024
In this week’s news: ShinyHunters claim to have stolen 440k Taylor Swift tickets, Evolve Bank data breach, Stormous claims breach on HITC, Apple removes VPN apps in Russia, Roblox breached and APT29 hacks TeamViewer’s corporate network.
The cybercriminals who claimed responsibility for the Ticketmaster data breach say they’ve stolen 440,000 tickets for Taylor Swift’s Eras Tour. As proof, an entity using the handle Sp1d3rHunters, a merger of Sp1d3r and ShinyHunters, who are both aliases associated with the breach, leaked 170k barcodes for free for Taylor Swift’s ERAS Tour:
Ticketmaster hackers release stolen ticket barcodes for Taylor Swift Eras Tour | Malwarebytes
The cybercriminals behind the Ticketmaster data breach are giving away free Taylor Swift concert tickets.
Affirm says Evolve Bank data breach also compromised some of its customers:
Affirm says Evolve Bank data breach also compromised some of its customers | Malwarebytes
Buy now and pay later provider Affirm has notified the SEC that customer data of its card users was compromised in the Evolve data breach.
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco NX-OS Command Injection bug to its Known Exploited Vulnerabilities catalogue:
CISA adds Cisco NX-OS Command Injection bug to its Known Exploited Vulnerabilities catalog
U.S. CISA adds a Cisco NX-OS Command Injection vulnerability to its Known Exploited Vulnerabilities catalog.
The notorious STORMOUS ransomware group has publicly claimed responsibility for a breach of HITC Telecom, a major player in the telecommunications industry:
.webp)
STORMOUS Ransomware Group Claiming Breach of HITC Telecom
STORMOUS ransomware group has publicly claimed responsibility for a breach of HITC Telecom, a major player in the telecommunication
Apple removed several virtual private network (VPN) apps in Russia from its App Store on July 4, 2024, following a request by Russia's state communications watchdog Roskomnadzor, Russian news media reported:
Apple Removes VPN Apps from Russian App Store Amid Government Pressure
Apple removes 25 VPN apps from its Russian App Store following a request from Russia's Roskomnadzor, intensifying internet control.
Roblox, the globally renowned online gaming platform, has suffered a data breach. According to a tweet from cybersecurity expert H4ckManac, the breach has exposed sensitive information, including email addresses and IP addresses of millions of users:
https://gbhackers.com/roblox-data-breach/Russia-linked APT group, reportedly APT29, is suspected to be behind a hack of TeamViewer‘s corporate network:
Russia-linked group APT29 likely breached TeamViewer
Russia-linked APT group, reportedly APT29, is suspected to be behind a hack of TeamViewer's corporate network.
Microsoft has warned that Russia-based Midnight Blizzard hackers have breached staff inboxes and customer emails. Find out more about the incident and its implications for Microsoft’s customers:
https://www.spiceworks.com/it-security/cyber-risk-management/news/microsoft-customer-emails-breached-midnight-blizzard-hack/Prudential Financial now says 2.5 million impacted by data breach:
https://www.bleepingcomputer.com/news/security/prudential-financial-now-says-25-million-impacted-by-data-breach/Twilio has confirmed that an unsecured API endpoint allowed threat actors to verify the phone numbers of millions of Authy multi-factor authentication users, potentially making them vulnerable to SMS phishing and SIM swapping attacks:
https://www.bleepingcomputer.com/news/security/hackers-abused-api-to-verify-millions-of-authy-mfa-phone-numbers/Understanding the Critical OpenSSH Vulnerability (CVE-2024–6387): RegreSSHion:
Understanding the Critical OpenSSH Vulnerability (CVE-2024–6387): RegreSSHion | by Khaleel Khan | Jul, 2024 | System Weakness
Introduction
Researchers Track Identities and Locations of CSAM Users via Malware Logs:
Researchers Track Identities and Locations of CSAM Users via Malware Logs
Follow us on Twitter (X) @Hackread - Facebook @ /Hackread
TotalEnergies Clientes SAU has reported a significant cyberattack that has compromised the personal data of 210,715 customers. The incident has raised serious concerns about data security and the integrity of digital infrastructures in the energy sector:
https://gbhackers.com/totalenergies-cyber-attack/A China-nexus cyber espionage group named Velvet Ant has been observed exploiting a zero-day flaw in Cisco NX-OS Software used in its switches to deliver malware:
Chinese Hackers Exploiting Cisco Switches Zero-Day to Deliver Malware
China-linked hackers exploit Cisco switch flaw to deliver malware. Unpatched D-Link routers expose user accounts.
Hackers Using Google Ads To Deliver ‘Poseidon’ Mac Stealer:
https://gbhackers.com/hackers-using-google-ads/The New York Times revealed that OpenAI suffered a security breach in 2023, but the company says source code and customer data were not compromised:
Hackers stole OpenAI secrets in a 2023 security breach
The New York Times revealed that OpenAI suffered a security breach in 2023, but the company says source code and customer data were not compromised.
Roll20, an online tabletop role-playing game platform, discloses data breach:
Roll20, an online tabletop role-playing game platform, discloses data breach | TechCrunch
Roll20 says the data breach was due to a “bad actor” who gained access to an account on the company’s administrative website for one hour.
Hackers are actively exploiting a remote code execution vulnerability in the HTTP File Server (HFS) program. The vulnerability, identified as CVE-2024-23692, was disclosed in May 2024 and has since been leveraged by attackers to install malware and take control of vulnerable systems:
.webp)
Hackers Exploiting HTTP File Server Remote Code Execution
Exploiting HTTP File - The vulnerability, identified as CVE-2024-23692, was disclosed in May 2024 and has since been leveraged by attackers.
A group of high-capacity routers may have been hijacked to launch a record-breaking DDoS attack on a cloud provider back in April. The attack targeted France-based OVHCloud, reaching 840 million packets per second:
Cloud Provider Fends Off Record-Breaking DDoS Attack | PCMag
OVHcloud says an April DDoS attack reached 840 million packets per second, a new high.
Record Breaking DDoS Attack of 840 Mpps Launched by Evil Core Routers
The DDoS attacks have evolved tremendously since 2016, with Mirai-like botnets setting new records.In the year 2023 attack frequency and
Dev rejects CVE severity making his GitHub repo read-only. Open-source developers have been met with an uptick in receiving debatable or, in some cases, outright bogus CVE reports filed for their projects without confirmation:
https://www.bleepingcomputer.com/news/security/dev-rejects-cve-severity-makes-his-github-repo-read-only/CVE-2024-30088: Bug is inside function AuthzBasepCopyoutInternalSecurityAttributes when kernel copies the AUTHZBASEPSECURITY_ATTRIBUTES_INFORMATION of the current token object to user mode:
GitHub - tykawaii98/CVE-2024-30088
Contribute to tykawaii98/CVE-2024-30088 development by creating an account on GitHub.
POC for CVE-2024-36991: In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint:
GitHub - bigb0x/CVE-2024-36991: POC for CVE-2024-36991: This exploit will attempt to read Splunk /etc/passwd file.
POC for CVE-2024-36991: This exploit will attempt to read Splunk /etc/passwd file. - bigb0x/CVE-2024-36991
Hackers that used ransomware to recently lock servers belonging to the Indonesian government, disrupting the everyday lives of millions of citizens, have apologised for their misbehaviour:
Indonesian government ransomware hackers apologize, give out encryption key | TechRadar
"We were just pentesters," culprits claim
Alabama State Department of Education suffered a data breach following a blocked attack:
Alabama State Department of Education suffered a data breach following a blocked attack
Alabama’s education superintendent disclosed a data breach following a hacking attempt on the State Department of Education.
Over 100,000+ sites have been impacted by a supply chain attack involving the Polyfill.io service. Polyfill is a popular tool used for enhancing browser capabilities by hundreds of thousands of sites to ensure that all website visitors can use the same codebase for unsupported functionality:
Threat Signal Report | FortiGuard Labs
What is the attack?Over 100,000+ sites have been impacted by a supply chain attack involving the Polyfill.io service. Polyfill is a popular tool us...
Hackers Breaking Passkeys Using AitM Phishing Attacks:
Hackers Can Break Passkeys Using AitM Phishing Attacks
Hackers abuse phishing attacks as they are highly effective and low-cost methods for deceiving users into revealing sensitive information.
Aus Gov launches 'overdue' cyber security network for health sector. Mirroring a model already used in the financial and critical infrastructure sectors, the pilot Information Sharing and Analysis Centre (ISAC) will focus on “cyber threats, responses and preventative measures:
Gov launches 'overdue' cyber security network for health sector - Security - iTnews
Focused on threat intel and preventative information-sharing.
Amazon has decided to discontinue its Astro for Business device, a security robot for small- and medium-sized businesses, just seven months after launch:
