InfoSecBulletin Cybersecurity for mankind
We have three more victims of the MOVEit vulnerability – government departments in two U.S. states and a U.K regulator. All leading to the compromise of sensitive data. Earlier this year, healthcare vendor Intellihartx had fallen victim to the GoAnywhere zero-day attack. It concluded the investigation, revealing hundreds of thousands of patients impacted. Moving on to phishing; a novel campaign stole $3 million in crypto assets from netizens. Here’s everything that happened over the weekend.
01
Britain‘s communications regulator Ofcom, the Illinois Department of Innovation & Technology (DoIT), and the Minnesota Department of Education (MDE) were affected by the MOVEit Transfer cyberattack, resulting in the breach of confidential information.
02
Intellihartx informed that the personal information of nearly 490,000 individuals was compromised in the GoAnywhere zero-day attack. The impacted information included insurance data, medical information, and SSNs, among others.
03
Switzerland’s finance ministry confirmed that multiple Swiss federal agency and state-linked company websites were taken offline, following a series of DDoS attacks. The pro-Russian NoName threat group took credit for the attacks.
04
Zacks Investment Research suffered a data breach dating back to 2020 that impacted 8.8 million customers. The compromised personal data containing usernames, email and physical addresses, and passwords stored as unsalted SHA-256 hashes are being widely shared on a popular hacking forum.
05
Pro-Ukrainian hacker group Cyber Anarchy Squad disrupted Russian banking services by targeting JSC Infotel, a telecom provider, and damaging its network infrastructure.
06
The Pink Drainer hacking group stole over $3 million from over 2,000 victims through a phishing campaign designed to hijack Twitter and Discord accounts. The scammers pretended to be journalists from well-known crypto-related media outlets like Decrypto and Cointelegraph.
07
The University of Manchester suffered a cyberattack, and it is suspected that staff and student data has been stolen from its systems. While investigation into the incident is ongoing, a ransomware attack is surmised.
08
The Kaiserslautern University of Applied Sciences became the latest German university to be hit by a ransomware attack, affecting its entire IT infrastructure, including university email accounts and phones.
09
Vietnamese public companies are being targeted in an ongoing attack campaign by a newly discovered backdoor called SPECTRALVIPER. The attack has been attributed to a Vietnamese threat group known as APT32 or OceanLotus.
10
Cybersecurity services provider Blackpoint Cyber bagged a whopping $190 million in a Series C round led by Bain Capital Tech Opportunities, with participation from Accel.
