Life360 faces extortion attempt, White House reports increase in federal attacks, Black Basta exploits zero-day flaw in windows
Subscribe to Cyber Security Headlines podcast
Spotify, Apple Podcasts, RSS link, add as an Alexa Skill, or search "Cyber Security Headlines" on your favorite podcast app.
In today’s cybersecurity news…
Life360 faces extortion attempt after Tile data breach
Life360, the parent company of Tile, a bluetooth tracking device reported an extortion attempt following a data breach in Tile’s customer support platform. The breach reportedly exposed personal information including names, addresses, email addresses, and phone numbers but did not compromise sensitive information like credit card numbers or location data primarily because that data is not stored on the customer support platform. 404 Media reports the hacker used stolen credentials of a former Tile employee to gain access to the systems. Life360 confirms the hackers have tried to extort the company to get their data back but has not released how many customers are impacted.
White House report highlights increase in federal attacks
A new White House report reveals that 11 US federal agencies reported a 9.9% increase in cybersecurity incidents in 2023, totaling 32,211 cases. The most common incident was “improper usage,” while phishing and malicious emails saw the largest year-on-year increase. Significant breaches included ransomware attacks on the Department of Health and Human Services, repeated data exposures at the Treasury Department, and successful phishing of an employee at the Office for the Inspector General. According to the official White House release, the report is to be used as an outline for the administration’s cyber investment priorities.?
Russian hacker with ties to LockBit and Conti gangs arrested
I’m not sure who’s keeping score, but the LockBit ransomware gang takes another hit as Ukrainian cyber police announce the arrest of a 28-year-old Russian man in Kyiv. The suspect, affiliated with both the Conti and LockBit ransomware gangs, allegedly developed malware that was difficult for antivirus software to detect. You could say the man was a “hacker for hire,” selling his services for cryptocurrency to the two notorious gangs. According to a Dutch police report, the suspect was arrested as part of “Operation Endgame”—one of the largest international law enforcement actions against botnets. This operation led to the takedown or disruption of 100 servers used by criminals and the seizure of over 2,000 malicious domains.
Black Basta exploits zero-day flaw in windows?
Symantec has found that the Black Basta ransomware group exploited a privilege escalation flaw (CVE-2024-26169) in the Windows Error Reporting Service as a zero-day before it was patched in March 2024. This vulnerability allows attackers to gain SYSTEM privileges, which attributes to the CVSS score of 7.8. The attackers, linked to the Cardinal group, used an exploit tool compiled before the patch release, leveraging the flaw to create registry keys and start a shell with administrative privileges.?
领英推荐
And now a word from our sponsor, Vanta
Google wants you to patch that???
Google has released patches for 50 security vulnerabilities affecting Pixel devices, including a high-severity zero-day flaw (CVE-2024-32896) that has been exploited in targeted attacks. The company urges users to update their devices to the 2024-06-05 patch level. Additionally, the update addresses 44 other security bugs, including seven critical privilege escalation vulnerabilities.
Ransomware gang exploits newly disclosed PHP vulnerability
Just days after being publicly disclosed, a recent PHP vulnerability (CVE-2024-4577) leading to remote code execution was exploited by the TellYouThePass ransomware group. Imperva reports that the ransomware was deployed via WebShell uploads and other methods, exploiting the vulnerability that left both Windows and Linux systems exposed. Active since 2019, this group has a history of leveraging known vulnerabilities like Apache ? Log4j and Apache ActiveMQ Server.?
Hackers target Toronto school board
In a letter to parents, the Toronto School Board (TDSB) announced they discovered an attack on their technology testing environment. It should be noted that these test environments are separate from the board’s official networks. TDSB is the largest in Canada, managing 582 schools and more than 230,000 students. A representative from the school board says systems are operational and they are currently investigating if there was any impact on the network or if any personal information was taken.
Scattered Spider finds new home
The Scattered Spider cybercrime group has joined forces with the RansomHub ransomware-as-a-service (RaaS) operator, according to GuidePoint Security. This transition occurred after ALPHV/BlackCat disbanded following a ransom payment from Change Healthcare in March 2024. GuidePoint’s analysts connected Scattered Spider to RansomHub through their shared tactics, techniques, and procedures, including social engineering and attacks on ESXi environments.?