This posting is here to collect cyber security news in July 2024.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
This posting is here to collect cyber security news in July 2024.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
322 Comments
Tomi Engdahl says:
Zack Whittaker / TechCrunch:
A May 2024 data breach at mobile spyware company mSpy leaked millions of customer support tickets, including personal data, its third known breach since 2010 — Customer service emails dating back to 2014 exposed in May breach — A data breach at the phone surveillance operation mSpy …
https://techcrunch.com/2024/07/11/mspy-spyware-millions-customers-data-breach/
Tomi Engdahl says:
Sean Lyngaas / CNN:
Sources: US car dealership software provider CDK Global appears to have paid ~$25M to hackers on June 21, after a ransomware attack shut down its systems
How did the auto dealer outage end? CDK almost certainly paid a $25 million ransom
https://edition.cnn.com/2024/07/11/business/cdk-hack-ransom-tweny-five-million-dollars/
CDK Global, a software firm serving car dealerships across the US that was roiled by a cyberattack last month, appears to have paid a $25 million ransom to the hackers, multiple sources familiar with the matter told CNN.
The company has declined to discuss the matter. Pinpointing exactly who sends a cryptocurrency payment can be complicated by the relative anonymity that some crypto services offer. But data on the blockchain that underpins cryptocurrency payments also tells its own story.
On June 21, about 387 bitcoin — then the equivalent of roughly $25 million — was sent to a cryptocurrency account controlled by hackers affiliated with a type of ransomware called BlackSuit, Chris Janczewski, head of global investigations at crypto-tracking firm TRM Labs, told CNN.
Tomi Engdahl says:
Matt Burgess / Wired:
A US judge sentences Ukrainian Vyacheslav Igorevich Penchukov, who helped lead the prolific Zeus malware gang, to 18 years in jail and orders payment of $73M+ — The cybercrime boss, who helped lead the prolific Zeus malware gang and was on the FBI’s “most wanted” list for years …
Notorious Hacker Kingpin ‘Tank’ Is Finally Going to Prison
The cybercrime boss, who helped lead the prolific Zeus malware gang and was on the FBI’s “most wanted” list for years, has been sentenced to 18 years and ordered to pay more than $73 million.
https://www.wired.com/story/vyacheslav-igorevich-penchukov-tank-zeus-malware-sentencing/
Tomi Engdahl says:
Olga Kharif / Bloomberg:
Chainalysis: more than half of all illicit transaction volume in crypto now winds up on centralized exchanges — – Chainalysis finds record stablecoin usage in suspect activity — Over half of illegal funds wind up on centralized exchanges — Suspect digital wallets have distributed close …
Crypto’s $100 Billion in Illicit Flows Swamp Stablecoins, Exchanges
https://www.bloomberg.com/news/articles/2024-07-11/crypto-s-100-billion-in-illicit-flows-swamp-stablecoins-exchanges
Chainalysis finds record stablecoin usage in suspect activity
Over half of illegal funds wind up on centralized exchanges
Tomi Engdahl says:
Gmail Users Offered Free Top Tier Security Upgrade—Say Goodbye To 2FA
https://www.forbes.com/sites/daveywinder/2024/07/12/gmail-users-offered-free-top-tier-security-upgrade-say-goodbye-to-2fa/
Tomi Engdahl says:
CISA Takedown of Ivanti Systems Is a Wake-up Call
The exploitation of vulnerabilities in Ivanti’s software underscores the need for robust cybersecurity measures and proactive response strategies to mitigate risks and protect critical assets.
https://www.darkreading.com/vulnerabilities-threats/cisa-takedown-ivanti-systems-is-wake-up-call
In the wake of the attack on Ivanti’s VPN software, which prompted decisive action from the Cybersecurity and Infrastructure Security Agency (CISA), what can we learn? This incident raises new questions about exploit techniques, organizational response to security breaches, and the skyrocketing cost of downtime.
First, let’s break down what happened. From what’s been disclosed, the vulnerabilities in Ivanti’s system, particularly its VPN gateway, enabled threat actors to bypass authentication and gain unauthorized access. By sending maliciously crafted packets to the VPN gateway, attackers had a free pass to infiltrate the system without needing to steal credentials. Once inside, they could export user credentials — including domain administrator credentials.
Tomi Engdahl says:
Hackers target WordPress calendar plugin used by 150,000 sites
https://www.bleepingcomputer.com/news/security/hackers-target-wordpress-calendar-plugin-used-by-150-000-sites/
Hackers are trying to exploit a vulnerability in the Modern Events Calendar WordPress plugin that is present on more than 150,000 websites to upload arbitrary files to a vulnerable site and execute code remotely.
The plugin is developed by Webnus and is used to organize and manage in-person, virtual, or hybrid events.
The vulnerability exploited in attacks is identified as CVE-2024-5441 and received a high-severity score (CVSS v3.1: 8.8). It was discovered and reported responsibly on May 20 by Friderika Baranyai during Wordfence’s Bug Bounty Extravaganza.
Tomi Engdahl says:
Ticketmaster warns customers to take action after hack
https://www.bbc.com/news/articles/c729e3qr48qo
Ticketmaster customers in North America have been sent emails warning them to take action after the company was hacked in May.
Emails were sent overnight to Canadian customers, urging them to “be vigilant and take steps to protect against identity theft and fraud.”
The company has not commented on the notification process – however similar emails have reportedly been sent to victims in the US and Mexico.
The personal details of 560 million Ticketmaster customers worldwide were stolen in the hack – with cyber criminals then attempting to sell that information online.
Tomi Engdahl says:
https://www.pcworld.com/article/2379676/is-windows-11s-built-in-antivirus-enough-for-normal-everyday-users.html
Tomi Engdahl says:
https://www.techspot.com/news/103717-home-routing-encryption-technologies-making-lawful-interception-harder.html
Tomi Engdahl says:
https://cybersecuritynews.com/poc-exploit-http-file-server/
Tomi Engdahl says:
Indonesia gov ransomware chaos may be over after hack group apologizes and says it has shared decrypt keys
News
By Jowi Morales published July 4, 2024
This is lucky, as the government didn’t have backups.
https://www.tomshardware.com/tech-industry/cyber-security/indonesia-gov-ransomware-chaos-may-be-over-after-hack-group-apologizes-and-says-it-has-shared-decrypt-keys
Tomi Engdahl says:
https://thecyberexpress.com/cloudflare-dns-resolver-bgp-hijack/
Tomi Engdahl says:
Critical Unpatched Flaws Disclosed in Popular Gogs Open-Source Git Service
https://thehackernews.com/2024/07/critical-vulnerabilities-disclosed-in.html
Tomi Engdahl says:
https://www.phoronix.com/news/Firefox-128-Released
Tomi Engdahl says:
https://thehackernews.com/2024/07/radius-protocol-vulnerability-exposes.html
Tomi Engdahl says:
https://conduition.io/coding/ticketmaster/?utm_source=tldrnewsletter&fbclid=IwZXh0bgNhZW0CMTEAAR0h_KQvfSu89sddmDO3s2EtRbf-IBD4TXe2osC239zsJtbWAzBN5ADQ384_aem_V-rq3-CSL_9CxHCQX-is5w
Tomi Engdahl says:
China’s APT40 group can exploit vulnerabilities within hours of public release
https://www.csoonline.com/article/2514843/chinas-apt40-group-can-exploit-vulnerabilities-within-hours-of-public-release.html
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/rce-bug-in-widely-used-ghostscript-library-now-exploited-in-attacks/
Tomi Engdahl says:
GOVERNMENTSupreme Court Ruling Threatens the Framework of Cybersecurity Regulation
The Supreme Court’s striking down of the Chevron Doctrine will have a major effect on the determination and enforcement of cyber regulation in the US.
https://www.securityweek.com/supreme-court-ruling-threatens-the-framework-of-cybersecurity-regulation/
Tomi Engdahl says:
How to Change Your IP Address With and Without a VPN
You can refresh your IP address using several methods. Here’s how to do it with a VPN, a proxy server, restarting your router, and manually or automatically updating it on your device.
https://www.cnet.com/tech/services-and-software/how-to-change-ip-address/
Tomi Engdahl says:
Zotac server misconfig exposed customer info to Google searches — customer RMA documents are available on the open web
News
By Jeff Butts published July 7, 2024
If you’ve ever requested an RMA, now’s a good time to Google yourself to make sure your own data isn’t open to the public.
https://www.tomshardware.com/tech-industry/cyber-security/zotac-suffers-massive-customer-data-spill-server-misconfiguration-let-anyone-search-customer-rma-documents-via-google
Tomi Engdahl says:
Biggest password database posted in history spills 10 billion passwords — RockYou2024 is a massive compilation of known passwords
News
By Christopher Harper published July 6, 2024
The leak dropped on the 4th of July. Here’s what you need to know
https://www.tomshardware.com/tech-industry/cyber-security/biggest-password-leak-in-history-spills-10-billion-passwords
Tomi Engdahl says:
YouTube now lets you request removal of AI-generated content that simulates your face or voice
https://techcrunch.com/2024/07/01/youtube-now-lets-you-request-removal-of-ai-generated-content-that-simulates-your-face-or-voice/
Tomi Engdahl says:
Cloudflare’s new free tool stops bots from scraping your website content to train AI
AI bots accessed around 39% of the top one million ‘internet properties’ using Cloudflare in June of 2024, according to the company
https://www.zdnet.com/article/cloudflares-new-free-tool-stops-bots-from-scraping-your-website-content-to-train-ai/#google_vignette
Tomi Engdahl says:
https://www.tomshardware.com/pc-components/cpus/warframe-devs-report-80-percent-of-game-crashes-happen-on-intel-overclockable-core-i9-chips
Tomi Engdahl says:
GitHub Token Leak Exposes Python’s Core Repositories to Potential Attacks
https://thehackernews.com/2024/07/github-token-leak-exposes-pythons-core.html
Cybersecurity researchers said they discovered an accidentally leaked GitHub token that could have granted elevated access to the GitHub repositories of the Python language, Python Package Index (PyPI), and the Python Software Foundation (PSF) repositories.
JFrog, which found the GitHub Personal Access Token, said the secret was leaked in a public Docker container hosted on Docker Hub.
Tomi Engdahl says:
https://thehackernews.com/2024/07/10000-victims-day-infostealer-garden-of.html
Tomi Engdahl says:
Pahamaineinen Venäjän hakkeriryhmä iski: Tietomurto 2500 miljoonaan laitteeseen asennettuun suosikkisovellukseen
Hyökkäyksen tehnyt ryhmä on iskenyt myös Microsoftiin.
https://www.tekniikkatalous.fi/uutiset/pahamaineinen-venajan-hakkeriryhma-iski-tietomurto-2500-miljoonaan-laitteeseen-asennettuun-suosikkisovellukseen/74f44dcd-b38b-4e8d-85ab-f659e7a8cb59
Teamviewer
Tomi Engdahl says:
Threat actors exploited Windows 0-day for more than a year before Microsoft fixed it
The goal of the exploits was to open Explorer and trick targets into running malicious code.
https://arstechnica.com/security/2024/07/threat-actors-exploited-windows-0-day-for-more-than-a-year-before-microsoft-fixed-it/
Threat actors carried out zero-day attacks that targeted Windows users with malware for more than a year before Microsoft fixed the vulnerability that made them possible, researchers said Tuesday.
The vulnerability, present in both Windows 10 and 11, causes devices to open Internet Explorer, a legacy browser that Microsoft decommissioned in 2022 after its aging code base made it increasingly susceptible to exploits. Following the move, Windows made it difficult, if not impossible, for normal actions to open the browser, which was first introduced in the mid-1990s.
Tomi Engdahl says:
https://www.zdnet.com/article/best-mobile-vpn/
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-bug-causing-windows-update-automation-issues/
Tomi Engdahl says:
VULNERABILITIESMicrosoft Says Windows Not Impacted by regreSSHion as Second OpenSSH Bug Is Found
A second remote code execution vulnerability, tracked as CVE-2024-6409, was found in OpenSSH during an analysis of the regreSSHion flaw.
https://www.securityweek.com/microsoft-says-windows-not-impacted-by-regresshion-as-second-openssh-bug-is-found/
Tomi Engdahl says:
AT&T Board Gifted 100 Million Customers’ Privacy To Hackers
https://www.forbes.com/sites/noahbarsky/2024/07/13/att-board-gifted-100-million-customers-privacy-to-hackers/
AT&T joins a growing and ignominious list of corporate cyberattack victims who share a common story — inadequate board governance. What’s different is that their board, stacked with former and well-connected CEOs, should have demanded better.
The telecom giant shockingly disclosed that, in April, hackers “exfiltrated files” of “nearly all” of AT&T’s over 100 million wireless customers. The stolen 2022 and 2023 records identify customers’ voice and text contacted numbers, frequency, duration and, for some, cell tower locations.
Tomi Engdahl says:
https://www.dailydot.com/debug/nullbulge-hackers-leak-disney-slack-hack/
Tomi Engdahl says:
Rite Aid says June data breach impacts 2.2 million people
https://www.bleepingcomputer.com/news/security/rite-aid-says-june-data-breach-impacts-22-million-people/
Tomi Engdahl says:
DarkGate, the Swiss Army knife of malware, sees boom after rival Qbot crushed
Meet the new boss, same as the old boss
https://www.theregister.com/2024/07/16/darkgate_malware/
Tomi Engdahl says:
CISA broke into a US federal agency, and no one noticed for a full 5 months
Red team exercise revealed a score of security fails
https://www.theregister.com/2024/07/12/cisa_broke_into_fed_agency/
The US Cybersecurity and Infrastructure Security Agency (CISA) says a red team exercise at a certain unnamed federal agency in 2023 revealed a string of security failings that exposed its most critical assets.
CISA calls these SILENTSHIELD assessments. The agency’s dedicated red team picks a federal civilian executive branch (FCEB) agency to probe and does so without prior notice – all the while trying to simulate the maneuvers of a long term hostile nation-state threat group.
According to the agency’s account of the exercise, the red team was able to gain initial access by exploiting an unpatched vulnerability (CVE-2022-21587 – 9.8) in the target agency’s Oracle Solaris enclave, leading to what it said was a full compromise.
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/kaspersky-is-shutting-down-its-business-in-the-united-states/
Tomi Engdahl says:
SEXi ransomware rebrands to APT INC, continues VMware ESXi attacks
https://www.bleepingcomputer.com/news/security/sexi-ransomware-rebrands-to-apt-inc-continues-vmware-esxi-attacks/
The SEXi ransomware operation, known for targeting VMware ESXi servers, has rebranded under the name APT INC and has targeted numerous organizations in recent attacks.
The threat actors started attacking organizations in February 2024 using the leaked Babuk encryptor to target VMware ESXi servers and the leaked LockBit 3 encryptor to target Windows.
The cybercriminals soon gained media attention for a massive attack on IxMetro Powerhost, a Chilean hosting provider whose VMware ESXi servers were encrypted in the attack.
Tomi Engdahl says:
https://www.dailydot.com/debug/nullbulge-hackers-leak-disney-slack-hack/?utm_source=burnafterreading.beehiiv.com&utm_medium=newsletter&utm_campaign=chatter-on-chinese-social-media-as-the-world-weighs-the-gravity-of-the-trump-assassination-attempt&fbclid=IwZXh0bgNhZW0CMTEAAR2sl7-jAZq0bER7xm0T2dQcjitzyM8KiITrDj_EvJE6_8qeaONwi9ybLww_aem_ix-m7nzn2D0tgKokC5aqLw
Tomi Engdahl says:
‘Trial’ DDoS Attacks on French Sites Portend Greater Olympics Threats
Russian hacktivists claim DDoS attacks against basic tourist websites. Is it real, or just smoke and mirrors?
https://www.darkreading.com/cyberattacks-data-breaches/trial-ddos-attacks-on-french-sites-portend-greater-olympics-threats
Against the backdrop of the upcoming Paris Olympics, Russian hacktivists have claimed denial-of-service (DoS) attacks against a few notable French websites.
For months now, the news media has warned of both physical and cyber threats to the upcoming Olympic Games. The fears are well-founded: Any major event these days is a target, and prior Olympics have seen their fair share of incidents.
A potential opening salvo rang out in June, Cyble notes in a new report, when the Russian hacktivist groups HackNeT and the People’s Cyber Army claimed a series of distributed DoS attacks on their social media channels. The Sandworm-linked People’s Cyber Army referred to the attacks as mere “training.”
Tomi Engdahl says:
https://thehackernews.com/2024/07/iranian-hackers-deploy-new-bugsleep.html
Tomi Engdahl says:
https://www.tomshardware.com/tech-industry/artificial-intelligence/gemini-ai-caught-scanning-google-drive-hosted-pdf-files-without-permission-user-complains-feature-cant-be-disabled
Tomi Engdahl says:
https://www.mikrobitti.fi/uutiset/hakkerit-hyodynsivat-haavoittuvuutta-vain-22-minuutissa/32a0d2f4-a42d-492d-8341-89e65d816fe3
Tomi Engdahl says:
Here’s how carefully concealed backdoor in fake AWS files escaped mainstream notice
Files available on the open source NPM repository underscore a growing sophistication.
https://arstechnica.com/security/2024/07/code-sneaked-into-fake-aws-downloaded-hundreds-of-times-backdoored-dev-devices/
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/over-400-000-life360-user-phone-numbers-leaked-via-unsecured-android-api/#google_vignette
Tomi Engdahl says:
https://www.businessinsider.com/microsoft-layoffs-dei-leader-email-2024-7
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/critical-exim-bug-bypasses-security-filters-on-15-million-mail-servers/
Tomi Engdahl says:
https://www.theregister.com/2024/07/11/openssh_bug_in_rhel_9/
OpenSSH bug leaves RHEL 9 and the RHELatives vulnerable
Newly discovered flaw affects OpenSSH 8.7 and 8.8 daemon