Home Depot confirmed a data breach involving employee information due to a third-party software vendor error. The breach exposed names, corporate IDs, and email addresses, with data leaked on the Dark Web. Experts emphasize the importance of rigorous testing and regular audits of SaaS vendors to prevent such incidents. This breach follows a larger one a decade ago involving customer credit card data.
The board has criticized Microsoft for a series of security deficiencies that led to the breach of nearly two dozen companies across Europe and the U.S. by a China-based nation-state group called Storm-0558 last year.
The Department of Homeland Security (DHS) found that the intrusion was preventable and that it became successful due to a “cascade of Microsoft’s avoidable errors”, identifying a series of Microsoft’s operational and strategic decisions that collectively pointed to a corporate culture that deprioritized enterprise security investments and rigorous risk management.
The first incident reported: July 2023 when Microsoft revealed that Storm-0558 gained unauthorized access to 22 organizations as well as more than 500 related individual consumer accounts.
Another: In September 2023, the company divulged that Storm-0558 acquired the consumer signing key to forging the tokens by compromising an engineer’s corporate account that had access to a debugging environment hosting a crash dump of its consumer signing system that also inadvertently contained the signing key.
Microsoft has since acknowledged in a March 2024 update that it was inaccurate and that it has not still been able to locate a “crash dump containing the impacted key material.” It also said its investigation into the hack remains ongoing.
Hackers exploit Magento bug to steal payment data from E-commerce websites by injecting a persistent backdoor into the websites. The attack has been described by adobe of improper neutralization of special elements which could pave the way for arbitrary code execution. It discovers the crafted layout template in the database to inject malicious code to execute commands. Since the layout block is connected to the checkout cart the commands are executed whenever the store checkout cart is requested. Once they insert the code execution backdoor that’s when the person delivers a stripe payment skimmer to capture and exfiltrate people’s financial information to another Magento store.
Acuity Responds to US Government Data Theft Claims, Says Hackers Obtained Non-Sensitive Info https://www.securityweek.com/acuity-responds-to-us-government-data-theft-claims-says-hackers-obtained-old-info/
Acuity, the tech firm from which hackers claim to have stolen data belonging to the US Department of State and other government agencies, has confirmed experiencing a cybersecurity incident, but says the compromised data is not sensitive.
According to its website, Acuity is a technology consulting firm that “offers deep domain expertise to federal agencies whose missions center on serving and protecting the nation’s citizens, global reputation, and critical assets
A well-known hacker named IntelBroker announced this week on a cybercrime forum the release of documents belonging to “the Five Eyes Intelligence Group”. The cybercriminal said the data comes from Acuity and it includes names, emails, phone numbers, email addresses and other information, as well as what he claims to be “classified communications and information”.
In an exclusive conversation with the hacker, Hackread.com learned that they had exploited a critical 0-day vulnerability in GitHub. Despite not disclosing technical details of the Proof of Concept (PoC) regarding the alleged vulnerability, the hacker claimed that this flaw enables attackers to steal GitHub tokens and advance their malicious activities.
IntelBroker has been making claims about obtaining US government data for more than a year. In several cases, the data has been confirmed to originate from third-party service providers. In some instances, he claimed the data was obtained directly from government systems, but some of those claims seemed false or exaggerated.
The hacker first mentioned targeting Acuity in early March, after he offered to sell data allegedly belonging to Immigration and Customs Enforcement (ICE) and United States Citizenship and Immigration Services (USCIS)..
https://thehackernews.com/2024/04/researchers-discover-lg-smart-tv.html
Researchers from Bitdefender discovered vulnerabilities in LG smart TVs’ webOS that could let attackers gain root access. These vulnerabilities, numbered CVE-2023-6317 to CVE-2023-6320, were reported in November 2023 and fixed by LG in March 2024. They span various webOS versions and allow unauthorized actions like bypassing PIN verification, privilege escalation, command injection, and injecting authenticated commands. Over 91,000 exposed devices were identified worldwide, mainly in South Korea, Hong Kong, the U.S., Sweden, Finland, and Latvia. LG has addressed these issues through software updates.
https://www.infosecurity-magazine.com/news/malware-latrodectus-linked-icedid/
Cybersecurity experts have uncovered a new malware loader called “Latrodectus,” first seen in November 2023 and linked to multiple campaigns since February 2024. Initially mistaken for a variant of IcedID, it’s now confirmed as a separate entity, likely made by the same developers. Used by initial access brokers, it functions to download payloads and run commands. Proofpoint’s analysis reveals its sophistication in evading detection and its dynamic operational techniques, suggesting it will likely become more widespread, especially among those previously deploying IcedID. This poses ongoing challenges for cyber defense.
Home Depot confirmed a data breach involving employee information due to a third-party software vendor error. The breach exposed names, corporate IDs, and email addresses, with data leaked on the Dark Web. Experts emphasize the importance of rigorous testing and regular audits of SaaS vendors to prevent such incidents. This breach follows a larger one a decade ago involving customer credit card data.
https://www.darkreading.com/cyberattacks-data-breaches/home-depot-hammered-by-supply-chain-data-breach
U.S. Cyber Safety Board Slams Microsoft Over Breach by China-Based Hackers
https://thehackernews.com/2024/04/us-cyber-safety-board-slams-microsoft.html
The board has criticized Microsoft for a series of security deficiencies that led to the breach of nearly two dozen companies across Europe and the U.S. by a China-based nation-state group called Storm-0558 last year.
The Department of Homeland Security (DHS) found that the intrusion was preventable and that it became successful due to a “cascade of Microsoft’s avoidable errors”, identifying a series of Microsoft’s operational and strategic decisions that collectively pointed to a corporate culture that deprioritized enterprise security investments and rigorous risk management.
The first incident reported: July 2023 when Microsoft revealed that Storm-0558 gained unauthorized access to 22 organizations as well as more than 500 related individual consumer accounts.
Another: In September 2023, the company divulged that Storm-0558 acquired the consumer signing key to forging the tokens by compromising an engineer’s corporate account that had access to a debugging environment hosting a crash dump of its consumer signing system that also inadvertently contained the signing key.
Microsoft has since acknowledged in a March 2024 update that it was inaccurate and that it has not still been able to locate a “crash dump containing the impacted key material.” It also said its investigation into the hack remains ongoing.
https://thehackernews.com/2024/04/hackers-exploit-magento-bug-to-steal.html
Hackers exploit Magento bug to steal payment data from E-commerce websites by injecting a persistent backdoor into the websites. The attack has been described by adobe of improper neutralization of special elements which could pave the way for arbitrary code execution. It discovers the crafted layout template in the database to inject malicious code to execute commands. Since the layout block is connected to the checkout cart the commands are executed whenever the store checkout cart is requested. Once they insert the code execution backdoor that’s when the person delivers a stripe payment skimmer to capture and exfiltrate people’s financial information to another Magento store.
Acuity Responds to US Government Data Theft Claims, Says Hackers Obtained Non-Sensitive Info
https://www.securityweek.com/acuity-responds-to-us-government-data-theft-claims-says-hackers-obtained-old-info/
Acuity, the tech firm from which hackers claim to have stolen data belonging to the US Department of State and other government agencies, has confirmed experiencing a cybersecurity incident, but says the compromised data is not sensitive.
According to its website, Acuity is a technology consulting firm that “offers deep domain expertise to federal agencies whose missions center on serving and protecting the nation’s citizens, global reputation, and critical assets
A well-known hacker named IntelBroker announced this week on a cybercrime forum the release of documents belonging to “the Five Eyes Intelligence Group”. The cybercriminal said the data comes from Acuity and it includes names, emails, phone numbers, email addresses and other information, as well as what he claims to be “classified communications and information”.
In an exclusive conversation with the hacker, Hackread.com learned that they had exploited a critical 0-day vulnerability in GitHub. Despite not disclosing technical details of the Proof of Concept (PoC) regarding the alleged vulnerability, the hacker claimed that this flaw enables attackers to steal GitHub tokens and advance their malicious activities.
IntelBroker has been making claims about obtaining US government data for more than a year. In several cases, the data has been confirmed to originate from third-party service providers. In some instances, he claimed the data was obtained directly from government systems, but some of those claims seemed false or exaggerated.
The hacker first mentioned targeting Acuity in early March, after he offered to sell data allegedly belonging to Immigration and Customs Enforcement (ICE) and United States Citizenship and Immigration Services (USCIS)..
https://thehackernews.com/2024/04/researchers-discover-lg-smart-tv.html
Researchers from Bitdefender discovered vulnerabilities in LG smart TVs’ webOS that could let attackers gain root access. These vulnerabilities, numbered CVE-2023-6317 to CVE-2023-6320, were reported in November 2023 and fixed by LG in March 2024. They span various webOS versions and allow unauthorized actions like bypassing PIN verification, privilege escalation, command injection, and injecting authenticated commands. Over 91,000 exposed devices were identified worldwide, mainly in South Korea, Hong Kong, the U.S., Sweden, Finland, and Latvia. LG has addressed these issues through software updates.
https://www.infosecurity-magazine.com/news/malware-latrodectus-linked-icedid/
Cybersecurity experts have uncovered a new malware loader called “Latrodectus,” first seen in November 2023 and linked to multiple campaigns since February 2024. Initially mistaken for a variant of IcedID, it’s now confirmed as a separate entity, likely made by the same developers. Used by initial access brokers, it functions to download payloads and run commands. Proofpoint’s analysis reveals its sophistication in evading detection and its dynamic operational techniques, suggesting it will likely become more widespread, especially among those previously deploying IcedID. This poses ongoing challenges for cyber defense.