CyberSecurity Newsletter June 24th 2024
CyberSecurity Newsletter June 24th 2024
This week's news includes Lockbit claiming a US Federal Reserve hack, BlackSuit being behind the CDK global outage, MS having a Wi-Fi flaw, AMD being breached, a small town in MA being hacked, and Snowflake having more issues.
Lock bit is claiming to have hacked the US Federal Reserve:
A threat actor is offering for sale customer data allegedly stolen from the Australia-based live events and ticketing company TEG:
https://securityaffairs.com/164845/cyber-crime/threat-actor-selling-teg-data.html
Security researchers have uncovered a sophisticated new malware campaign likely linked to North Korean hackers, targeting aerospace and defence companies with a previously undocumented backdoor:
https://cybersecuritynews.com/new-north-korean-hackers-attack-aerospace-and-defense-companies/
The BlackSuit ransomware gang is behind CDK Global's massive IT outage and disruption to car dealerships across North America, according to multiple sources familiar with the matter:
https://www.bleepingcomputer.com/news/security/cdk-global-outage-caused-by-blacksuit-ransomware-attack/
Microsoft releases patch to fix critical Wi-Fi flaw in Windows, Windows Server:
https://www.techspot.com/news/103499-microsoft-releases-patch-tuesday-update-critical-wi-fi.html
AMD Data Breach: Intelbroker Violates AMD Again and Releases Sensitive Data:
https://dailysecurityreview.com/security-spotlight/amd-data-breach-intelbroker-violates-amd-again-and-releases-sensitive-data/
Experts found a bug in the Linux version of RansomHub ransomware:
https://securityaffairs.com/164779/cyber-crime/ransomhub-ransomware-esxi-encryptor.html
ExCobalt Cyber Gang Targets Russian Sectors with New GoRed Backdoor:
https://thehackernews.com/2024/06/excobalt-cyber-gang-targets-russian.html
Los Angeles Unified confirms student data stolen in Snowflake account hack:
https://www.bleepingcomputer.com/news/security/los-angeles-unified-confirms-student-data-stolen-in-snowflake-account-hack/
Small Massachusetts Town Scammed Out of $445,000 in Shocking Email Hack:
https://www.cybercaptcha.com/news/small-massachusetts-town-scammed-out-of-445000-in-shocking-email-hack/
Officials Query if Any Deaths Directly Linked to UK Hospital Hack
Hundreds of planned operations were delayed after the June 3 cyberattack:
https://www.bloomberg.com/news/newsletters/2024-06-19/officials-query-if-any-deaths-directly-linked-to-uk-hospital-hack
An open-source Android malware named 'Ratel RAT' is widely deployed by multiple cybercriminals to attack outdated devices, some aiming to lock them down with a ransomware module that demands payment on Telegram. Researchers Antonis Terefos and Bohdan Melnykov at Check Point report detecting over 120 campaigns using the Rafel RAT malware:
https://www.bleepingcomputer.com/news/security/ratel-rat-targets-outdated-android-phones-in-ransomware-attacks/
Microsoft updates mitigation for critical “wormable” bugs. 256,000 devices believed to be publicly exposed. But are MSMQ bugs attacked in the wild?
https://www.thestack.technology/msmq-vulnerability-cve-2024-30080/
Hunt3r Kill3rs has claimed responsibility for infiltrating Schneider Electric’s systems in Germany. The announcement was made via a post on the social media platform Twitter by the account MonThreat, which is known for tracking cyber threats and activities:
https://gbhackers.com/hunt3r-kill3rs-group-claims/
Threat actors have claimed responsibility for a significant data breach involving Accenture, one of the world’s leading consulting firms. The news broke on Twitter, with the account DarkWebInformer posting a detailed status update on the incident:
https://gbhackers.com/threat-claiming-breach-data/
Experts Uncover New Evasive SquidLoader Malware Targeting Chinese Organizations:
https://thehackernews.com/2024/06/experts-uncover-new-evasive-squidloader.html
Chinese UNC3886 Actors Exploiting VMware, Fortinet 0-days For Spying:
https://gbhackers.com/unc3886-exploit-vmware-fortinet/
Ticketmaster and other organisations had their Snowflake accounts claimed to be compromised by a ShinyHunters hacker through the breach of software engineering firm EPAM Systems, supporting a Mandiant report linking some of the violations to third-party contractor hacks:
https://www.scmagazine.com/brief/ticketmaster-breach-detailed-by-shinyhunters-hacker
VMware ESXi was subjected to attacks with RansomHub for Linux. The RansomHub ransomware-as-a-service operation against VMware ESXi environments has deployed attacks with a new Linux encryptor:
https://www.scmagazine.com/brief/vmware-esxi-subjected-to-attacks-with-ransomhub-for-linux
Facebook PrestaShop module exploited to steal credit cards:
https://www.bleepingcomputer.com/news/security/facebook-prestashop-module-exploited-to-steal-credit-cards/
IBM alleges that LzLabs illegally reverse-engineered its mainframe software to help develop its Software Defined Mainframe. (SDM). Switzerland's LzLabs says IBM is challenging principles enshrined in law under the Software Directive of 1991 and is using "speculative and unparticularised" claims to thwart a competitor:
https://www.thestack.technology/lzlabs-vs-ibm-your-latest-from-the-trial/
New ransomware over browser threat targets uploaded files:
https://malware.news/t/new-ransomware-over-browser-threat-targets-uploaded-files/83239
How Deep Fakes Threaten Biometric Security Controls:
https://www.techtarget.com/searchsecurity/tip/How-deepfakes-threaten-biometric-security-controls
A hacker is advertising customer data allegedly stolen from the Australia-based live events and ticketing company TEG on a well-known hacking forum. On Thursday, a hacker put up the alleged stolen data from TEG for sale, claiming to have information of 30 million users, including the full name, gender, date of birth, username, hashed passwords and email addresses:
https://techcrunch.com/2024/06/21/hacker-claims-to-have-30-million-customer-records-from-australian-ticket-seller-giant-teg/
US sanctions AO Kaspersky Lab executives over cyber risks:
https://www.itnews.com.au/news/us-sanctions-ao-kaspersky-lab-executives-over-cyber-risks-609079