Ticket Heist fraud gang uses 700 domains to sell fake Olympics tickets

A large-scale fraud campaign with over 700 domain names is likely targeting Russian-speaking users looking to purchase tickets for the Summer Olympics in Paris.The operation offers fake tickets to the Olympic Games and appears to take advantage of other major sports and music events.

Researchers analyzing the campaign are calling it Ticket Heist and found that some of the domains were created in 2022 and the threat actor kept registering an average of 20 new ones every month.

Source: https://www.bleepingcomputer.com/news/security/ticket-heist-fraud-gang-uses-700-domains-to-sell-fake-olympics-tickets/

HuiOne Guarantee: The $11 Billion Cybercrime Hub of Southeast Asia

Cryptocurrency analysts have shed light on an online marketplace called HuiOne Guarantee that’s widely used by cybercriminals in Southeast Asia, particularly those linked to pig butchering scams. According to its website, HuiOne’s financial services arm is said to have 500,000 registered users. It also touts Alipay, Huawei, PayGo Wallet, UnionPay, and Yes Seatel as its customers.

Southeast Asian countries like Burma, Cambodia, Laos, Malaysia, Myanmar, and the Philippines have become a breeding ground for pig butchering scams in recent years.

Source: https://thehackernews.com/2024/07/crypto-analysts-expose-huione.html

Global Coalition Blames China’s APT40 for Hacking Government Networks

The US, UK, Canada, Germany, Japan, New Zealand, and South Korea are backing Australia in blaming Chinese state-sponsored threat actors for hacking into government networks.

Following the March 2024 sanctions against members of the Chinese advanced persistent threat (APT) actor APT31, the eight nations are now drawing attention to the tradecraft of APT40 – also known as Bronze Mohawk, Gingham Typhoon, Kryptonite Panda, and Leviathan.

Source: https://www.securityweek.com/global-coalition-blames-chinas-apt40-for-hacking-government-networks/

Feds Uncover Sprawling, GenAI-Enabled Russian Troll Farm

The bot farm was created using AI-enhanced software that was able to create a host of different false personas to spread disinformation in convincing and unsettling ways. The Justice Department has announced the seizure of two domain names as well as nearly 1,000 social media accounts used by Russian actors to create and spread disinformation in the United States.

Source: https://www.darkreading.com/cloud-security/feds-uncover-genai-enabled-russian-troll-farm

GitLab: Critical bug lets attackers run pipelines as other users

GitLab warned today that a critical vulnerability in its product’s GitLab Community and Enterprise editions allows attackers to run pipeline jobs as any other user.

The GitLab DevSecOps platform has over 30 million registered users and is used by over 50% of Fortune 100 companies, including T-Mobile, Goldman Sachs, Airbus, Lockheed Martin, Nvidia, and UBS. The flaw patched in today’s security update is tracked as CVE-2024-6385, and it received a CVSS base score severity rating of 9.6 out of 10.

Source: https://www.bleepingcomputer.com/news/security/gitlab-warns-of-critical-bug-that-lets-attackers-run-pipelines-as-an-arbitrary-user/

ViperSoftX Malware Disguises as eBooks on Torrents to Spread Stealthy Attacks

The sophisticated malware known as ViperSoftX has been observed being distributed as eBooks over torrents. As recently as May 2024, malicious campaigns have leveraged ViperSoftX as a delivery vehicle to distribute Quasar RAT and another information stealer named TesseractStealer.

Initially detected by Fortinet in 2020, ViperSoftX is known for its ability to exfiltrate sensitive information from compromised Windows hosts. Over the years, the malware has become a relevant example of threat actors continuously innovating their tactics in an attempt to stay stealthy and circumvent defenses.

Source: https://thehackernews.com/2024/07/vipersoftx-malware-disguises-as-ebooks.html

Windows MSHTML zero-day used in malware attacks for over a year

Microsoft fixed a Windows zero-day vulnerability that has been actively exploited in attacks for eighteen months to launch malicious scripts while bypassing built-in security features.

The flaw, tracked as CVE-2024-38112, is a high-severity MHTML spoofing issue fixed during the July 2024 Patch Tuesday security updates.

Haifei Li of Check Point Research discovered the vulnerability and disclosed it to Microsoft in May 2024.

Source: https://www.bleepingcomputer.com/news/security/gitlab-warns-of-critical-bug-that-lets-attackers-run-pipelines-as-an-arbitrary-user/

Microsoft’s July Update Patches 143 Flaws, Including Two Actively Exploited

Microsoft has released patches to address a total of 143 security flaws as part of its monthly security updates, two of which have come under active exploitation in the wild.

Five out of the 143 flaws are rated Critical, 136 are rated Important, and four are rated Moderate in severity. The fixes are in addition to 33 vulnerabilities that have been addressed in the Chromium-based Edge browser over the past month.

Source: https://thehackernews.com/2024/07/microsofts-july-update-patches-143.html

Fujitsu confirms customer data exposed in March cyberattack

Fujitsu confirms that information related to some individuals and customers’ business has been compromised during the data breach detected earlier this year. The Japanese tech giant states that the attack did not involve ransomware but relied on a sophisticated mechanism to evade detection while exfiltrating data.

In March, the company discovered that several of its systems had been infected with malware and noted the possibility of sensitive customer information being compromised.

Source: https://www.bleepingcomputer.com/news/security/fujitsu-confirms-customer-data-exposed-in-march-cyberattack/

BlastRADIUS Attack Exposes Critical Flaw in 30-Year-Old RADIUS Protocol

Security vendor InkBridge Networks on Tuesday called urgent attention to the discovery of a thirty-year-old design flaw in the RADIUS protocol and warned that advanced attackers can launch exploits to authenticate anyone to a local network, bypassing any multi-factor-authentication (MFA) protections.

The company published a technical description of what is being called the BlastRADIUS attack and warned that corporate networks such as internal enterprise networks, Internet Service Providers (ISPs), and Telecommunications companies (telcos) are exposed to major risk.

Source: https://www.securityweek.com/blastradius-attack-exposes-critical-flaw-in-30-year-old-radius-protocol/

Smarttech247