Friday , November 22 2024

Daily Cybersecurity Update, June 27, 2023

Local government bodies across the U.S. are facing the wrath of growing cyber intrusions. The latest such victim is a Texan city that suffered a data breach affecting half a million government files. Meanwhile, the Cl0p ransomware continued to claim more victims of MOVEit Transfer zero-day exploitation, this time including two industrial control system providers. A new study revealed a significant spike in BEC attacks against European firms as compared to their American counterparts in the last year. Read on to find out the top cybersecurity happenings from the last 24 hours.

  • SiegedSec hacker group breaches Fort Worth government website. The SiegedSec hacker group has breached a website containing government information from the city of Fort Worth, Texas. They gained access to around 500,000 files that included work orders, employee lists, invoices, police reports, emails between employees and contractors, internal documents, camera footage, and more.
  • Cl0p ransomware group adds five new victims to dark web leak site. The Cl0p ransomware group has added five new victims to its dark web leak site, including Schneider Electric and Siemens Energy. The other listed victims are Werum (Körber Pharma), UCLA, and Abbvie. The group is exploiting the recently disclosed MOVEit Transfer vulnerability to target its victims.
  • Activision Blizzard servers hit by DDoS attack. Activision Blizzard’s servers were hit by a DDoS attack on Sunday, causing disruption to popular online games such as Call of Duty: Warzone and World of Warcraft. The attack lasted for over 10 hours and was only mitigated late on Sunday.
  • Anatsa Android banking trojan distributed via Google Play Store. The Anatsa Android banking trojan is being distributed via the Google Play Store. The trojan collects financial information and performs on-device fraud, making it difficult for banking anti-fraud systems to detect it.
  • European organizations experience higher volume and frequency of BEC attacks. According to Abnormal Security, European organizations experienced a higher volume and frequency of BEC attacks compared to those in the U.S., between June 2022 and May 2023. BEC attacks in Europe increased by 10 times, while it just doubled in the U.S.
  • Europol takes down EncroChat, encrypted messaging platform used by organized crime groups. Europol announced the takedown of EncroChat, an encrypted messaging platform used by organized crime groups. The operation led to the arrests of 6,558 individuals worldwide and the confiscation of $985 million in illicit criminal proceeds.
  • Companies with ties to the U.S. government or defense sector are more likely to be targeted by cybercriminals. A study by the American Enterprise Institute found that companies with ties to the U.S. government or defense sector are more likely to be targeted by cybercriminals. The study also found that highly profitable companies, those holding abundant cash, and organizations that spend generously on advertising are also more likely to be targeted.
  • Researchers discover new side-channel attack that can recover secret keys from a device. Researchers from Ben-Gurion University of the Negev and Cornell University have discovered a new side-channel attack that can recover secret keys from a device by analyzing video footage of its power LED.
  • CalypsoAI raises $23 million in funding to build out LLM security solutions. CalypsoAI has raised $23 million in a Series A-1 funding round to build out its Large Language Model (LLM) security solutions. The round, led by Paladin Capital Group, featured investment from Lockheed Martin Ventures, Hakluyt Capital, and Expeditions Fund.
  • Identity verification company Socure acquires document verification start-up Berbix. Identity verification company Socure has announced its acquisition of the document verification start-up, Berbix, in a deal worth $70 million. The acquisition will enable Socure to detect fake identities more accurately.

Over 145,000 ICS Across 175 Countries Found Exposed Online

A study by Censys found that more than 145,000 Industrial Control Systems (ICS) are exposed online in 175 countries, highlighting...
Read More
Over 145,000 ICS Across 175 Countries Found Exposed Online

World to see AI powered “human washing machines”

Osaka-based showerhead maker Science Co. is developing a new version of human washing machine based on cutting-edge technology. The company...
Read More
World to see AI powered “human washing machines”

Hacker compromised over 2000 Palo Alto Networks Firewalls

Over 2,000 Palo Alto Networks firewalls have been compromised in a widespread attack using two recently patched vulnerabilities (CVE-2024-0012 and...
Read More
Hacker compromised over 2000 Palo Alto Networks Firewalls

“Forces Penpals” exposed US and UK Military Social Network’s 1 Million Records

Renowned cybersecurity researcher Jeremiah Fowler uncovered a non-password-protected database having over 1.1 million records linked to Conduitor Limited (Forces Penpals)....
Read More
“Forces Penpals” exposed US and UK Military Social Network’s 1 Million Records

CVE-2024-51503
Trend Micro released updates for Deep Security Agent RCE

Trend Micro released a security update for Deep Security 20 Agent Manual Scan Command Injection RCE Vulnerability (CVE-2024-51503) that resolves...
Read More
CVE-2024-51503  Trend Micro released updates for Deep Security Agent RCE

Apple Releases Patch for two Actively Exploited Zero-Day

Apple released critical updates for its various products including for iOS, iPadOS, macOS, visionOS, and Safari to fix two zero-day...
Read More
Apple Releases Patch for two Actively Exploited Zero-Day

Maxar Space Data Leak, Company admit, Investigation ongoing!

Maxar Space Systems has verified a major data breach that exposed particular information of current and former workers. The breach...
Read More
Maxar Space Data Leak, Company admit, Investigation ongoing!

GitHub CLI Vulnerability Could Allow RCE

A security vulnerability (CVE-2024-52308) in the GitHub Command Line Interface (CLI) could allow remote code execution on users' devices. With...
Read More
GitHub CLI Vulnerability Could Allow RCE

“Sarcoma” ransomware group
Hacker to disclose “Popular Life Insurance” 36 GB of stolen data

“Sarcoma” ransomware group attacked a well known Bangladeshi insurance company named "Popular life insurance company ltd". The threat actor keeps...
Read More
“Sarcoma” ransomware group  Hacker to disclose “Popular Life Insurance” 36 GB of stolen data

BugHunt 2024: A Milestone Cyber security Competition held at Dhaka

Bug Hunt 2024, one of the largest cyber security competitions and conferences in Bangladesh, was successfully held at the ICT...
Read More
BugHunt 2024: A Milestone Cyber security Competition held at Dhaka

Check Also

vulnarabilities

CERT-In Flags Critical Vulnerabilities in Adobe, IBM WebSphere, and Joomla

The Indian Computer Emergency Response Team (CERT-In) has warned Adobe users about a high-risk cybersecurity …

Leave a Reply

Your email address will not be published. Required fields are marked *