Schneider Electric breached again, Russia behind fake video, Ohio’s ransomware lawsuits
Subscribe to Cyber Security Headlines podcast
Spotify, Apple Podcasts, RSS link, add as an Alexa Skill, or search "Cyber Security Headlines" on your favorite podcast app.
In today's cybersecurity news...
Schneider Electric breached for second time this year
Schneider Electric confirmed a breach on its developer platform after a threat actor named “Grep” claimed to have stolen 40GB of data from the company’s JIRA server. The intruder reportedly used exposed credentials and a MiniOrange REST API to scrape 400,000 rows of user data, including 75,000 unique email addresses and full names of Schneider Electric employees and customers though the company emphasized their products and services remain unaffected. Grep, who is part of a newly formed hacking group called International Contract Agency (ICA), had threatened to leak the data if the company did not acknowledge the breach, so we’ll have to wait and see what the threat actor does next. This is not the first time Schneider Electric was breached this year, in January the company sustainability division was ransomed and terabytes of data was allegedly stolen.?
U.S. says Russia behind fake Haitian voter video
As election da y is in full swing, multiple U.S. government agencies have accused Russia for being behind a recent fake video, showing alleged Haitian voters with multiple IDs voting illegally in Georgia counties and encouraging others to immigrate under false citizenship promises. Georgia’s Secretary of State Brad Raffensperger condemned the video as a disinformation effort and urged social media platforms, particularly X (where the video remains available as of this report), to remove it. The BBC independently confirmed the video as disinformation, identifying elements like fake addresses and stock photos used in the footage.
Ohio’s capital city faces lawsuits for handling of ransomware attack?
A ransomware attack on Columbus, Ohio, in July led to the exposure of over 500,000 residents’ data, including Social Security numbers, bank account details, and addresses. Although city officials initially claimed no data was stolen, the Rhysida ransomware group published 6.5 terabytes of data on the dark web, including sensitive information related to police and prosecutor databases. The city faced backlash for suing a researcher who exposed the breach, eventually dropping the lawsuit under a restrictive settlement. As lawsuits from affected employees and service restoration efforts continue, the city plans to release a full report in December.??
Phishing scheme criminal sentenced
A Nigerian man will be behind bars in the U.S. for 26 years for stealing millions through elaborate phishing schemes. The UK resident was extradited to the U.S. in April 2024 on wire fraud and aggravated identity theft charges. The scheme primarily targeted real estate businesses, where the criminal used phishing tactics to compromise an email, monitor conversations, and intercept large transactions, rerouting wire payment instructions to fake accounts. The criminals were able to access $12 million, though prosecutors argued that intended losses were upwards of $100 million.
领英推荐
Thanks to today’s episode sponsor, Vanta
Google claims first vulnerability found using AI????
Google’s Big Sleep project, a collaboration between Project Zero and DeepMind, recently uncovered its first real-world vulnerability: a stack buffer underflow in SQLite. Found with the help of an AI model in October, this flaw went undetected by traditional fuzzing, sparking interest in AI as a supplementary tool for vulnerability research. Though an argument could be made as to whether this was actually the first time a learning language model (LLM) was used to discover a vulnerability, a security researcher with Neuroengine said he discovered a zero-day using an LLM in April, publishing his results in June, but tells InfoSecurity Magazine he believes Google’s announcement was a “honest mistake.”?
German authorities take down DDoS Service
German authorities have disrupted dstat[.]cc, a DDoS service platform used by cybercriminals to conduct denial-of-service attacks, making it accessible even to users with minimal technical skills. The takedown, part of Operation PowerOFF, has led to several arrests and the closure of other DDoS-for-hire sites, including digitalstress[.]su and Anonymous Sudan. Additionally, two suspects connected to dstat[.]cc are facing charges for allegedly facilitating the distribution of synthetic drugs.
New phishing attack infects Windows with Linux VMs?
A phishing campaign named CRON#TRAP is deploying Linux virtual machines via phishing emails to infiltrate Windows systems with minimal detection. This attack, identified by Securonix, uses a fake “OneAmerica survey” email that installs a 285MB ZIP file containing a QEMU VM preloaded with a backdoor. Using the tool Chisel for tunneling, attackers can communicate covertly with the VM, bypassing traditional security due to QEMU’s legitimate status.
DocuSign APIs used for invoice scams
If your company uses DocuSign you’ll want to note this story. Researchers have noted a rise in cybercriminals exploiting DocuSign APIs to send fraudulent invoices by leveraging legitimate DocuSign accounts and templates to mimic well-known brands. These attacks bypass traditional phishing defenses by appearing legitimate, as they come directly from DocuSign’s platform without harmful links or attachments. Recommendations to combat this include employee education, verifying sender credentials, internal approval requirements, and monitoring for anomalies.?