Friday, July 19th, 2024
Cybersecurity Week in Review (19/07/24)
Disney Got Hacked And More Than 1 TB Data Stolen
In a dramatic cybersecurity breach, the hacking group NullBulge has unleashed over 1TB of Disney’s confidential data, including unreleased projects and personal information, shaking the foundations of the entertainment giant.
According to NullBulge’s statement, the leaked trove contains nearly 10,000 channels of communication, encompassing “every message and file possible.” It’s a treasure chest filled with not only corporate data but also with sensitive personal details, including credit card information and social security numbers of certain individuals linked with Disney.
Source: https://earlygame.com/news/gaming/disney-got-hacked-and-more-than-1-tb-data-stolen
FIN7 Group Advertises Security-Bypassing Tool on Dark Web Forums
The financially motivated threat actor known as FIN7 has been observed using multiple pseudonyms across several underground forums to likely advertise a tool known to be used by ransomware groups like Black Basta.
Over the years, FIN7 has demonstrated a high level of adaptability, sophistication, and technical expertise by retooling its malware arsenal – POWERTRASH, DICELOADER (aka IceBot, Lizar, or Tirion), and a penetration testing tool called Core Impact that’s delivered via the POWERTRASH loader – notwithstanding the arrests and sentencing of some of its members.
Source: https://thehackernews.com/2024/07/fin7-group-advertises-security.html
Ransomware Attack Disrupts Bassett Furniture Manufacturing Facilities
Virginia-based furniture manufacturer and retailer Bassett Furniture was recently targeted in a ransomware attack that caused significant disruptions, including in the company’s manufacturing facilities.
The company revealed this week in a filing with the SEC that it detected unauthorized access to its IT systems on July 10. Bassett Furniture said the threat actor disrupted its business operations by encrypting “some data files”.
Source: https://www.securityweek.com/ransomware-attack-disrupts-bassett-furniture-manufacturing-facilities/
AT&T’s massive data breach deepens crisis for Snowflake seven weeks after hack was disclosed
Snowflake has spent the past seven weeks dealing with the fallout of a major cyberattack that compromised sensitive customer data at several of its clients. The software company’s problems just got a whole lot worse.
Telecommunications giant AT&T said in a regulatory filing on Friday that hackers tapped into a cloud platform housing customer data, gaining access to records of subscribers’ calls and text messages during a six-month period in 2022. The data includes phone numbers, aggregate call duration and some cell site details, AT&T said in the filing.
Source: https://www.cnbc.com/2024/07/12/snowflake-shares-slip-after-att-says-hackers-accessed-data.html
UK to introduce watered-down version of mandatory reporting for ransomware attacks
Britain’s new government announced on Wednesday its intention to bring forward a Cyber Security and Resilience Bill updating the country’s cybersecurity regulations, two years after the previous government prematurely described them as “updated” before failing to actually introduce the legislation.
The new law will include a mandatory reporting requirement for companies hit by ransomware attacks. Announced as part of the King’s Speech formally opening Parliament, it comes as ransomware incidents affecting British businesses keep reaching record levels.
Source: https://therecord.media/uk-cyber-security-resilience-bill-labour-government
‘Konfety’ Ad Fraud Uses 250+ Google Play Decoy Apps to Hide Malicious Twins
Details have emerged about a “massive ad fraud operation” that leverages hundreds of apps on the Google Play Store to perform a host of nefarious activities.
The campaign has been codenamed Konfety – the Russian word for Candy – owing to its abuse of a mobile advertising software development kit (SDK) associated with a Russia-based ad network called CaramelAds.
While the decoy apps, totaling more than 250 in number, are harmless and distributed via the Google Play Store, their respective “evil twins” are disseminated through a malvertising campaign designed to facilitate ad fraud, monitor web searches, install browser extensions, and sideload APK files code onto users’ devices.
Source: https://thehackernews.com/2024/07/konfety-ad-fraud-uses-250-google-play.html
Shadowroot Ransomware Lures Turkish Victims via Phishing Attacks
The ransomware is rudimentary with basic functionalities, likely having been created by an inexperienced developer — but it’s effective at locking up files and sucking up memory capacity.
The phishing emails contain a PDF attachment disguised as an invoice with embedded malicious links. Upon user interaction, this triggers a download of a RootDesign.exe file hosted on a compromised GitHub account. They add that the ransomware appears “rudimentary” and likely the work belonging to an inexperienced developer.
Source: https://www.darkreading.com/threat-intelligence/shadowroot-ransomware-turkish-victims-phishing
Iraq-based cybercriminals deploy malicious Python packages to steal data
Researchers say cybercriminals in Iraq appear to be responsible for secretly malicious Python code posted to the popular PyPl repository.
The script runs as part of an infected package downloaded from PyPI, and the cybercriminals use the malware to exfiltrate sensitive user data to a Telegram chatbot linked to multiple cybercriminal operations based in Iraq, according to the report by the cybersecurity firm Checkmarx.
Source: https://therecord.media/iraq-cybercriminals-python-based-infostealer-pypi
China-linked APT17 Targets Italian Companies with 9002 RAT Malware
A China-linked threat actor called APT17 has been observed targeting Italian companies and government entities using a variant of a known malware referred to as 9002 RAT. The two targeted attacks took place on June 24 and July 2, 2024, Italian cybersecurity company TG Soft said in an analysis published last week.
9002 RAT, aka Hydraq and McRAT, achieved notoriety as the cyber weapon of choice in Operation Aurora that singled out Google and other large companies in 2009. It was also subsequently put to use in another 2013 campaign named Sunshop in which the attackers injected malicious redirects into several websites.
Source: https://thehackernews.com/2024/07/china-linked-apt17-targets-italian.html
Rite Aid says ‘limited’ cyber incident affected data of 2.2 million people
A “limited” cyberattack on Rite Aid exposed the sensitive information of more than 2 million people, according to regulatory filings made this week.
The drugstore chain filed documents with regulators in Maine, Massachusetts, Oregon, Vermont and other states on Monday explaining the ramifications of a cyberattack that took place last month.
In the breach notification letters, Rite Aid said the attack began on June 6, when a hacker “impersonated a company employee to compromise their business credentials and gain access to certain business systems.”
Source: https://therecord.media/rite-aid-data-breach-2-million-people
Contact Us
The data you supply here will not be added to any mailing list or given to any third party providers without further consent. View our Privacy Policy for more information.