Threat Intelligence - Hacking news

Top Breaches, Malware, Vulnerabilities Reported in the Last 24

1. Microsoft has warned that a large-scale phishing campaign using "adversary-in-the-middle" or AiTM websites has hit almost more than 10,000 organizations since September 2021. AiTM sounds like bad news as the phishing sites can skip authentication on sites even when the user has enabled multi-factor authentication (MFA).

2. Associated Eye Care Partners, Montana, is informing patients of potential exposure of their personal data, including names, addresses, SSNs, and medical history, owing to a December 2020 breach at Netgain.

3. The Central Public Works Department (CPWD), India, has been facing a wave of cyberattacks on its computers across various offices. The construction agency is to analyze the root cause and sanitizes devices.

4. The Department of Indre-et-Loire, France, fell victim to a major computer attack, resulting in complete disruption of computers and telephone networks.

5. The new HavanaCrypt ransomware is propagating as a fake Google Software Update. However, it is .NET compiled and uses an open-source obfuscator, named Obfuscar.

6. The Luna Moth gang is engaging in ransom extortion without using any ransomware. It launches a phishing campaign and uses commercially-available RATs to infiltrate systems and extort payments.

7. The LockBit and Karakurt gangs have redesigned their data leak sites to allow searching of stolen data for listed victim organizations. The search function is, however, very basic.

8. A research team from the Ben-Gurion University of the Negev and Tel Aviv University designed a universal mask—by using a gradient-based optimization process—to defeat modern facial recognition systems.

9. Older AMD and Intel chips are vulnerable to yet another Spectre-based speculative-execution attack that exposes secrets within kernel memory despite defenses already in place. Mitigating this side channel is expected to take a toll on performance.

10. The DMV warned consumers against a new phishing scam that falsely claims that New York State is offering $1,500 fuel rebates and attempts to steal their personal information.

11. A series of phishing schemes on social media is scaring netizens with fake account-abuse accusations to force them into giving up their Twitter and Discord login credentials.

12. BlockSec, a blockchain security startup, raised $8 million in seed plus funding round, co-led by Matrix Partners and Vitalbridge Capital. Other participants included Mirana Ventures, CoinSummer, and YM Capital.

13. Decentralized crypto exchange Uniswap suffered a phishing attack, resulting in the loss of millions. The attackers compromised Uniswap V3 on the ETH blockchain.

14. Deakin University, Australia, suffered a data breach in which the attacker hacked a staff member’s credentials and gained unauthorized access. The breach has potentially affected 9,997 students.

15. The game publisher behind Dark Souls and Elden Ring, Bandai Namco, was allegedly targeted by the BlackCat ransomware group. The gang posted that it will leak the data soon.

16. Al-Tahera, an Iraq-based hacker group claimed to have breached the Tel Aviv municipality website and taken it down, following the attack on Israeli NTA Metropolitan Mass Transit System Ltd.

17. Microsoft warned against a large-scale phishing campaign that targeted over 10,000 organizations. It leveraged Adversary-in-the-Middle (AiTM) phishing sites to pilfer passwords, hijack a user’s sign-in session, and bypass MFA.

18. New variants of the ChromeLoader infostealer were identified by Palo Alto Networks Unit 42, indicating the quick evolution of the malware in a short span of time.

19. Zscaler observed a major rise in QBot attacks over the past six months, owing to various new techniques, such as evading detection via ZIP file extensions, code obfuscation, and multiple URLs, among others.

20. The president of the European Central Bank was targeted in a hacking attempt via a text message. However, the attempt was unsuccessful.

21. Data privacy platform Privitar acquired software platform Kormoon for an undisclosed sum. The acquisition aims to expand Privitar’s data privacy capabilities and offerings.

22. As a part of its cybersecurity expansion strategy, Thales announced the acquisition of the Netherlands-based OneWelcome for $100 million.