Cybersecurity Weekly: DarkSide quits, STRRAT attacks, Mercari data breach
The DarkSide ransomware gang quits after their servers and Bitcoin stash are seized. The STRRAT RAT is masquerading as ransomware. An e-commerce giant suffers a major data breach in the Codecov incident. All this, and more, in this week’s edition of Cybersecurity Weekly.
1. DarkSide ransomware gang quits after servers, Bitcoin stash seized
The DarkSide ransomware gang announced it was closing up shop after its servers were seized and someone drained the cryptocurrency from an account the group uses to pay affiliates. The farewell message includes passages apparently written by a leader of the REvil ransomware-as-a-service platform.
2. STRRAT RAT masquerading as ransomware
Microsoft Security Intelligence researchers uncovered a malware campaign that is spreading a remote access trojan tracked as STRRAT. The RAT was designed to steal data from victims while masquerading as a ransomware attack. The malware shows ransomware-like behavior of appending the file name extension .crimson to files without actually encrypting them.
3. E-commerce giant suffers major data breach in Codecov incident
E-commerce platform Mercari disclosed a major data breach incident that occurred due to exposure from the Codecov supply-chain attack. The company confirmed that tens of thousands of customer records, including financial information, were exposed to external actors due to the Codecov breach.
4. Comcast now blocks BGP hijacking attacks and route leaks with RPKI
Comcast recently deployed RPKI on its network to defend against BGP route hijacks and leaks. BGP route hijacks is a networking problem that occurs when a particular network on the internet falsely advertises that it supports certain routes or prefixes that it actually does not. Left unchecked, a BGP route hijack can cause a drastic surge in misdirected internet traffic.
5. CNA Financial reportedly paid hackers $40 million in ransom
U.S. insurance giant CNA Financial reportedly paid $40 million to a ransomware gang to recover access to its systems following an attack in March, making it one of the most expensive ransoms paid to date. The company’s public statement said no evidence was found to indicate that external customers were at risk of infection due to the incident.
6. Air India hack exposes credit card and passport info of 4.5 million passengers
India's flag carrier airline, Air India, disclosed a data breach affecting 4.5 million of its customers over a period stretching nearly 10 years after its Passenger Service System provider fell victim to a cyber attack earlier this year. The breach involves personal data registered between August 2011 and February 2021.
7. 23 Android apps expose over 100 million users' personal data
Misconfigurations in multiple Android apps leaked sensitive data of more than 100 million users, making them a lucrative target for malicious actors. The issues stem from misconfiguring real-time databases, push notification and cloud storage keys, resulting in spillage of emails, phone numbers, chat messages, location, passwords, backups, browser histories and photos.
8. Watering hole attack was used to target Florida water utilities
An investigation undertaken in the aftermath of the Oldsmar water plant hack earlier this year revealed that an infrastructure contractor in the U.S. state of Florida hosted malicious code on its website in what's known as a watering hole attack. The infected website didn't deliver exploit code or attempt to achieve access to visitors' systems.
9. Zeppelin ransomware comes back to life with updated versions
The developers of Zeppelin ransomware resumed their activity after a period of relative silence and started to advertise new versions of the malware. A recent variant of the malware became available on a hacker forum at the end of last month, offering cybercriminals in the ransomware business complete independence.
10. Indonesia blocks access to RaidForums hacking forum after data leak
The Indonesian government is blocking access to the RaidForums hacking forum after the alleged personal information of Indonesian citizens was posted online. The threat actor claims the database contains Indonesians' KTP NIK number, KK number, full name, place of birth, date of birth and other sensitive and personal information.
In this Series
- Cybersecurity Weekly: DarkSide quits, STRRAT attacks, Mercari data breach
- Canada Flipper Zero ban and new RustDoor macOS malware
- AnyDesk hack and iPhone patched kernel flaw
- Tesla Pwn2Own hacks and iOS push alerts abuse
- TeamViewer breach and Atlassian Jira outage
- Moscow ISP revenge hack and Microsoft Sharepoint bug warning
- X verified accounts hack and SpectralBlur macOS malware
- CISA default password alert and SOHO KV-botnet campaign
- New 5G modem flaws and Apple’s data breach report
- Staples cyberattack, Agent Racoon backdoor and other news
- British Library ransomware attack, Windows fingerprint authentication bypass
- Samsung UK data breach and ransomware actor’s SEC complaint
- ICBC ransomware attack and ChatGPT outage
- Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
- Octo Tempest hacking group and new iLeakage attack
- Okta support system breach and Google Ads fake KeePass campaign
- Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
- 23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
- Malicious Bing Chat ads and FBI’s dual ransomware warning
- T-Mobile app glitch and fake Booking.com pages
- Airbus data leak, Cisco Webex ad malware and €345 million TikTok fine
- New Apple iMessage exploit and CISA’s Apache RocketMQ warning
- Forever 21 data breach and Android BadBazaar espionage
- Duolingo data leak and the Met Police IT hack
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- UK Electoral Commission hack and Microsoft’s role in China email breach
- Salesforce email zero-day exploit and Microsoft Power Platform criticism
- Airlines disclose pilot data breach and the Microsoft Teams bug
- GravityRAT Android Trojan and new MOVEit Transfer flaw
- University of Manchester hack and Honda API flaws
- MOVEit zero-day exploit and the U.S. iPhone hack accusation
- Daam Android virus and Barracuda zero-day flaw
- TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
- Discord support hack and Toyota location data leak
- Twitter private tweets bug and Cisco phone router vulnerabilities
- Cisco XSS zero-day flaw and PaperCut vulnerabilities
- 3CX hackers hit critical infrastructure and secondhand routers cause security concerns
- Hyundai data breach and Microsoft’s warning to accountants
- Western Digital cloud breach and the MSI ransomware hack
- TMX loan data breach, Italy bans ChatGPT and WordPress Elementor Pro exploit
- ChatGPT data leak and Gmail message theft by North Korean hackers
- U.S. federal agency hack and the return of FakeCalls Android malware
- Massive AT&T data breach and fake jobs targeting security researchers
- U.S. Marshals service breach and TPM 2.0 security flaws
- Dangerous ChatGPT apps and food giant Dole ransomware attack
- GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
- Reddit’s employees phished, healthcare firms targeted and the new Screenshotter malware
- JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
- Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
- PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware
- Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
