Welcome to our biweekly cybersecurity roundup. In these weblog posts, we characteristic curated articles and insights from consultants, offering you with priceless info on the most recent cybersecurity threats, applied sciences, and greatest practices to maintain your self and your group protected. Whether or not you’re a cybersecurity skilled or a involved particular person, our biweekly weblog put up is designed to maintain you knowledgeable and empowered.
For extra articles, try our #onpatrol4malware weblog.
AT&T Knowledge Breach: ‘Practically All’ Wi-fi Prospects Uncovered in Huge Hack
Supply: SECURITY WEEK
AT&T on Friday mentioned virtually all its wi-fi subscribers have been uncovered in a large hack that occurred between April 14 and April 25, 2024, the place a hacker exfiltrated information containing “information of buyer name and textual content interactions” between roughly Could 1 and October 31, 2022, in addition to on January 2, 2023. Learn extra.
Disney’s Inside Slack Breached? NullBulge Leaks 1.1 TiB of Knowledge
Supply: HACK READ
A self-proclaimed hacktivist group named NullBulge, aiming to “shield artists’ rights and guarantee honest compensation for his or her work,” claims to have breached Disney and leaked 1.1 TiB (1.2 TB) of the corporate’s inner Slack infrastructure. These claims have been posted on the infamous cybercrime and hacker platform Breach Boards on July 12, 2024. Learn extra.
Malware that’s ‘not ransomware’ wormed its approach by Fujitsu Japan’s programs
Supply: The Register
Fujitsu’s description of the unnamed malware made it sound as if it was wormable. After infecting the primary machine, it later unfold to 48 different enterprise computer systems, all localized to its inner Japan community. Learn extra.
Microsoft Staff Knowledge Leaked On-line By way of Thrid-Patry Knowledge Breach | Unique!
Supply: Cyber Press
The Cyber Press Analysis Crew uncovered a knowledge leak file that uncovered the private {and professional} info of two,073 Microsoft workers obtained from Microsoft’s third-party vendor knowledge breach. A risk actor named @888, which is actively leaking knowledge in underground boards, leaked the Microsoft workers’ knowledge right this moment and claimed it was a third-party breach. Learn extra.
Ransomware assault on blood-testing service places lives at risk in South Africa
Supply: Bitdefender
On June 22, the BlackSuit ransomware group hit NHLS, leaving it unable to course of tens of millions of blood assessments. This implies critical circumstances have been left undiagnosed and lives endangered. This included particulars of assessments that screened for ailments like tuberculosis and HIV/AIDS, in addition to the mpox (also referred to as monkeypox) outbreak that’s presently impacting components of Africa. Learn extra.
Individuals’s Republic of China (PRC) Ministry of State Safety APT40 Tradecraft in Motion
Supply: CISA
Notably, APT40 possesses the aptitude to quickly remodel and adapt exploit proof-of-concept(s) (POCs) of latest vulnerabilities and instantly make the most of them in opposition to goal networks possessing the infrastructure of the related vulnerability. Learn extra.
Decrypted: DoNex Ransomware and its Predecessors
Supply: DECODED avast.io
The DoNex ransomware has been rebranded a number of occasions. The primary model, known as Muse, appeared in April 2022. A number of evolutions adopted, ensuing within the last model of the ransomware, known as DoNex. Learn extra.
Coyote Banking Trojan Targets LATAM with a Give attention to Brazilian Monetary Establishments
Supply: BlackBerry
Coyote is a .NET banking Trojan that has been noticed focusing on Brazilian monetary establishments, primarily banks. It has an execution chain that clearly distinguishes it from different banking Trojans. First recognized by researchers in February 2024, Coyote bought its identify as a result of reality it abuses Squirrel, a legitimate non-malicious software program to handle the set up and replace of Home windows purposes. Learn extra.
Exploring Compiled V8 JavaScript Utilization in Malware
Supply: CHECK POINT RESEARCH
In latest months, CPR has been investigating the utilization of compiled V8 JavaScript by malware authors. Compiled V8 JavaScript is a lesser-known characteristic in V8, Google’s JavaScript engine, that permits the compilation of JavaScript into low-level bytecode. This method assists attackers in evading static detections and hiding their authentic supply code, rendering it virtually unimaginable to investigate statically. Learn extra.
Distribution of AsyncRAT Disguised as E book
Supply: ASEC
The compressed file disguised as an e-book incorporates a malicious LNK file disguised with a compressed file icon, a textual content file containing a malicious PowerShell script, further compressed information disguised with a video file extension, and a standard e-book file. The LNK file incorporates malicious instructions and reads the RM.TXT file containing the PowerShell script to execute it. Learn extra.