Notable breaches and attacks

26 Billion Records Revealed in Landmark Breach

A massive data breach, known as the "Mother of All Breaches" (MOAB), has been uncovered, exposing a record-breaking 26 billion records. This incident ranks among the largest breaches ever recorded. The 12-terabyte database, found on an open storage instance, is causing significant concern in the cybersecurity community. Experts are particularly alarmed about potential misuse, including identity theft, credential stuffing, phishing scams, and unauthorized access. The breached records involve users from major platforms like Canva , X , LinkedIn , Dropbox , Adobe , Telegram Messenger , and sensitive data from U.S. government organisations. Now even more than ever is the time to enable MFA across all platforms.

Cambridge University Distributed Denial of Service (DDoS)

英国剑桥大学 battled with a widespread Distributed Denial of Service (DDoS) attack, that caused disruptions to critical education IT services like Moodle and CamSIS. The attack was not exclusive to Cambridge, several universities and higher education institutions across the UK also reported similar attacks. Dr. Stuart Rankin, head of User Services at the University's research computing services centre, confirmed the news, describing the attack as a deliberate flood of data generated by a significant number of compromised machines. Anonymous Sudan claimed responsibility for the attack, citing the UK's support for Israel and involvement in the Gaza genocide and Yemen bombing campaigns. This incident highlights the growing concerns about the vulnerability of academic institutions to cyber threats, emphasising the need for advanced measures in detection, prevention, and response.

AnyDesk

AnyDesk Software recently faced a cyberattack compromising its production systems and potentially leading to the exposure of user passwords and sensitive information. Though the company has restored services, the technical details of the incident remain unclear. The breach prompted AnyDesk to revoke passwords and advise users to update reused passwords on other platforms. Cybersecurity firm Resecurity discovered 18,317 AnyDesk customer credentials for sale on the dark web, reinforcing the risk of technical support scams and phishing. While AnyDesk claims its systems are designed not to store exploitable data, the breach raises concerns about the exposure of license keys, customer information, and code signing certificates. If you haven’t already ensure you update to AnyDesk versions 7.0.15 and 8.0.8.

Hacks, Cybercrime & Threat Intel

LockBit Resurrection

The LockBit ransomware group has unsurprisingly resumed shortly after a recent global law enforcement effort dismantled its infrastructure. Despite the disruption caused by a global takedown, LockBit's leader defiantly relisted alleged victim organisations on the new site. Infosec experts have confirmed that whilst the reemergence is not surprising, it underscores the persistent challenges faced by authorities in combating ransomware. The global takedown, celebrated as a significant win, resulted in arrests of alleged LockBit affiliates and the seizure of approximately 11,000 domains and servers worldwide. Although LockBit's return is viewed as a potential diminished threat, cybersecurity analysts emphasize the ongoing challenges in permanently neutralizing such resilient cybercriminal groups.

Matthew Perry

Hackers have taken control of the late Friends star X's Twitter account and exploited it to establish a fraudulent charitable foundation in memory of the star, who tragically passed away last October. The fraudsters are urging people to contribute using, yes you guessed it, cryptocurrency. The Matthew Perry Foundation is advising against making donations on that fraudulent site or spreading those misleading posts on social media. The official foundation website can be accessed at; https://matthewperryfoundation.org/homepage/

Change Healthcare

AlphaV ransomware gang are believed to behind a cyberattack that crippled a significant number of pharmacies operations across the U.S. Change Healthcare, operated by UnitedHealth Group , a prescriptions and payment processing platform were one of the major organisations impacted by the attack. Interestingly, the company initially believed the attack to be led by a nation state threat actor, these new findings confirm otherwise.

ConnectWise

ConnectWise ScreenConnect is currently under mass exploitation due to easily exploitable Remote Code Execution (RCE) flaws. Concerns have emerged regarding compromised production systems in response to the AnyDesk breach. Organizations are prioritising addressing vulnerabilities such CVE-2024-1709 for ConnectWise ScreenConnect.

Infosec Research & Vulnerabilities

Tor Project

Tails 6.0 the latest release from of the privacy-focused Tor Project operating system, offers a host of new features and enhancements aimed at bolstering user security and usability. highlighting its advancements in error detection, automatic device mounting, protection against malicious USB devices, visual customization options, and more.

Microsoft Patch Tuesday

微软 's February 2024 Patch Tuesday reveals critical Outlook and vulnerabilities, including CVEs impacting SmartScreen. Patches for Microsoft Exchange servers and the other vulnerable applications should be quickly applied.

CVE 2024-21410 affects up to 97,000 Exchange servers, with APT groups currently exploiting these vulnerabilities.

CVE 2024-21413 poses a serious threat in Microsoft Outlook, enabling unauthorised access or remote code execution if a malicious link is crafted to circumvent the Protected View Protocol. This could lead to bypassing the Office Protected View and gaining entry in editing mode instead of the intended protected mode.

Legal & Compliance

New GDPR enforcement procedure

Members of the European Parliament 's (MEPs) have approved new enforcement procedural rules for GDPR. These rules address cooperation, dispute resolution mechanisms, and set deadlines for cross-border procedures. Notably, the draft emphasises that amicable settlements should require explicit consent from involved parties and should not impede supervisory authorities from initiating independent investigations. The MEPs' stance ensures that the parties have the right to effective judicial remedies, especially when regulatory actions are inadequate, or deadlines are not adhered to.

Surveillance in Schools

According to Privacy International, certain schools in the UK have purchased and implemented sensors in bathrooms that actively monitor students' conversations to identify specific keywords. While these sensors do not record or store the actual conversations, they generate alerts for staff when triggered. Additionally, some schools are integrating these auditory sensors with surveillance cameras, allowing them to capture footage of students exiting bathrooms when activated by a vaping sensor.

Conclusions

This never-ending onslaught of data breaches and cyber threats really hits home the security challenges our digital and physical world faces. The staggering "Mother of All Breaches," revealing 26 billion records, serves to reinforce the urgent need for more investment in by the big tech firms in cybersecurity skills and robust cybersecurity controls and measures. The resurgence of ransomware attacks, symbolised by LockBit's unfortunate swift return, highlights the ongoing battle against resilient cybercriminal groups.

Then there’s the uneasy fusion of technology and privacy unfolding in UK schools, where the active monitoring of students raises serious ethical questions about student privacy and safety, surveillance boundaries, and the allocation of precious education resources.

As the security industry, legislators and businesses confront these cyber threats head on, there's a compelling call for additional compliance measures to help further safeguard against these vulnerabilities, whilst protecting individuals privacy. Reflecting on the Matthew Perry Twitter hack, which exposed a gap in securing accounts of the deceased, reminds us all of the important measures big tech companies should be putting in place to disable the logins of our deceased love ones accounts in order to prevent unauthorised, posthumous use, stressing the immediate need to evolve digital legacy policies and procedures of those no longer with us.

?