CyberSecurity Newsletter March 11th 2024
CyberSecurity Newsletter March 11th 2024
In this week’s news: Hacker’s steal Microsoft source code, IntelBroker breaches US federal contractor, AlphV receives 22 Million after Change healthcare hack, Google Engineer sells trade secrets to China, FortiOS and FortiProxy vulnerability, Swiss government hack through service provider and PaySign investigates possible breach.
Microsoft Confirms Russian Hackers Stole Source Code, Some Customer Secrets:
https://thehackernews.com/2024/03/microsoft-confirms-russian-hackers.html
Microsoft said that hackers linked to Russia's foreign intelligence were trying again to break into its systems, using data stolen from corporate emails in January to gain new access to the tech giant whose products are widely used across the US national security establishment:
https://www.itnews.com.au/news/microsoft-warns-russian-hackers-still-trying-to-break-into-its-systems-605946
The IntelBroker hacker claims to have breached Acuity, a US federal contractor and is now selling data belonging to ICE and USCIS:
https://www.hackread.com/hacker-breach-federal-contractor-acuity-ice-uscis-data/
ALPHV/BlackCat, the gang behind the Change Healthcare cyberattack, has received more than $22 million in Bitcoin in what might be a ransomware payment:
https://www.theregister.com/2024/03/04/alphv_ransom_payment/
Google Engineer Steals AI Trade Secrets for Chinese Companies:
https://www.darkreading.com/insider-threats/google-engineer-steals-ai-trade-secrets-chinese-companies
150,000 Fortinet FortiOS and FortiProxy secure web gateway systems are vulnerable to CVE-2024-21762, a critical security issue that allows executing code without authentication:
https://www.bleepingcomputer.com/news/security/critical-fortinet-flaw-may-impact-150-000-exposed-devices/
A critical vulnerability, CVE-2024-20301 has been identified in Cisco Duo Authentication for Windows Logon and Remote Desktop Protocol (RDP), posing a security risk to affected systems:
https://cybersecuritynews.com/cisco-duo-windows-attacker/
Sensitive Swiss federal government data, including classified documents and log in credentials, were leaked by the Play ransomware group following an attack on IT service provider Xplain in 2023:
https://www.infosecurity-magazine.com/news/ransomware-leak-swiss-government/
More than 15 countries around the world, including China, India, and Brazil, are having various industries subjected to joint double extortion attacks by the GhostSec and Stormous ransomware operations:
https://www.scmagazine.com/brief/global-twin-ransomware-attacks-deployed-by-ghostsec-stormous
LogoFAIL attack: using image files to attack computers:
https://usa.kaspersky.com/blog/logofail-uefi-vulnerabilities/29588/
Integris Health Data Breach Could Impact Millions:
https://www.securityweek.com/integris-health-data-breach-could-impact-millions/
Behind the doors of a Chinese hacking company, a sordid culture fuelled by influence, alcohol and sex:
https://www.ctvnews.ca/world/behind-the-doors-of-a-chinese-hacking-company-a-sordid-culture-fuelled-by-influence-alcohol-and-sex-1.6799679
Hackers are breaching WordPress sites by exploiting a vulnerability in outdated versions of the Popup Builder plugin, infecting over 3,300 websites with malicious code:
https://www.bleepingcomputer.com/news/security/hackers-exploit-wordpress-plugin-flaw-to-infect-3-300-sites-with-malware/
Financial services firm Paysign said it is investigating reports of a data breach involving consumer information after hackers tried to sell a database allegedly belonging to the company containing millions of records:
https://therecord.media/paysign-investigating-reports-of-data-breach
CISA adds JetBrains TeamCity bug to its Known Exploited Vulnerabilities catalogue:
https://securityaffairs.com/160236/security/jetbrains-teamcity-bug-cisa-known-exploited-vulnerabilities-catalog.html
QNAP warns of vulnerabilities in its NAS software products, including QTS, QuTS hero, QuTScloud, and myQNAPcloud, that could allow attackers to access devices:
https://www.bleepingcomputer.com/news/security/qnap-warns-of-critical-auth-bypass-flaw-in-its-nas-devices/
Burned-out cybersecurity professionals dealing with layoffs and stressful working conditions are increasingly finding a better way to earn a buck: cybercrime:
https://www.darkreading.com/cybersecurity-operations/broke-cyber-pros-cybercrime-side-hustles
South Korean Police Deploy Deepfake Detection Tool in Run-up to Elections:
https://www.darkreading.com/threat-intelligence/south-korean-police-deepfake-detection-tool-run-up-elections
Halberd is an open-source security testing tool to proactively assess security measures by executing a comprehensive array of attack techniques across multiple surfaces:
https://github.com/vectra-ai-research/Halberd
The ongoing saga of the BlackCat/AlphV ransomware gang continues, with a news report that the crew has shut down its servers after a controversial hack of an American healthcare services provider:
https://www.itworldcanada.com/article/is-the-blackcat-alphv-ransomware-gang-self-destructing/560013
Kryptina RaaS | From Underground Commodity to Open Source Threat:
https://malware.news/t/kryptina-raas-from-underground-commodity-to-open-source-threat/79468