Halliburton cyberattack costs, Israel credit card DDoS, Forth announces breach
Subscribe to Cyber Security Headlines podcast
Spotify, Apple Podcasts , RSS link , add as an Alexa Skill , or search "Cyber Security Headlines" on your favorite podcast app.
In today’s cybersecurity news…
Cyberattack cost Halliburton $35 million thus far
Following up on a story we covered in late August, the attack on Halliburton, one of the largest oilfield service providers in the world, cost the company $35 million by the end of September. RansomHub is believed to be the group behind the attack, but this has not been officially confirmed. According to Security Week, “Halliburton has yet to confirm that the incident was a ransomware attack, but its brief description suggests that it was. The company has confirmed that hackers accessed and exfiltrated information from its corporate systems.”
DDoS attack makes credit card readers malfunction in Israel
Customers at supermarkets and gas stations were apparently unable to make payments during a DDoS attack that had been launched against the payment gateway company Hyp and its CreditGuard product. The attack, which lasted around an hour, disrupted communications between the card terminals and the wider payment system, but did not steal information or payments. An Iran-linked hacker group has apparently claimed responsibility, but this has not been confirmed. This is far from the first time this type of attack has happened in Israel. The most recent, prior to this, occurred in October at the payment firm Sheba.
(The Record )
Debt relief firm Forth announces data breach for customers and non-customers
The breach which occurred on May 21 of this year now sees debt relief solutions provider Forth – its full legal name is Set Forth – notifying 1.5 million individuals that their personal information had been compromised. Although the breach occurred in May, it was on July 1 that the company confirmed that attackers had accessed certain documents on its systems. The affected individuals might not even have been customers of Forth, but may be customers of Centrex Software, which “provides cloud-based customer relationship management solutions powered by the Set Forth platform. This platform allows businesses to collect and share consumer information, with their permission, between its users,” the company says.
Secure-by-design hits 6-month mark, progress being made
In an interview with Recorded Future News, Jack Cable, a senior technical adviser at CISA who has been championing the effort, says 248 companies signed the pledge, and most are taking it seriously. Secure-by-design includes a pledge from software companies to the Biden administration and their own customers that they would “adopt seven key digital security practices within a year.” Cable says he is seeing “significant impacts across the internet ecosystem,” and that the progress has exceeded expectations.” He has pointed out “Microsoft’s expansion of multi-factor authentication, Google’s improvements to secure code development and Fortinet’s new requirement that customers receive automatic security updates” as examples.
(The Record )
Huge thanks to our sponsor, ThreatLocker
Hackers using ZIP file concatenation to evade detection
This new technique was identified by researchers at Perception Point, who “discovered a concatenated ZIP archive hiding a trojan while analyzing a phishing attack that lured users with a fake shipping notice.” In essence, threat actors “create two or more separate ZIP archives and hide the malicious payload in one of them, leaving the rest with innocuous content. The separate files are concatenated into one by appending the binary data of one file to the other, merging their contents into one combined ZIP archive. Although the final result appears as one file, it contains multiple ZIP structures, each with its own central directory and end markers.” This allows the malware to bypass security solutions.
Windows 11 will add a Share button to Start menu and Taskbar
In case customers feel they do not already have enough ways to share files, links, or text, a button will soon be available to allow everyone to share via email, to nearby devices, or installed apps like X. This is largely because not all apps have this option individually. This feature is still being tested in preview builds, and there is no confirmed deadline for the release of this feature.
New version of Remcos RAT appears
According to researchers at Fortinet, this new variant of the commercial malware Remcos RAT. Remcos itself is a legitimate remote administration tool that allows regular users to operate other computers remotely. Threat actors, however, use its technology for more malicious activities. In this situation, victims receive a phishing message containing a malicious Excel document disguised as a purchase order. This Excel file accesses a shortened URL that redirects to a specific IP address, and the process unfolds from there. The malicious code maintains persistence by adding a new auto-run item to the system registry.
DNA firm holding highly sensitive data vanishes without warning
Atlas Biomed is a company based in London, England, and which offered to provide insights into people’s genetic makeup and predisposition to certain illnesses. It has recently ceased operations “without telling its customers what has happened to the highly sensitive data they shared with it.” All activity, including on social media has ceased and its London office stands empty. The company has links to Russia. It used to have 8 official positions, although according to the BBC, four of its officers have resigned, and the two apparently remaining officers are listed at the same address in Moscow – as is a Russian billionaire, who is described as a now resigned director.
(BBC News )
CISSP | Helping MSPs, SOC Teams, Cloud Solution Security Providers | Expert in Hybrid, Cloud Deployment and Cybersecurity | AZ-500 | AZ-400 | SC-100
4 天前CISO Series Thank you for sharing these updates. It's evident that cybersecurity threats are evolving rapidly, and the impact on businesses and consumers is profound. One key takeaway is the critical importance of proactive cybersecurity measures and continuous monitoring. Companies should invest in advanced threat detection systems and employee training to mitigate risks. It's also encouraging to see initiatives like the Secure-by-design pledge making strides; collaboration and commitment across the industry are essential for a more secure digital ecosystem. If Hackers are working so hard, we, the Defenders, how can we dare to left behind? The fight between Hackers and Defenders was here before us and will be here after us. To stay ahead and become champions in this fight, we, the defenders need to adopt a proactive, multi-faceted approach that includes the philosophy that cybersecurity is not a destination but a journey of continuous improvement and adaptation. The key is to remain vigilant, proactive, and committed to excellence in defending against cyber threats...