Water nonprofit targeted, Denmark energy update, SEC X update | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware


Ransomware gang targets clean water nonprofit

The ransomware as-a-service gang Medusa has listed Water for People, a nonprofit organization that helps provide safe drinking water to communities in need around the world, on its darknet site. The group is threatening to publish what it has stolen, unless they receive a $300,000 ransom. A spokesperson for Water for People has stated that the stolen information goes back to before 2021, did not compromise the organization’s financial systems and no business operations were impacted. Last year this same group attacked a municipal water supplier in Italy as well as Toyota Financial Services.

(The Record)

Denmark energy sector attacks likely not Sandworm after all

Research from cybersecurity firm ForeScout suggests that last year’s cyberattacks on the Danish energy sector may not have been a Sandworm hack, but rather two distinct waves of attacks, one that exploited a security flaw in Zyxel firewall (CVE-2023-28771) and a separate one in which attackers used Mirai botnet variants on infected hosts as an access point. ForeScout stated that not only were the two waves unrelated, it was also “unlikely the work of the state-sponsored group Sandworm owing to the fact the second wave was part of a broader mass exploitation campaign against unpatched Zyxel firewalls.” The perpetrators are currently unknown. A link to the ForeScout report is available in the show notes to this episode.

(The Hacker News and ForeScout)

SEC says X account breach did not lead to further breaches

According to Reuters, the U.S. Securities and Exchange Commission stated on Friday that said there was “no evidence to suggest the breach of its X account earlier this week also involved a breach of the agency’s systems, devices, data, or other social media accounts.” CISA, the FBI, and the SEC’s own Inspector General continue to investigate the breach, which a representative from X (formerly Twitter), has said resulted from “an unidentified individual obtaining control of a phone number.”

(Reuters)

End-of-life Cisco routers targeted by Chinese espionage group

According to SecurityScorecard a group named Volt Typhoon, identified as a Chinese government espionage unit, is exploiting Cisco RV320/325 devices, which were discontinued by Cisco in 2019, with service and support intended to be terminated on January 31, 2025. The hackers are exploiting two vulnerabilities, CVE-2019-1653 and CVE-2019-1652, which are also listed on CISA’s Known Exploited Vulnerabilities list for 2019. SecurityScorecard says 30% of the RV320/325 devices may have been compromised, a statement based on its observation of frequent connections between the devices and known Volt Typhoon infrastructure.

(The Record)

Huge thanks to this week’s episode sponsor, Savvy Security

Shadow identities on SaaS apps are growing unchecked, rapidly expanding an attack surface where businesses have little-to-no visibility or control. Savvy helps security teams safely embrace SaaS benefits by automating the discovery and removal of the most toxic combinations of SaaS identity risk. Savvy’s automation playbooks and just-in-time security guardrails guide users at scale towards proper identity hygiene. That’s Savvy—Identity-First SaaS Security. 
Learn more at savvy.security/headlines. 

Hacker uses a million virtual servers to mine crypto

Europol has arrested a 29-year-old man in Ukraine who used hacked accounts to create one million virtual servers, which were then used to mine $2 million in cryptocurrency. One report of the investigation and arrest of the individual, published by the Ukraine police, stated that the suspect had used automated tools to brute force the passwords of 1,500 accounts of “a subsidiary of one of the world’s largest e-commerce entities.” He then used these accounts to gain access to administrative privileges, which were used to create more than one million virtual computers for use in the crypto mining process.

(Bleeping Computer)

Microsoft releases fix to Windows 10 BitLocker patch fail

Following up on a story we brought you on Thursday, Microsoft has now released a PowerShell script to automate the update to the Windows Recovery Environment (WinRE) partition to fix CVE-2024-20666, a vulnerability that allowed for BitLocker encryption bypass. It was reported by the industry media last week that the initial fix, released as part of Patch Tuesday, resulted in an error message, with little in the way of easy recourse. A link to the Microsoft fix page is also available in the show notes to this episode.

(Bleeping Computer and Microsoft)

Last week in ransomware

Last week saw another large mortgage lender, loanDepot confirming that the cyberattack it suffered was indeed ransomware. It joins a prominent group that includes Mr. Cooper, First American Financial and Fidelity National Financial. Other ransomware attack victims last week included the Toronto Zoo, Paraguay’s largest mobile carrier, Tigo Business, and Capital Health hospital network, which was allegedly attacked by LockBit. We saw reports of ransomware operators upping their extortion game by swatting company executives and hospital patients, while the New York Attorney General laid down the law with the Hudson Valley’s Refuah Heath Center, demanding that is invest in better cybersecurity measures. Finland sent out warnings to companies in that country regarding of the prevalence of Akira ransomware. Meanwhile Dutch police, working in consort with Cisco Talos, were able to arrest a ransomware operator recover decryption keys which they handed over to Avast, to allow victims of the Babuk-based Tortilla ransomware to recover their files for free.

(Bleeping Computer and Cyber Security Headlines)

——————————————————–


Click Here For The Original Source.

How can I help you?
National Cyber Security

FREE
VIEW