Payment processing breach, dark web admins charged, Predator spyware resurges
Subscribe to Cyber Security Headlines podcast
Spotify, Apple Podcasts , RSS link , add as an Alexa Skill , or search "Cyber Security Headlines" on your favorite podcast app.
In today’s cybersecurity news…
1.7 million impacted in payment processing breach?
In an ironic twist, payment gateway provider Slim CD says they’ve swiftly initiated an investigation into a breach affecting around 1.7 million individuals. While the company claims to be moving quickly to address the issue, the breach actually occurred in August 2023 but went undetected until almost a year later in June 2024. Information exposed in the attack includes names, physical addresses, credit card numbers, and payment card expiration dates. Despite the impact, Slim CD has not offered any free identity theft protection services to those affected, instead advising individuals to stay vigilant and order a free credit report.?
Dark web administrators charged in U.S.
Two alleged cybercriminals, Alex Khodyrev and Pavel Kublitskii, were arrested in Miami for running the Russian-language cybercrime forum WWH Club, which facilitated the buying and selling of stolen personal, financial, and banking data for over a decade.? FBI investigators infiltrated the site, even attending fraud training sessions and purchasing stolen data tied to high-profile breaches. Despite the arrests, WWH Club remains active with over 350,000 users worldwide, though accounts tied to the two suspects have been removed.
Resurgence of Predator Spyware sparks privacy concerns
Recorded Future warns the Predator spyware is resurfacing with new infrastructure, following a dip in activity after U.S. sanctions against its creators, the Intellexa Consortium. Despite earlier sanctions by the U.S. government aimed at stopping the distribution of Predator, the spyware is now being deployed in other regions.? ? Although the spyware has improved its infrastructure to evade detection, the threat remains significant, especially for high-profile individuals like journalists, politicians, and executives. Predator continues to utilize both “one-click” and “zero-click” exploits, posing ongoing risks in global surveillance and espionage operations.
领英推荐
Avis breach impacts almost 300,000 customers
An update to a story we first brought to you on Monday: Car rental company Avis is now reporting that a breach discovered last week has impacted over 299,000 of its customers, which, according to Bleeping Computer, is less than 1% of the company’s customer base. The threat actor was able to access business applications last month and stole personal information, including names and other undisclosed data.
Huge thanks to our sponsor, Vanta
North Korean hackers launch parallel attacks????
The North Korean-linked hacking group Konni, also associated with Kimsuky, has been ramping up espionage campaigns targeting both Russia and South Korea, using similar tactics and techniques. According to researchers, the group uses phishing emails to deliver malware and gain control over systems, with the primary objective of cyber espionage. The fact that Konni employs identical strategies in both countries suggests an adaptable playbook, which researchers are prompting security specialists to be especially aware of.?
Mustang Panda exploits Visual Studio Code in new espionage campaign
China-linked APT group Mustang Panda has been leveraging Visual Studio Code’s reverse shell feature to gain access to government networks in Southeast Asia, according to researchers at Palo Alto Networks Unit 42. This marks a new technique in the group’s long-standing cyber espionage operations, which date back to 2012. The campaign appears to be connected to a September 2023 attack, but it’s unclear whether two different threat actors are collaborating or independently exploiting the same vulnerabilities.
Cyber attacks shut down schools in two countries
Two different schools, facing seemingly unrelated attacks, were forced to close on the same day. The first incident involved the Highline Public School District in Washington state, which announced on Monday that they had detected unauthorized activity on their technology systems, leading to the shutdown of all classes and activities. While there is no confirmation yet on whether personal information was exposed or the nature of the attack, on the other side of the pond, a high school in London also has confirmed they’ve had to close their doors due to a ransomware attack. This school’s principal sent a letter to parents last week explaining that what initially appeared to be an IT issue turned out to be “worse than hoped” and was, in fact, a ransomware incident. The impacted schools in the U.S. are expected to resume operations on Tuesday while the school in London will be shut down for the majority of the? week.??????