Essential Cyber Intel Brief: 11/04/2024
No one has time to sift through dozens of websites for critical cybersecurity insights. That’s why I developed a better solution-it’s automated, curated, and absolutely free.
Get the important updates you need as a cybersecurity professional or business leader without the time drag or hassle.
Designed for efficiency, my custom program pinpoints the most critical cybersecurity events security professionals and business leaders need to know and I publish them every business day at 9 AM CT for you.
In just one to two minutes, you’ll determine if the latest cybersecurity developments require further attention, allowing you to stay informed without losing your valuable time.
Subscribe to receive automated notifications and stay ahead of key developments-no spam, just concise, relevant updates delivered directly to your inbox.
You can connect with me on LinkedIn and join my professional network.
11/04/2024 — New Cybersecurity Updates
Booking.com Phishers May Leave You With Reservations — A number of cybercriminal innovations are making it easier for scammers to cash in on your upcoming travel plans. This story examines a recent spear-phishing campaign that ensued when a California hotel had its booking.com credentials stolen. We’ll also explore an array of cybercrime services aimed at phishers who target hotels that rely on the world’s most visited travel website. Source
Cisco says DevHub site leak won’t enable future breaches — Cisco says that non-public files recently downloaded by a threat actor from a misconfigured public-facing DevHub portal don’t contain information that could be exploited in future breaches of the company’s systems. Source
Meet Interlock — The new ransomware targeting FreeBSD servers — A relatively new ransomware operation named Interlock attacks organizations worldwide, taking the unusual approach of creating an encryptor to target FreeBSD servers. Source
Microsoft SharePoint RCE bug exploited to breach corporate network — A recently disclosed Microsoft SharePoint remote code execution (RCE) vulnerability tracked as CVE-2024–38094 is being exploited to gain initial access to corporate networks. Source
LA housing authority confirms breach claimed by Cactus ransomware — The Housing Authority of the City of Los Angeles (HACLA), one of the largest public housing authorities in the United States, confirmed that a cyberattack hit its IT network after recent breach claims from the Cactus ransomware gang. Source
Synology hurries out patches for zero-days exploited at Pwn2Own — Synology, a Taiwanese network-attached storage (NAS) appliance maker, patched two critical zero-days exploited during last week’s Pwn2Own hacking competition within days. Source
DDoS site Dstat.cc seized and two suspects arrested in Germany — The Dstat.cc DDoS review platform has been seized by law enforcement, and two suspects have been arrested after the service helped fuel distributed denial-of-service attacks for years. Source
New FakeCall Malware Variant Hijacks Android Devices for Fraudulent Banking Calls — Cybersecurity researchers have discovered a new version of a well-known Android malware family dubbed FakeCall that employs voice phishing (aka vishing) techniques to trick users into parting with their personal information Source
Massive Git Config Breach Exposes 15,000 Credentials; 10,000 Private Repos Cloned — Cybersecurity researchers have flagged a “massive” campaign that targets exposed Git configurations to siphon credentials, clone private repositories, and even extract cloud credentials from the source code. Source
5 SaaS Misconfigurations Leading to Major Fu*%@ Ups — With so many SaaS applications, a range of configuration options, API capabilities, endless integrations, and app-to-app connections, the SaaS risk possibilities are endless. Critical organizational assets and data are at risk from malicious actors, data breaches, and insider threats, which pose many challenges for security teams. Source
Microsoft Warns of Chinese Botnet Exploiting Router Flaws for Credential Theft — Microsoft has revealed that a Chinese threat actor it tracks as Storm-0940 is leveraging a botnet called Quad7 to orchestrate highly evasive password spray attacks. The tech giant has given the botnet the name CovertNetwork-1658, stating the password spray operations are used to steal credentials from multiple Microsoft customers. Source
New Phishing Kit Xiū gǒu Targets Users Across Five Countries With 2,000 Fake Sites — Cybersecurity researchers have disclosed a new phishing kit that has been put to use in campaigns targeting Australia, Japan, Spain, the U.K., and the U.S. since at least September 2024. Source
City of Columbus Ransomware Attack Impacts 500,000 People — The City of Columbus says the personal information of 500,000 people was stolen in a ransomware attack. Source
Businesses Worldwide Targeted in Large-Scale ChatGPT Phishing Campaign — Barracuda has observed a large-scale OpenAI impersonation campaign whose goal is to phish for ChatGPT credentials. Source
GreyNoise Credits AI for Spotting Exploit Attempts on IoT Livestream Cams — GreyNoise Intelligence says an internal AI tool captured attempts to exploit critical vulnerabilities in commercial livestream IoT cameras. Source
FBI’s Ransomware Disruptions, Recall Delayed Again, CrowdStrike Responds to Bloomberg Article –Noteworthy stories that might have slipped under the radar: FBI conducted over 30 ransomware disruption operations this year, Windows Recall delayed until December, CrowdStrike responds to a Bloomberg article. Source
US, Israel Describe Iranian Hackers’ Targeting of Olympics, Surveillance Cameras — The US and Israel have published an advisory describing the latest activities of Iranian cyber firm Emennet Pasargad, now called Aria Sepehr Ayandehsazan. Source
Lottie-Player Supply Chain Attack Targets Cryptocurrency Wallets –LottieFiles has confirmed that Lottie-Player has been compromised in a supply chain attack whose goal is cryptocurrency theft. Source
Z-lib — 9,737,374 breached accounts — In June 2024, almost 10M user records from Z-lib were discovered exposed online. Now defunct, Z-lib was a malicious clone of Z-Library, a well-known shadow online platform for pirating books and academic papers. The exposed data included usernames, email addresses, countries of residence, Bitcoin and Monero cryptocurrency wallet addresses, purchases and bcrypt password hashes. Source
Copyright: Copyright © 2024 Tim Layton & Associates, LLC. All rights reserved. All information and content on this website are protected by copyright and may not be reproduced, distributed, or transmitted in any form without prior written permission from Tim Layton & Associates, LLC.
Originally published at https://timlaytonllc.com on November 4, 2024.
