Threat Intelligence Cybersecurity Hacking News Nov 03 2022

A hacker group could impact over 250 news websites in the U.S. through a single attack on their common service provider. Hackers attempted to push SocGholish malware into the systems of the visitors of those websites. Separately, Sentinel Labs made a revelation about overlapping TTPs—and other operational behavior—of Black Basta ransomware and the financially motivated FIN7 group.


That’s not it! Security researchers are warning against a Gatsby vulnerability in its image CDN functionality. The flaw opened two routes for exploitation, leading an attacker to steal secret keys or sensitive data from the metadata IP address



Top Breaches Reported in the Last 24 Hours


A crypto-attack could cost $28 million.

Withdrawals on the cryptocurrency derivatives platform Deribit were halted following a hot wallet cyberattack on the company. The victims' hot wallet was compromised for $28 million in cryptocurrency, but users' funds are said to be safe. According to an official, the incident highlights issues with hot wallets because they aren't as secure as cold wallets.


Misconfiguration reveals sensitive data

In a leak incident, Urlscan[.]io, a website scan and analysis engine, allegedly exposed a slew of API data, including password reset links, DocuSign signing requests, setup pages, Telegram bots, meeting invitations, package tracking links, and PayPal invoices. A misconfigured Security Orchestration, Automation, and Response (SOAR) playbook that was integrated with urlscan.io was discovered during the investigation.


Hackers crippled US news websites.

Proofpoint researchers identified a threat actor known as TA569 that was using SocGholish malware to target an unnamed media company. The victim company serves over 250 news outlets in the United States. While the numbers could be higher, Boston, New York, Chicago, Miami, Palm Beach, Washington, DC, and Cincinnati are among the cities affected.


Vodafone Italy reports a breach

Customers of FourB S.p.A., an Italian reseller of Vodafone services, have begun to receive breach notifications revealing their subscription information, identity documents (containing PII), and other information. According to the notification, no account passwords or network traffic data were compromised.


Top Malware Reported in the Last 24 Hours

Emotet has returned after a five-month absence.

The Emotet malware infection has been detected by the Emotet research group Cryptolaemus after a nearly five-month hiatus. It is spread through phishing campaigns that include malicious Excel or Word documents. It can steal emails for spam campaigns and even drop additional payloads like Cobalt Strike once inside a compromised network.


FIN7 and Black Basta are linked.

Sentinel Labs reports that the Black Basta ransomware operation is linked to FIN7. Researchers discovered that a FIN7 developer also created the EDR evasion tools that Black Basta has been exclusively using since June 2022. In other evidence, both groups used similar IP addresses and TTPs, albeit with a few months difference.



Top Vulnerabilities Reported in the Last 24 Hours


Fortinet has fixed 16 flaws.

Fortinet warned customers about a total of 16 flaws affecting its products, six of which were of high severity. One of the FortiTester bugs allows an attacker to execute arbitrary commands. A flaw in another product, FortiSIEM, allowed an unauthenticated attacker to access the Glassfish server. The remaining critical flaws were saved and reflected XSS bugs affecting other Fortinet products.


Gatsby's high-severity bug

Gatsby, a JavaScript and open source framework based on React, was found to have a critical bug in its Cloud Image CDN service. The flaw could allow attackers to launch server-side request forgery (SSRF) or cross-site scripting (XSS) attacks against Gatsby websites hosted in the cloud.






78 views0 comments