Wednesday , April 2 2025
2024

Look back; The Worst Hacks of 2024

In 2024, digital security experienced major breaches as cybercriminals and state-backed groups exploited vulnerabilities for large-scale attacks. These incidents were efficient for attackers but damaging to affected organizations and individuals, threatening their privacy and security. With rising global tensions, 2025 is anticipated to present more cybersecurity challenges. Infosecbulletin highlights the year’s significant breaches and warns for increased vigilance.

China’s Salt Typhoon Telecom Breaches:

Check Point said BreachForum post old data

Israeli cybersecurity firm Check Point has responded to a hacker who claimed to have stolen valuable information from its systems....
Read More
Check Point said BreachForum post old data

Apple Warns of 3 Zero Day Vulns Actively Exploited

Apple has issued an urgent security advisory about 3 critical zero-day vulnerabilities—CVE-2025-24200, CVE-2025-24201, and CVE-2025-24085—that are being actively exploited in...
Read More
Apple Warns of 3 Zero Day Vulns Actively Exploited

24,000 unique IP attempted to access Palo Alto GlobalProtect portals

GreyNoise has detected a sharp increase in login scanning aimed at Palo Alto Networks PAN-OS GlobalProtect portals. In the past...
Read More
24,000 unique IP attempted to access Palo Alto GlobalProtect portals

CVE-2025-1268
Patch urgently! Canon Fixes Critical Printer Driver Flaw

Canon has announced a critical security vulnerability, CVE-2025-1268, in printer drivers for its production printers, multifunction printers, and laser printers....
Read More
CVE-2025-1268  Patch urgently! Canon Fixes Critical Printer Driver Flaw

Within Minute, RamiGPT To Escalate Privilege Gaining Root Access

RamiGPT is an AI security tool that targets root accounts. Using PwnTools and OpwnAI, it quickly navigated privilege escalation scenarios...
Read More
Within Minute, RamiGPT To Escalate Privilege Gaining Root Access

Australian fintech database exposed in 27000 records

Cybersecurity researcher Jeremiah Fowler recently revealed a sensitive data exposure involving the Australian fintech company Vroom by YouX, previously known...
Read More
Australian fintech database exposed in 27000 records

Over 200 Million Info Leaked Online Allegedly Belonging to X

Safety Detectives' Cybersecurity Team found a forum post where a threat actor shared a .CSV file with over 200 million...
Read More
Over 200 Million Info Leaked Online Allegedly Belonging to X

FBI investigating cyberattack at Oracle, Bloomberg News reports

The Federal Bureau of Investigation (FBI) is probing the cyberattack at Oracle (ORCL.N), opens new tab that has led to...
Read More
FBI investigating cyberattack at Oracle, Bloomberg News reports

OpenAI Offering $100K Bounties for Critical Vulns

OpenAI has increased its maximum bug bounty payout to $100,000, up from $20,000, to encourage the discovery of critical vulnerabilities...
Read More
OpenAI Offering $100K Bounties for Critical Vulns

Splunk Alert User RCE and Data Leak Vulns

Splunk has released a security advisory about critical vulnerabilities in Splunk Enterprise and Splunk Cloud Platform. These issues could lead...
Read More
Splunk Alert User RCE and Data Leak Vulns

In 2024, the China-linked espionage group Salt Typhoon infiltrated major US telecom companies, including Verizon and AT&T, along with other global targets, over several months. Affected companies are still struggling to eliminate the hackers despite ongoing efforts.

Snowflake Customer Breaches:

In summer 2024, attackers used stolen passwords to access Snowflake accounts without two-factor authentication, causing major data breaches at companies like Ticketmaster, Santander Bank, Neiman Marcus, and AT&T. This included the theft of nearly all customer records from AT&T’s calls and texts over seven months in 2022. Security firm Mandiant reported around 165 victims were affected. In response, Snowflake made two-factor authentication mandatory for account administrators in July. In November, suspect Alexander “Connor” Moucka was arrested in Canada for leading the attack, and John Erin Binns was indicted for his role in the breaches.

Change Healthcare Ransomware Attack:

In February 2024, Change Healthcare, a major medical billing and insurance company, suffered a ransomware attack that disrupted healthcare facilities across the US and compromised over 100 million individuals’ data. The attack, believed to be carried out by the Russian-speaking ALPHV/BlackCat ransomware gang, led to the theft of personal information, including phone numbers, addresses, financial data, and medical records. Change Healthcare paid a $22 million ransom in March, but the attack resulted in widespread harm, with ongoing notifications to victims and mounting lawsuits. The state of Nebraska sued the company, citing its failure to implement basic security protections.

Russia’s Midnight Blizzard Hit Microsoft:

Microsoft said in January that it had been breached by Russia’s “Midnight Blizzard” hackers in an incident that compromised company executives’ email accounts. The group is tied to the Kremlin’s SVR foreign intelligence agency and is specifically linked to SVR’s APT 29, also known as Cozy Bear. After an initial intrusion in November 2023, the attackers targeted and compromised historic Microsoft system test accounts that then allowed them to access what the company said were “a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions.” From there, the group exfiltrated “some emails and attached documents.” Microsoft said that the attackers seemed to be looking for information about what the company knew about them—in other words, Midnight Blizzard doing reconnaissance on Microsoft’s research into the group. Hewlett-Packard Enterprise (HPE) also said in January that it had suffered a corporate email breach attributed to Midnight Blizzard.

National Public Data:

In December 2023, National Public Data, a background check company, experienced a data breach, with stolen information beginning to appear for sale on cybercriminal forums by April 2024. Throughout the summer, various forms of this data circulated, leading to public confirmation from the company in August. The compromised information included names, Social Security numbers, phone numbers, addresses, and dates of birth. Due to the delay in the breach’s acknowledgment until August, speculation ran rampant for months, with some theories suggesting that tens or even hundreds of millions of Social Security numbers were involved. Fortunately, the actual number of affected individuals turned out to be much lower, with the company reporting in a Maine filing that approximately 1.3 million people were impacted. In October, the parent company of National Public Data, Jerico Pictures, filed for Chapter 11 bankruptcy reorganization in the Southern District of Florida, citing ongoing state and federal investigations along with multiple lawsuits stemming from the breach.

A lot of people steal a lot of cryptocurrency every year, including North Korean cybercriminals who have a mandate to help fund the hermit kingdom. A report from the cryptocurrency tracing firm Chainalysis released this month, though, underscores just how aggressive Pyongyang-backed hackers have become. The researchers found that in 2023, hackers affiliated with North Korea stole more than $660 million across 20 attacks. This year, they stole roughly $1.34 billion across 47 incidents. The 2024 figures represent 20 percent of total incidents Chainalysis tracked for the year and a whopping 61 percent of the total funds stolen by all actors.

The sheer domination is impressive, but the researchers emphasize the seriousness of the crimes. “US and international officials have assessed that Pyongyang uses the crypto it steals to finance its weapons of mass destruction and ballistic missiles programs, endangering international security,” Chainalysis wrote.

@Wired

Check Also

Singapore

Singapore issues new guidelines for data center and cloud services

The Infocomm Media Development Authority (IMDA of Singapore unveils advisory guidelines to reduce occurrences of …

Leave a Reply

Your email address will not be published. Required fields are marked *