Daily Cyber Intel Roundup: 10/26/2024

Introducing My New Cyber Intel Tracking Program

In today’s interconnected world, cyber threats and breaches are happening more frequently and with greater impact than ever before. Staying informed about these events is crucial for businesses, individuals, and cybersecurity professionals.

To help my readers stay ahead, I’ve developed a new Python-based tracking program that automatically scans trusted sources for the latest cybrer threats and breach reports and compiles them in one place.

Starting today, I’ll be publishing daily updates with new breach reports directly on my website. My program only pulls from reputable sources such as Krebs on Security, The Hacker News, and others, ensuring that you receive timely and accurate information.

If you want to stay informed and never miss important breach updates, I encourage you to subscribe to my website. By subscribing, you’ll receive notifications as soon as new articles are posted and gain access to a curated list of the most recent and relevant cybersecurity threats, breach reports, and breaking news.

You can connect with me on LinkedIn and join my professional network.

Get notified when I publish new articles so you don’t miss out on the latest cybersecurity updates. I never share your email address, and your subscription only sends you notifications when I publish new articles.

New Cyber Threats, Breach Reports, & News

ID: 1

Source: Krebs on Security

Summary: Brazil Arrests ‘USDoD,’ Hacker in FBI Infragard Breach — Brazilian authorities reportedly have arrested a 33-year-old man on suspicion of being “USDoD,” a prolific cybercriminal who rose to infamy in 2022 after infiltrating the FBI’s InfraGard program and leaking contact information for 80,000 members. More recently, USDoD was behind a breach at the consumer data broker National Public Data that led to the leak of Social Security numbers and other personal information for a significant portion of the U.S. population.

Date: 2024–10–18

URL: https://krebsonsecurity.com/2024/10/brazil-arrests-usdod-hacker-in-fbi-infragard-breach/

ID: 4

Source: Krebs on Security

Summary: U.S. Indicts 2 Top Russian Hackers, Sanctions Cryptex — The United States today unveiled sanctions and indictments against the alleged proprietor of Joker’s Stash, a now-defunct cybercrime store that peddled tens of millions of payment cards stolen in some of the largest data breaches of the past decade. The government also indicted a top Russian cybercriminal known as Taleon, whose cryptocurrency exchange Cryptex has evolved into one of Russia’s most active money laundering networks.

Date: 2024–09–26

URL: https://krebsonsecurity.com/2024/09/u-s-indicts-2-top-russian-hackers-sanctions-cryptex/

ID: 6

Source: BleepingComputer

Summary: Black Basta ransomware poses as IT support on Microsoft Teams to breach networks — The BlackBasta ransomware operation has moved its social engineering attacks to Microsoft Teams, posing as corporate help desks contacting employees to assist them with an ongoing spam attack. […]

Date: 2024–10–25

URL: https://www.bleepingcomputer.com/news/security/black-basta-ransomware-poses-as-it-support-on-microsoft-teams-to-breach-networks/

ID: 7

Source: BleepingComputer

Summary: Russia sentences REvil ransomware members to over 4 years in prison — Russia has sentenced four members of the REvil ransomware operation to over 4 years in prison for distributing malware and illegal circulation of means of payment. […]

Date: 2024–10–25

URL: https://www.bleepingcomputer.com/news/security/russia-sentences-revil-ransomware-members-to-over-4-years-in-prison/

ID: 8

Source: BleepingComputer

Summary: UnitedHealth says data of 100 million stolen in Change Healthcare breach — UnitedHealth has confirmed for the first time that over 100 million people had their personal information and healthcare data stolen in the Change Healthcare ransomware attack, marking this as the largest healthcare data breach in recent years. […]

Date: 2024–10–25

URL: https://www.bleepingcomputer.com/news/security/unitedhealth-says-data-of-100-million-stolen-in-change-healthcare-breach/

ID: 9

Source: BleepingComputer

Summary: Henry Schein discloses data breach a year after ransomware attack — Henry Schein has finally disclosed a data breach following at least two back-to-back cyberattacks in 2023 by the BlackCat Ransomware gang, revealing that over 160,000 people had their personal information stolen. […]

Date: 2024–10–24

URL: https://www.bleepingcomputer.com/news/security/henry-schein-discloses-data-breach-a-year-after-ransomware-attack/

ID: 10

Source: BleepingComputer

Summary: Insurance admin Landmark says data breach impacts 800,000 people — Insurance administrative services company Landmark Admin warns that a data breach impacts over 800,000 people from a May cyberattack. […]

Date: 2024–10–24

URL: https://www.bleepingcomputer.com/news/security/insurance-admin-landmark-says-data-breach-impacts-800-000-people/

ID: 11

Source: The Hacker News

Summary: Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining — The infamous cryptojacking group known as TeamTNT appears to be readying for a new large-scale campaign targeting cloud-native environments for mining cryptocurrencies and renting out breached servers to third-parties.

“The group is currently targeting exposed Docker daemons to deploy Sliver malware, a cyber worm, and cryptominers, using compromised servers and Docker Hub as the infrastructure

Date: 2024–10–26

URL: https://thehackernews.com/2024/10/notorious-hacker-group-teamtnt-launches.html

ID: 13

Source: The Hacker News

Summary: New Qilin.B Ransomware Variant Emerges with Improved Encryption and Evasion Tactics — Cybersecurity researchers have discovered an advanced version of the Qilin ransomware sporting increased sophistication and tactics to evade detection.

The new variant is being tracked by cybersecurity firm Halcyon under the moniker Qilin.B.

“Notably, Qilin.B now supports AES-256-CTR encryption for systems with AESNI capabilities, while still retaining Chacha20 for systems that lack this support

Date: 2024–10–24

URL: https://thehackernews.com/2024/10/new-qilinb-ransomware-variant-emerges.html

ID: 15

Source: The Hacker News

Summary: Ransomware Gangs Use LockBit’s Fame to Intimidate Victims in Latest Attacks — Threat actors have been observed abusing Amazon S3 (Simple Storage Service) Transfer Acceleration feature as part of ransomware attacks designed to exfiltrate victim data and upload them to S3 buckets under their control.

“Attempts were made to disguise the Golang ransomware as the notorious LockBit ransomware,” Trend Micro researchers Jaromir Horejsi and Nitesh Surana said. “However, such is

Date: 2024–10–23

URL: https://thehackernews.com/2024/10/ransomware-gangs-use-lockbits-fame-to.html

ID: 16

Source: The Hacker News

Summary: Cybercriminals Exploiting Docker API Servers for SRBMiner Crypto Mining Attacks — Bad actors have been observed targeting Docker remote API servers to deploy the SRBMiner crypto miner on compromised instances, according to new findings from Trend Micro.

“In this attack, the threat actor used the gRPC protocol over h2c to evade security solutions and execute their crypto mining operations on the Docker host,” researchers Abdelrahman Esmail and Sunil Bharti said in a technical

Date: 2024–10–22

URL: https://thehackernews.com/2024/10/cybercriminals-exploiting-docker-api.html

ID: 17

Source: The Hacker News

Summary: Bumblebee and Latrodectus Malware Return with Sophisticated Phishing Strategies — Two malware families that suffered setbacks in the aftermath of a coordinated law enforcement operation called Endgame have resurfaced as part of new phishing campaigns.

Bumblebee and Latrodectus, which are both malware loaders, are designed to steal personal data, along with downloading and executing additional payloads onto compromised hosts.

Tracked under the names BlackWidow, IceNova, Lotus,

Date: 2024–10–22

URL: https://thehackernews.com/2024/10/bumblebee-and-latrodectus-malware.html

ID: 18

Source: The Hacker News

Summary: Crypt Ghouls Targets Russian Firms with LockBit 3.0 and Babuk Ransomware Attacks — A nascent threat actor known as Crypt Ghouls has been linked to a set of cyber attacks targeting Russian businesses and government agencies with ransomware with the twin goals of disrupting business operations and financial gain.

“The group under review has a toolkit that includes utilities such as Mimikatz, XenAllPasswordPro, PingCastle, Localtonet, resocks, AnyDesk, PsExec, and others,”

Date: 2024–10–19

URL: https://thehackernews.com/2024/10/crypt-ghouls-targets-russian-firms-with.html

ID: 19

Source: The Hacker News

Summary: U.S. and Allies Warn of Iranian Cyberattacks on Critical Infrastructure in Year-Long Campaign — Cybersecurity and intelligence agencies from Australia, Canada, and the U.S. have warned about a year-long campaign undertaken by Iranian cyber actors to infiltrate critical infrastructure organizations via brute-force attacks.

“Since October 2023, Iranian actors have used brute force and password spraying to compromise user accounts and obtain access to organizations in the healthcare and

Date: 2024–10–18

URL: https://thehackernews.com/2024/10/us-and-allies-warn-of-iranian.html

ID: 20

Source: The Hacker News

Summary: Researchers Uncover Cicada3301 Ransomware Operations and Its Affiliate Program — Cybersecurity researchers have gleaned additional insights into a nascent ransomware-as-a-service (RaaS) called Cicada3301 after successfully gaining access to the group’s affiliate panel on the dark web.

Singapore-headquartered Group-IB said it contacted the threat actor behind the Cicada3301 persona on the RAMP cybercrime forum via the Tox messaging service after the latter put out an

Date: 2024–10–17

URL: https://thehackernews.com/2024/10/cross-platform-cicada3301-ransomware.html

ID: 22

Source: The Hacker News

Summary: From Misuse to Abuse: AI Risks and Attacks — AI from the attacker’s perspective: See how cybercriminals are leveraging AI and exploiting its vulnerabilities to compromise systems, users, and even other AI applications

Cybercriminals and AI: The Reality vs. Hype

“AI will not replace humans in the near future. But humans who know how to use AI are going to replace those humans who don’t know how to use AI,” says Etay Maor, Chief Security

Date: 2024–10–16

URL: https://thehackernews.com/2024/10/from-misuse-to-abuse-ai-risks-and.html

Get notified when I publish new articles so you don’t miss out on the latest cybersecurity updates. I never share your email address, and your subscription only sends you notifications when I publish new articles.

You can connect with me on LinkedIn and join my professional network.

Privacy: Tim Layton & Associates, LLC respects your privacy and is committed to protecting your personal information. For more details, please review our Privacy Policy.

Copyright: Copyright © 2024 Tim Layton & Associates, LLC. All rights reserved. All information and content on this website are protected by copyright and may not be reproduced, distributed, or transmitted in any form without prior written permission from Tim Layton & Associates, LLC.

Originally published at https://timlaytonllc.com on October 26, 2024.