Airbus, a European aerospace giant suffered a data breach through the exposed credentials of a third-party IT employee of Turkish Airlines (a third-party vendor to Airbus) who installed pirated Microsoft software with Redline information-stealing malware that gave access to the personal information of Airbus vendors such as name, addresses, email address, phone number etc. This information-stealing malware gave the hacker identified by the ‘USDoD’ alias belonging to the Ransomed ransomware group where the breach action was announced on the Breach Forum, the access to the data that was eventually leaked to the public.
In summary-
Vulnerability: exposed credentials of the Turkish airline IT employee
Threat: the hacker using the Redline information-stealing malware
Impact: the data exposure of Airbus vendor’s private information
Risk: identity theft, brand reputation, loss of customers etc. from the data exposure incident.
https://thehackernews.com/2023/09/cybercriminals-combine-phishing-and-ev.html
This article is about how the bad guys are using ransomware through phishing campaigns that can spread the initial payload to code signing certificates. It starts by using phishing emails to trick the other user into running the malicious attachments which are disguised as PDF or jpg images but are executables that start compromising your system the moment you run it. The phishing campaign is spreading a new and improved malware loader which is called DBatLoader. Its new capabilities indicate that it is actively kept to drop malicious programs that can collect sensitive information and remote control systems. The emails have been mainly singled out in English but are also found in Spanish and Turkish languages. The targets are people who use the Cisco Webex video conferencing software on Google to redirect them to a fake website that will activate the Bootloader malware. Once the loader establishes contact with your remote server it then downloads a second-stage encrypted payload which uses another stealer and keylogger malware, DanaBot.
This article discusses how a hacking group called APT34 has started phishing campaigns. They are using a modified version of the Side Twist backdoor and a fresh variant of Agent Tesla.
APT34 employs spear phishing tactics by sending corrupted Microsoft Word and Excel files that take advantage of known vulnerabilities, in Microsoft Office. This allows them to run codes on the victim’s computer. The Side Twist backdoor enables them to download/upload files and execute commands establishing communication with a server for instructions. At the time the Agent Tesla variant can collect information from the victim’s device, such, as saved login credentials and keylogging data.
Warning: APT34 is currently launching phishing campaigns that distribute versions of Side Twist and Agent Tesla. To protect yourself be cautious when opening emails from sources that contain Microsoft Word or Excel attachments to avoid compromise.
The Scattered Spider hacking group recently claimed to have stolen six terabytes of data from major casino operators MGM Resorts International and Caesars Entertainment. While the group did not plan to make the data public and did not comment on whether they requested ransom, MGM and Caesars remained silent on the extent of the data breach. Caesars reported that hackers obtained data on a significant number of loyalty program members, including sensitive information like driver’s license numbers and social security numbers, but declined to comment on whether they paid a ransom. Scattered Spider, known for its social engineering tactics, has been linked to over 100 intrusions across various industries in the last two years. Both companies were working to resolve the cybersecurity issue, while the FBI was investigating the incidents. Operations at MGM were still disrupted several days after the hack, with slot machines displaying error messages at Las Vegas casinos. Some experts suggest that Scattered Spider may be a subgroup of the ALPHV ransomware hacking outfit.
https://www.infosecurity-magazine.com/news/iranian-threat-group-thousands/
The article describes a six-month period of cyber espionage against global targets by the Iranian-backed APT group Peach Sandstorm. The group uses cryptojet techniques and exploits to gain access to targeted systems, and uses a range of tools for reconnaissance, persistence, and data breaches. The group leveraged Azure services and tools to persist and execute other attacks in the targeted environment, including the creation of new Azure subscriptions. The purpose of the group was to steal information that served Iran’s national interests, and its activities posed a threat to the confidentiality of its victims.
https://www.reference.com/world-view/cybersecurity-awareness?
This article is all about Cybersecurity awareness, means actively protecting your personal infrastructure and information. .A robust information security is needed in all organization to properly secure their information assets and to prevent hackers penetrating into your network. The subject may still seem somewhat new to you, but it’s only going to become a more pressing issue as society continues to develop technologically. On October 1, 2021, President Joe Biden told the nation, “I am committed to strengthening our cybersecurity by hardening our critical infrastructure against cyberattacks, disrupting ransomware networks, working to establish and promote clear rules of the road for all nations in cyberspace, and making clear we will hold accountable those that threaten our security. ”
https://www.securityweek.com/california-settles-with-google-over-location-privacy-practices-for-93-million/
Google has agreed to a $93 million settlement with the state of California over its location-privacy practices, following a $391.5 million settlement with 40 states in November 2022 regarding the tracking of users’ locations. The investigation was prompted by a 2018 Associated Press report revealing that Google continued to track user location data even after they had opted out. The settlement includes several restrictions, such as enhanced transparency in location tracking, disclosing the use of location data for ad personalization, and providing additional information to users when enabling location-related account settings. Google admitted no wrongdoing but stated that the matter was related to outdated product policies that had been changed in recent years.
This article covers Microsoft’s recent significant security breach where 38 terabytes of private data was inadvertently exposed in its AI GitHub repository. This occurred when open-source training data was mistakenly made public during publishing, including sensitive information like secrets, keys, passwords, and over 30,000 internal Teams messages. The breach was attributed to an overly permissive SAS token in Azure, which is challenging to track and revoke. Furthermore, the README.md file in the repository provided developers with a link to download models from an Azure Storage URL, and unfortunately this link also unintentionally granted access to the entire storage account, leading to the exposure of additional private data. Microsoft promptly resolved the issue, emphasizing that no customer data was compromised. They have also enhanced token security to prevent future incidents. This incident highlights the importance of understanding the correct configurations for high value things such as SAS tokens.
This article is a prime example of how cybersecurity and politics can intersect with each other. The International Criminal Court is an institution that holds sensitive information about war crimes. It was noticed that there was unusual activity on the computer network. While it’s still unknown who was behind it, there are some key facts to keep in mind. In March, an arrest warrant was Issued for Putin being suspected on illegally deporting children in Russia who were originally from Ukraine.. While we can’t say Russia is behind this completely, we have a reason to suspect they may be behind this especially considering the ICC has been constantly investigating war crimes done by Russia onto Georgia and Ukraine, This teaches us to not only stay vigilant for unusual activity, but also it helps us understand that when looking at potential threats, you must examine what it is that organization does and why would their information be important to a hacker.
Airbus Data Breach Through Third-Party Pirated Software with Infostealing Malware
https://www.infosecurity-magazine.com/news/pirated-software-cause-airbus/
https://www.hudsonrock.com/blog/an-avoidable-breach-fbi-hacker-leaks-sensitive-airbus-data
Airbus, a European aerospace giant suffered a data breach through the exposed credentials of a third-party IT employee of Turkish Airlines (a third-party vendor to Airbus) who installed pirated Microsoft software with Redline information-stealing malware that gave access to the personal information of Airbus vendors such as name, addresses, email address, phone number etc. This information-stealing malware gave the hacker identified by the ‘USDoD’ alias belonging to the Ransomed ransomware group where the breach action was announced on the Breach Forum, the access to the data that was eventually leaked to the public.
In summary-
Vulnerability: exposed credentials of the Turkish airline IT employee
Threat: the hacker using the Redline information-stealing malware
Impact: the data exposure of Airbus vendor’s private information
Risk: identity theft, brand reputation, loss of customers etc. from the data exposure incident.
https://thehackernews.com/2023/09/cybercriminals-combine-phishing-and-ev.html
This article is about how the bad guys are using ransomware through phishing campaigns that can spread the initial payload to code signing certificates. It starts by using phishing emails to trick the other user into running the malicious attachments which are disguised as PDF or jpg images but are executables that start compromising your system the moment you run it. The phishing campaign is spreading a new and improved malware loader which is called DBatLoader. Its new capabilities indicate that it is actively kept to drop malicious programs that can collect sensitive information and remote control systems. The emails have been mainly singled out in English but are also found in Spanish and Turkish languages. The targets are people who use the Cisco Webex video conferencing software on Google to redirect them to a fake website that will activate the Bootloader malware. Once the loader establishes contact with your remote server it then downloads a second-stage encrypted payload which uses another stealer and keylogger malware, DanaBot.
https://thehackernews.com/2023/09/alert-phishing-campaigns-deliver-new.html
This article discusses how a hacking group called APT34 has started phishing campaigns. They are using a modified version of the Side Twist backdoor and a fresh variant of Agent Tesla.
APT34 employs spear phishing tactics by sending corrupted Microsoft Word and Excel files that take advantage of known vulnerabilities, in Microsoft Office. This allows them to run codes on the victim’s computer. The Side Twist backdoor enables them to download/upload files and execute commands establishing communication with a server for instructions. At the time the Agent Tesla variant can collect information from the victim’s device, such, as saved login credentials and keylogging data.
Warning: APT34 is currently launching phishing campaigns that distribute versions of Side Twist and Agent Tesla. To protect yourself be cautious when opening emails from sources that contain Microsoft Word or Excel attachments to avoid compromise.
The Scattered Spider hacking group recently claimed to have stolen six terabytes of data from major casino operators MGM Resorts International and Caesars Entertainment. While the group did not plan to make the data public and did not comment on whether they requested ransom, MGM and Caesars remained silent on the extent of the data breach. Caesars reported that hackers obtained data on a significant number of loyalty program members, including sensitive information like driver’s license numbers and social security numbers, but declined to comment on whether they paid a ransom. Scattered Spider, known for its social engineering tactics, has been linked to over 100 intrusions across various industries in the last two years. Both companies were working to resolve the cybersecurity issue, while the FBI was investigating the incidents. Operations at MGM were still disrupted several days after the hack, with slot machines displaying error messages at Las Vegas casinos. Some experts suggest that Scattered Spider may be a subgroup of the ALPHV ransomware hacking outfit.
https://www.reuters.com/business/casino-giant-caesars-confirms-data-breach-2023-09-14/
https://www.infosecurity-magazine.com/news/iranian-threat-group-thousands/
The article describes a six-month period of cyber espionage against global targets by the Iranian-backed APT group Peach Sandstorm. The group uses cryptojet techniques and exploits to gain access to targeted systems, and uses a range of tools for reconnaissance, persistence, and data breaches. The group leveraged Azure services and tools to persist and execute other attacks in the targeted environment, including the creation of new Azure subscriptions. The purpose of the group was to steal information that served Iran’s national interests, and its activities posed a threat to the confidentiality of its victims.
https://www.reference.com/world-view/cybersecurity-awareness?
This article is all about Cybersecurity awareness, means actively protecting your personal infrastructure and information. .A robust information security is needed in all organization to properly secure their information assets and to prevent hackers penetrating into your network. The subject may still seem somewhat new to you, but it’s only going to become a more pressing issue as society continues to develop technologically. On October 1, 2021, President Joe Biden told the nation, “I am committed to strengthening our cybersecurity by hardening our critical infrastructure against cyberattacks, disrupting ransomware networks, working to establish and promote clear rules of the road for all nations in cyberspace, and making clear we will hold accountable those that threaten our security. ”
https://www.securityweek.com/california-settles-with-google-over-location-privacy-practices-for-93-million/
Google has agreed to a $93 million settlement with the state of California over its location-privacy practices, following a $391.5 million settlement with 40 states in November 2022 regarding the tracking of users’ locations. The investigation was prompted by a 2018 Associated Press report revealing that Google continued to track user location data even after they had opted out. The settlement includes several restrictions, such as enhanced transparency in location tracking, disclosing the use of location data for ad personalization, and providing additional information to users when enabling location-related account settings. Google admitted no wrongdoing but stated that the matter was related to outdated product policies that had been changed in recent years.
Microsoft AI Researchers Accidentally Expose 38 Terabytes of Confidential Data | URL: https://thehackernews.com/2023/09/microsoft-ai-researchers-accidentally.html
This article covers Microsoft’s recent significant security breach where 38 terabytes of private data was inadvertently exposed in its AI GitHub repository. This occurred when open-source training data was mistakenly made public during publishing, including sensitive information like secrets, keys, passwords, and over 30,000 internal Teams messages. The breach was attributed to an overly permissive SAS token in Azure, which is challenging to track and revoke. Furthermore, the README.md file in the repository provided developers with a link to download models from an Azure Storage URL, and unfortunately this link also unintentionally granted access to the entire storage account, leading to the exposure of additional private data. Microsoft promptly resolved the issue, emphasizing that no customer data was compromised. They have also enhanced token security to prevent future incidents. This incident highlights the importance of understanding the correct configurations for high value things such as SAS tokens.
https://www.reuters.com/world/international-criminal-court-reports-cybersecurity-incident-2023-09-19/
This article is a prime example of how cybersecurity and politics can intersect with each other. The International Criminal Court is an institution that holds sensitive information about war crimes. It was noticed that there was unusual activity on the computer network. While it’s still unknown who was behind it, there are some key facts to keep in mind. In March, an arrest warrant was Issued for Putin being suspected on illegally deporting children in Russia who were originally from Ukraine.. While we can’t say Russia is behind this completely, we have a reason to suspect they may be behind this especially considering the ICC has been constantly investigating war crimes done by Russia onto Georgia and Ukraine, This teaches us to not only stay vigilant for unusual activity, but also it helps us understand that when looking at potential threats, you must examine what it is that organization does and why would their information be important to a hacker.