Threat Intelligence Cybersecurity Hacking News Nov, 01 2022
The number of initial access brokers selling remote access to compromised networks is growing. According to a new report, access to approximately 576 corporate networks around the world is being sold on hacker forums. Organizations in the manufacturing and professional services sectors are among the top targeted networks.
Aside from that, stolen credentials databases are thriving on underground markets. Each of these databases is thought to contain millions of credential sets that can be used in credential-stuffing attacks. These valuable sets of credentials can fetch up to $120,000 in auction.
The SQLite database engine's maintainers patched a 22-year-old DoS flaw that could have allowed attackers to crash or take control of the software in a security update.
Top Breaches Reported in the Last 24 Hours
Chegg report data breaches
According to the FTC, sloppy data security at education tech giant Chegg exposed students' and employees' personal information four times in various ways over four years.
In response, the American Consumer Product Safety Commission today ordered the company to improve data security by encrypting sensitive information, providing multi-factor authentication to users and employees, limiting the amount of personal information it collects and retains, and training staff on security practises. Things that should have been done years ago. As per the FTC, the compromised data include the social security numbers, financial details, dates of birth, and medical information of individuals.
Access to compromised networks on sale
According to a new report, hackers are selling access to 576 corporate networks worldwide for a total cumulative sales price of $4,000,000, fueling enterprise attacks.
The findings come from the Israeli cyber-intelligence firm KELA, which published its Q3 2022 ransomware report, which showed stable activity in the initial access sales sector but a significant increase in the value of the offerings.
Stolen Data on sale
Do your social media accounts, such as your Facebook password, have anything in common with your LinkedIn or bank account passwords? Is it protected by the same password as your corporate account? If this is the case, you are not alone! A Google survey found that at least 65% of respondents reuse their passwords across multiple accounts and web services. Because every service, website, and social media account requires a password, many people prefer to reuse existing ones rather than create new ones, especially since managing and remembering multiple passwords is difficult. This is especially true as security policies force passwords to become increasingly complex. Although the majority of the population understands the risk and understands that passwords should not be reused, the majority of us continue to reuse passwords for both corporate and personal accounts. Many websites are breaking the rules and keeping passwords in plain text, which is the main cause of the increase in credentials being stolen.
Top Malware Reported in the Last 24 Hours
Tracking down LODEINFO 2022
A new variant of the LODEINFO backdoor malware was seen being used by the China-based Cicada hacking gang, also known as APT10, to infiltrate Japanese firms. In order to spread the infection, security software was abused. As one of the evasion tactics, it makes use of the XOR algorithm. Media organisations, diplomatic missions, and Japanese think institutes are among the entities being attacked.
Top Vulnerabilities Reported in the Last 24 Hours
Flawed Junos OS fixed
Juniper Networks released patches to address multiple vulnerabilities in the Junos OS's J-Web component. These flaws are identified as CVE-2022-22241, CVE-2022-22242, CVE-2022-22243, CVE-2022-22245, and CVE-2022-22246. They could allow attackers to carry out remote code execution, cross-site scripting, and route injection attacks.
Critical Flaw patched
An unofficial patch has been issued for an actively exploited security flaw in Microsoft Windows that allows files signed with malformed signatures to bypass Mark-of-the-Web (MotW) protections. The patch comes in response to reports of the Magniber ransomware campaign exploiting the flaw.
DoS flaw fixed after 22 years
SQLite database engine maintainers have patched a high-severity flaw that had gone unnoticed for nearly 22 years. The denial of service vulnerability could allow attackers to crash or control software-dependent programmes. It has a CVSS score of 7.5 and is identified as CVE-2022-35737.SQLite database engine maintainers have patched a high-severity flaw that had gone unnoticed for nearly 22 years. The denial of service vulnerability could allow attackers to crash or control software-dependent programmes. It has a CVSS score of 7.5 and is identified as CVE-2022-35737.