CyberSecurity Newsletter, Monday, August 12th 2024
In this week’s news: Hackers kill cow during farm extortion attempt, Almost 3 billion records leaked, Office 2016 vulnerability exposes NTLM hashes, Nashville man charged with laptop farm of fake Korean workers, Paris Olympics ransomware attempt, Hunters International target IT professionals, and vulnerability in Ransomware Operations Dashboard saves ransomware victims.
Almost 2.7 billion personal information records for people in the United States were leaked on a hacking forum, exposing names, social security numbers, all known physical addresses, and possible aliases. The data allegedly comes from National Public Data. This company collects and sells access to personal data for use in background checks, to obtain criminal records, and for private investigators:
https://www.bleepingcomputer.com/news/security/hackers-leak-27-billion-data-records-with-social-security-numbers/Microsoft has disclosed a high-severity vulnerability affecting Office 2016 that could expose NTLM hashes to a remote attacker. Tracked as CVE-2024-38200, this security flaw is caused by an information disclosure weakness that enables unauthorised actors to access protected information.
It impacts multiple 32-bit and 64-bit Office versions, including Office 2016, Office 2019, Office LTSC 2021, and Microsoft 365 Apps for Enterprise.
https://www.bleepingcomputer.com/news/security/microsoft-discloses-unpatched-office-flaw-that-exposes-ntlm-hashes/
The U.S. government on Aug. 8 charged a Nashville, Tenn., man for his role in a fraudulent scheme to assist "fake" overseas IT workers from North Korea to obtain remote work at U.S. companies that believed they were hiring U.S.-based employees.:
https://www.scmagazine.com/news/us-charges-nashville-man-in-alleged-north-korean-fraud-scheme
A ransomware attack against the Paris Grand Palais exhibition hall, where Olympic events are being held, is being investigated. According to MSN, a police investigation determined that the attackers targeted the institution's central computer system, but the incident had not caused any disruption to Olympic events.:
https://www.scmagazine.com/news/paris-olympics-deals-with-ransomware-attack
The ransomware gang known as Hunters International is increasingly targeting IT professionals with a new remote access trojan (RAT) called SharpRhino in order to breach corporate networks according to researchers from Quorum Cyber. By targeting IT workers, the threat group aims to achieve initial infection on systems as well as elevate privileges which helps them deploy the ransomware payload.:
https://dailysecurityreview.com/security-spotlight/hunters-international-ransomware-sharprhino-malware/
TechCrunch reports that half a dozen organizations were spared from millions of ransomware payments due to security issues impacting ransomware operations' web dashboards. Such vulnerabilities have enabled pre-file encryption warnings to four compromised cryptocurrency entities, as well as granted decryption keys to two other companies:
https://www.scmagazine.com/brief/ransomware-leak-site-bugs-avert-ransom-demand-payments
The U.S. State Department's Rewards for Justice program has introduced bounties of up to $10 million for any information that would help identify or locate six Iranians who led the state-sponsored CyberAv3ngers threat operation's attacks against several water utilities across the U.S. last year:
https://www.scmagazine.com/brief/us-puts-10m-bounty-on-cyberav3ngers-hackers
Earlier this year, Russian cyber spies breached UK government systems and stole sensitive data and emails, reported The Record media.:
https://securityaffairs.com/166795/intelligence/russia-hacked-uk-government-systems.html
Cybersecurity researchers have discovered multiple critical flaws in Amazon Web Services (AWS) offerings that, if successfully exploited, could result in serious consequences. "The impact of these vulnerabilities range between remote code execution (RCE), full-service user takeover (which might provide powerful administrative access), manipulation of AI modules, exposing sensitive data, data exfiltration, and denial-of-service":
https://thehackernews.com/2024/08/experts-uncover-severe-aws-flaws.html
The Sumter County Sheriff’s Office is the latest victim claimed by the Rhysida ransomware group, which has threatened to leak data including scans of IDs and fingerprints.:
https://www.scmagazine.com/news/rhysida-ransomware-hits-sumter-county-sheriff-in-latest-ci-attack
Microsoft has reminded customers that multiple editions of Windows 11 21H2 and 22H2 will reach the end of servicing in 60 days, on October 8, 2024.:
https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-11-22h2-reaches-end-of-support-in-60-days/
Russian hacking group Midnight Blizzard breached the UK Home Office, stealing sensitive data. Learn how they exploited supply chain attacks to compromise government systems. Discover the urgent need for stronger cybersecurity measures.:
https://hackread.com/russia-midnight-blizzard-breach-uk-home-office-microsoft/
An extortion attempt had a tragic outcome, cybercriminals took control of a cow milking robot and demanded a ransom from a farmer, but he did not pay, resulting in the death of a cow.:
https://securityaffairs.com/166839/cyber-crime/cow-milking-robot-hacked.html
NCC Group discovered vulnerabilities in Sonos smart speakers, including a flaw that could have allowed to eavesdrop on users.:
https://securityaffairs.com/166823/hacking/sonos-smart-speakers-flaw.html
Researchers here at DEFCON Friday demonstrated how a compromised consumer-grade Wyze security camera can be manipulated by an adversary to make it “think” a home intruder is a dog or an inanimate object.:
https://www.scmagazine.com/news/ai-trickery-security-cam-hack-turns-crooks-into-dogs
A massive Magniber ransomware campaign is underway, encrypting home users' devices worldwide and demanding thousand-dollar ransoms to receive a decryptor. Magniber launched in 2017 as a successor to the Cerber ransomware operation when it was spotted being distributed by the Magnitude exploit kit.:
https://www.bleepingcomputer.com/news/security/surge-in-magniber-ransomware-attacks-impact-home-users-worldwide/
BlankBot - a new Android banking trojan with screen recording, keylogging and remote control capabilities. In July 2024, Intel 471 Malware Intelligence researchers discovered the new BlankBot Android banking trojan:
https://intel471.com/blog/blankbot-a-new-android-banking-trojan-with-screen-recording-keylogging-and-remote-control-capabilities
South Korea's National Cyber Security Center (NCSC) warns that state-backed DPRK hackers hijacked flaws in a VPN's software update to deploy malware and breach networks. The advisory connects this activity with a nationwide industrial factories modernization project Kim Jong-un, the North Korean president, announced in January 2023, believing the hackers are looking to steal trade secrets from South Korea.:
https://www.bleepingcomputer.com/news/security/north-korean-hackers-exploit-vpn-update-flaw-to-install-malware/
A INC Ransom ransomware attack this week disrupted IT and phone systems at McLaren Health Care hospitals:
https://securityaffairs.com/166851/cyber-crime/mclaren-hospitals-attack.html
Physical security firm ADT disclosed a data breach, threat actors stole information from 30,000 customers and leaked it:
https://securityaffairs.com/166857/cyber-crime/adt-disclosed-a-data-breach.html
As many as 10 security flaws have been uncovered in Google's Quick Share data transfer utility for Android and Windows that could be assembled to trigger remote code execution (RCE) chain on systems that have the software installed.:
https://thehackernews.com/2024/08/researchers-uncover-10-flaws-in-googles.html
An ongoing, widespread malware campaign has been observed installing rogue Google Chrome and Microsoft Edge extensions via a trojan distributed via fake websites masquerading as popular software.:
https://thehackernews.com/2024/08/new-malware-hits-300000-users-with.html
Cybersecurity researchers have discovered a new malicious package on the Python Package Index (PyPI) repository that masquerades as a library from the Solana blockchain platform but is designed to steal victims' secrets.:
https://thehackernews.com/2024/08/rogue-pypi-library-solana-users-steals.html
A series of targeted cyberattacks that started at the end of July 2024, targeting dozens of systems used in Russian government organisations and IT companies are linked to Chinese hackers of the APT31 and APT 27 groups. Kaspersky, who discovered the activity, dubbed the campaign "EastWind,":
https://www.bleepingcomputer.com/news/security/chinese-hacking-groups-target-russian-government-it-firms/
Donald Trump’s campaign reported that its emails were hacked by “foreign sources hostile to the United States.” Donald Trump’s presidential campaign announced it was hacked, a spokesman attributes the attack to foreign sources hostile to the United States.:
https://securityaffairs.com/166895/cyber-warfare-2/donald-trumps-campaign-hacked.html
X has always had a bot problem, but now scammers are utilising the Ukraine war and earthquake warnings in Japan to entice users into clicking on fake content warnings and videos that lead to scam adult sites, malicious browser extensions, and shady affiliate sites.:
https://www.bleepingcomputer.com/news/security/fake-x-content-warnings-on-ukraine-war-earthquakes-used-as-clickbait/
Almost 2.7 billion personal information records for people in the United States were leaked on a hacking forum, exposing names, social security numbers, all known physical addresses, and possible aliases. The data allegedly comes from National Public Data. This company collects and sells access to personal data for use in background checks, to obtain criminal records, and for private investigators:
https://www.bleepingcomputer.com/news/security/hackers-leak-27-billion-data-records-with-social-security-numbers/
Indian IT giant Coforge is embroiled in a high-stakes battle after receiving an $11 million notice from a North American client over a data breach:
https://cnbdaily.com/coforge-faces-11-million-heat-after-alleged-data-breach/