Cybersecurity News & Updates - August, 2023
Inspirisys Solutions Limited (a CAC Holdings Group Company)
Experience Possibilities
Check out the latest updates on high vulnerabilities, data breaches and ransomware attacks.
High Vulnerabilities
Two vulnerabilities affecting some versions of Jupiter X Core, a premium plugin for setting up WordPress and WooCommerce websites, allow hijacking accounts and uploading files without authentication. Jupiter X Core is an easy-to-use yet powerful visual editor, part of the Jupiter X theme, which is used in over?172,000?websites. Read more
Several major companies have published security advisories in response to the recently disclosed Intel CPU vulnerability named Downfall.?Discovered by Google researchers and officially tracked as CVE-2022-40982,?Downfall?is a side-channel attack method that allows a local attacker — or a piece of malware — to obtain potentially sensitive information such as passwords and encryption keys from the targeted device. Read more
Four security vulnerabilities in the ScrutisWeb ATM fleet monitoring software made by Iagona could be exploited to remotely break into ATMs, upload arbitrary files, and even reboot the terminals. The shortcomings were discovered by the Synack Red Team (SRT) following a client engagement. The issues have been addressed in ScrutisWeb version 2.1.38. Read more
A high-severity security flaw has been disclosed in the WinRAR utility that could be potentially exploited by a threat actor to achieve remote code execution on Windows systems. Read more
Thousands of?Openfire XMPP servers?are unpatched against a recently disclosed high-severity flaw and are susceptible to a new exploit, according to a?new report?from VulnCheck. Tracked as?CVE-2023-32315?(CVSS score: 7.5), the vulnerability relates to a path traversal vulnerability in Openfire's administrative console that could permit an unauthenticated attacker to access otherwise restricted pages reserved for privileged users. Read more
Ransomware Attacks
Cloud host CloudNordic says most of its customers have “lost all data with us” following a ransomware attack on its data center systems, including its backups. The Denmark-based cloud company said the ransomware attack began Friday, during which cybercriminals “shut down all systems,” including its website and email, and encrypted customer systems and websites. Read more
领英推荐
There's mounting evidence that Akira ransomware targets Cisco VPN (virtual private network) products as an attack vector to breach corporate networks, steal, and eventually encrypt data. Akira ransomware is a relatively new ransomware operation?launched in March 2023, with the group later?adding a Linux encryptor?to target VMware ESXi virtual machines. Read more
The leak of the?LockBit 3.0 ransomware?builder last year has led to threat actors abusing the tool to spawn new variants. Russian cybersecurity company Kaspersky said it detected a ransomware intrusion that deployed a version of LockBit but with a markedly different ransom demand procedure. Read more
The Rhysida ransomware gang has claimed responsibility for the massive cyberattack on Prospect Medical Holdings, claiming to have stolen 500,000 social security numbers, corporate documents, and patient records. The attack is believed to have occurred on August 3rd, with employees finding ransom notes on their screens stating that their network was hacked and devices encrypted. Read more
Data Breaches
Data breaches have become more common in recent years, despite an increased focus being placed on cybersecurity in recent years. There has been another data breach at Discord.io this time, unfortunately, as the company is now one of the victims of such attacks. Read more
London’s Metropolitan Police force said Sunday it was taking security measures after “unauthorized access to the IT system of one of its suppliers", following data breaches at other forces. The company in question had access to the names, ranks, photos, vetting levels and pay numbers for officers and staff, but not addresses, phone numbers or financial details, it said. Read more
A hacktivist group known as?Mysterious Team Bangladesh?has been linked to over 750 distributed denial-of-service (DDoS) attacks and 78 website defacements since June 2022. "The group most frequently attacks logistics, government, and financial sector organizations in India and Israel," Singapore-headquartered cybersecurity firm Group-IB said in a?report?shared with The Hacker News. Read more
Byju’s, the edtech giant and India’s?most valuable startup, has fixed a server-side misconfiguration that was exposing sensitive data of its students. The Indian startup exposed some students’ names, phone numbers, addresses and email IDs. The exposed data also included loan details such as payouts, links to scanned documents and transactional information related to some students. Read more
The MOVEit mass hacks will likely go down in history as one of the largest and most successful cyberattacks of all time. By exploiting a vulnerability in Progress Software’s MOVEit managed file transfer service, used by thousands of organizations to securely transfer large amounts of often-sensitive files, hackers were able to inject SQL commands and access customers’ sensitive data. Read more