InfoSecBulletin Cybersecurity for mankind
The ever-increasing influence of Chinese threat actors in the cyber landscape is causing significant concern. As per the latest revelations, a Chinese state-linked group successfully stole data from a U.S. federal agency and targeted several European nations too. Today, we also have a Delaware county facing temporary outages due to a cyberattack from a few days back. In other news, with all these scams going around, you might think that there are lots of scammers associated with the business. However, that’s not the case. To know more about this and other highlights, read along.
The CISA and FBI issued a warning together that the Storm-0558 threat group, which is associated with China, accessed and stole unclassified Exchange Online Outlook data from an undisclosed U.S. source FCEB agency.
B1ack’s Stash Releases 1 Million Credit Cards on a Deep Web Forum
Cisco Confirms
Salt Typhoon Exploited CVE-2018-0171 to Target U.S. Telecom Networks
AWS Key Hunter
Test this free automated tool to hunt for exposed AWS secrets
Check Point Flaw Used to Deploy ShadowPad and Ransomware
CVE-2024-12284
Citrix Issues Security Update for NetScaler Console
CISA and FBI ALERT
Ghost ransomware to breach organizations in 70 countries
Hacker chains multiple vulns to attack Palo Alto Firewall
150 Gov.t Portal affected
Black-Hat SEO Poisoning Indian “.gov.in, .ac.in” domain
CVE-2018-19410 Exposes 600 PRTG Instances in Bangladesh
Builder claims Rs 150 cr for data loss; AWS faces FIR In Bengaluru
Kent County in Delaware is experiencing a cyberattack that has disrupted municipal services, leading to a temporary offline status of internet-based services and phone numbers.
ALSO READ:
The Cl0p ransomware group put the data of 62 clients of Ernst & Young, including Air Canada and United Parcel Service Canada Ltd., on their leak sites. The group had exploited the MOVEit vulnerability and leaked 3TB of information belonging to the accounting firm.
Ransomware attacks have seen a significant increase in 2023, with cybercriminals extorting nearly $175.8 million more than the previous year, revealed Chainalysis.
Barracuda Networks and Columbia University studied 300,000 extortion emails and discovered that fewer than 100 scammers worldwide are behind them.
USB-delivered malware campaigns have seen a threefold increase in malware attacks in the first half of 2023, with two notable campaigns delivering Sogu and Snowydrive malware to various industries worldwide – reported Mandiant.
The hacker group Nobelium, supported by the Russian government, used fake BMW car listings to deceive Ukrainian diplomats into clicking on harmful links that install malware. The campaign has targeted at least 22 of the 80 foreign missions in Kyiv.
ZooTampa, a popular U.S. zoo, experienced a cyberattack resulting in the theft of employee and vendor information, with an affiliate of the Royal ransomware gang claiming responsibility.
Vietnamese threat actors are actively targeting Facebook business accounts using fake Ads Manager software and malicious Chrome extensions, resulting in over 800 victims worldwide losing more than $180,000 in compromised ad budgets.
In a recent finding, FortiGuard Labs uncovered a malicious operation that capitalizes on a pair of well-known vulnerabilities, including Follina, to implant the perilous LokiBot trojan on targeted devices. The campaign first came to light in May.
