Friday, September 27th, 2024
Cybersecurity Week in Review (27/09/24)
Bulk of data centre cyberattacks coming from hostile states, warn EU experts
Europe’s data centres — with more than 80 of them in Ireland — are increasingly being hit by cyberattacks, the bulk coming from hostile states, according to EU experts.
Source: https://www.irishexaminer.com/news/arid-41481073.html
AI-Generated Malware Found in the Wild
HP has intercepted an email campaign comprising a standard malware payload delivered by an AI-generated dropper. The use of gen-AI on the dropper is almost certainly an evolutionary step toward genuinely new AI-generated malware payloads.
Source: https://www.securityweek.com/ai-generated-malware-found-in-the-wild/
Disney ditching Slack after massive July data breach
The Walt Disney Company is reportedly ditching Slack after a July data breach exposed over 1TB of confidential messages and files posted to the company’s internal communication channels.
Source: https://www.bleepingcomputer.com/news/security/disney-ditching-slack-after-massive-july-data-breach/
Microsoft Trims Cloud Cyberattack Surface in Security Push
Microsoft so far has eliminated some 730,000 unused applications and 5.75 million inactive tenants within its cloud environment as part of its sweeping Secure Future Initiative (SFI), designed to shore up security following a couple of major intrusions into its network over the past year.
Source: https://www.darkreading.com/cloud-security/microsoft-trims-cloud-cyberattack-surface-security-push
U.S. govt agency CMS says data breach impacted 3.1 million people
The Centers for Medicare & Medicaid Services (CMS) federal agency announced earlier this month that health and personal information of more than three million health plan beneficiaries was exposed in the MOVEit attacks Cl0p ransomware conducted last year.
MoneyGram confirms a cyberattack is behind dayslong outage
Money transfer giant MoneyGram has confirmed it suffered a cyberattack after dealing with system outages and customer complaints about lack of service. The first signs of a problem appeared on Friday, September 20, when people reported the inability to receive payments or access their money through the service, and the website was unavailable.
U.S. Proposes Ban on Connected Vehicles Using Chinese and Russian Tech
The U.S. Department of Commerce (DoC) said it’s proposing a ban on the import or sale of connected vehicles that integrate software and hardware made by foreign adversaries, particularly that of the People’s Republic of China (PRC) and Russia.
Source: https://thehackernews.com/2024/09/us-proposes-ban-on-connected-vehicles.html
Infostealer malware bypasses Chrome’s new cookie-theft defenses
Infostealer malware developers released updates claiming to bypass Google Chrome’s recently introduced feature App-Bound Encryption to protect sensitive data such as cookies.
It appears that at least some of the claims are real, as g0njxa confirmed for BleepingComputer that the latest variant of Lumma Stealer can bypass the encryption feature in Chrome 129, the currently the most recent version of the browser.
New Octo Android malware version impersonates NordVPN, Google Chrome
A new version of the Octo Android malware, named “Octo2,” has been seen spreading across Europe under the guise of NordVPN, Google Chrome, and an app called Europe Enterprise.
Android malware ‘Necro’ infects 11 million devices via Google Play
A new version of the Necro malware loader for Android was installed on 11 million devices through Google Play in malicious SDK supply chain attacks.
Contact Us
The data you supply here will not be added to any mailing list or given to any third party providers without further consent. View our Privacy Policy for more information.