Threat Intelligence Cybersecurity Hacking News Nov, 02 2022
Another LockBit victim today! LockBit affiliates have been claiming victims across industries nonstop since the release of version 3.0. Today, we have Thales, a French defence and technology company. In a similar vein, a phoney VPN app attempted to deceive an Iranian minority community. SandStrike, as it is known, supports commands that allow attackers to perform malicious operations on the device.
Meanwhile, OpenSSL released a much-anticipated security update within the last 24 hours. Version 3.0.7 of OpenSSL addresses two critical vulnerabilities that affected versions 3.0.0 and later.
Top Breaches Reported in the Last 24 Hours
Dropbox admits 130 of its private GitHub
Dropbox, a cloud storage service provider, was the victim of a phishing attack. Hackers were successful in stealing 130 private GitHub code repositories as well as some of its secret API credentials. The incident was discovered after Microsoft's GitHub discovered suspicious activity on Dropbox's corporate account.
The LockBit 3.0 ransomware affiliates breached the French aerospace and defence technology firm Thales Group. The hackers have been given until November 7 to pay the demanded ransom. Notably, the gang has yet to release a sample of the stolen data.
Ransomware attack by Snatch group
The Snatch ransomware group allegedly crippled another French company, HENSOLDT France. As proof of the incident, the cybercriminal group published a sample of the stolen data. The company specialises in military and defence electronics solutions both in France and internationally.
Prime Video viewing habits data exposed
An Elasticsearch database containing Prime Video viewing habits was left unprotected on an internal Amazon server. The Sauron database contained 215 million records of pseudonymized viewing data.
Top Malware Reported in the Last 24 Hours
Google Play store leads to harmful phishing sites A family of malicious apps infected with Android/Trojan from developer Mobile apps Group have been listed on Google Play. HiddenAds.BTGTHB. Four apps are listed in total, with at least one million downloads between them.Older versions of these apps have previously been identified as Android/Trojan variants.HiddenAds. Nonetheless, the developer's latest HiddenAds malware is still available on Google Play.
Kaspersky discovered an espionage campaign involving the Android spyware SandStrike, which was designed to target followers of the Baha?i faith, a Persian-speaking religious community. As bait, cybercriminals used a VPN app that claimed to provide access to Baha?i religious resources that are prohibited in Iran.
Top Vulnerabilities Reported in the Last 24 Hours
Two critical flaws in OpenSSL were fixed.
The OpenSSL Project patched two vulnerabilities in its open-source cryptographic library, which is used to encrypt communication channels and HTTPS connections. The vulnerabilities, CVE-2022-3602 and CVE-2022-3786, could cause crashes or RCE attacks, or trigger a denial of service state via a buffer overflow.
Jupyter Notebooks authentication bypass problem
Microsoft identified an authentication bypass vulnerability in Jupyter Notebooks for Azure Cosmos DB. Despite the fact that no malicious activity was detected, the bug could give unauthenticated hackers full read and write access. It was stated that no customer action is required.
Checkmk IT Infrastructure contains numerous flaws.
Researchers discovered four flaws in the Checkmk IT Infrastructure monitoring software. When combined, they can be used to gain remote code execution on servers running Checkmk versions 2.1.0p10 and lower. There were four reported vulnerabilities, two of which were Critical and two of which were Medium in severity.