Weekly Cybersecurity Digest: Top 5 News Stories in the Digital Sphere
1. Catastrophic Cyberattack Exposes Data of 31 Million Users of Internet Archive
The Internet Archive suffered a major cyberattack, exposing data from 31 million users. A pro-Palestinian hacker group, SN_BLACKMETA, claimed responsibility. The attack involved distributed denial-of-service (DDoS) and defacement of the site, compromising usernames, emails, and passwords. This incident raises cybersecurity concerns ahead of the U.S. elections.
Internet Archive’s founder, Brewster Kahle , confirmed that data integrity was maintained, and efforts are ongoing to restore services and improve security.
2. Star Health Faces Massive Data Breach, Chronology of Events Released
Star Health and Allied Insurance Co. Ltd lth confirmed a data breach impacting over 3 crore customers, with personal details like names, addresses, and medical history being sold online. The hacker demanded a $68,000 ransom from the company’s MD & CEO. Star Health reported the incident to CERT-In and IRDAI and launched a forensic investigation. The company also took legal action to disable websites and Telegram bots that leaked data. An ongoing investigation is expected to conclude by October-end, raising concerns over Indian companies' cybersecurity practices.
3. FBI Creates Fake Cryptocurrency to Uncover Crypto Market Fraud
The FBI has created a fake cryptocurrency token and company, NexFundAI , to expose widespread market manipulation in the crypto space. The operation, Token Mirrors, led to the arrest of 18 individuals and the shutdown of fraudulent activities, including wash trading and pump-and-dump schemes. More than $25 million in cryptocurrency was seized, and multiple market manipulators, including ZM Quant and Gotbit, were charged. This sting highlights the vulnerability of retail investors to fraudulent schemes in the cryptocurrency market.
领英推荐
4. CISA Warns of F5 BIG-IP Vulnerability Exploitation for Network Reconnaissance
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned of threat actors exploiting unencrypted F5 BIG-IP cookies for network reconnaissance. Attackers are using the Local Traffic Manager (LTM) module to identify non-internet-facing devices, potentially uncovering vulnerabilities. CISA urges organizations to encrypt cookies in BIG-IP devices and use iHealth diagnostics to check for issues. This vulnerability is part of a broader concern regarding the exploitation of unpatched systems by cybercriminals.
5. OilRig Exploits Windows Kernel Flaw in Espionage Campaign Targeting Gulf Region
The Iranian hacking group OilRig has exploited a now-patched Windows kernel flaw (CVE-2024-30088) in a cyber espionage campaign targeting UAE and Gulf entities. The group, also known as APT34, used a STEALHOOK backdoor to steal credentials from Microsoft Exchange servers, gaining SYSTEM privileges through privilege escalation. Their tactics include web shell deployments, remote management tools, and password extraction techniques. The campaign is part of broader geopolitical surveillance efforts in the region.
Stay ahead of the curve!?? Follow us on LinkedIn and Subscribe to our newsletter ?? for the latest cyber security updates, insightful articles, and exclusive content to help you navigate the ever-changing threat landscape. Don't forget to check out our Website ?? to make your cyberspace safe and secure ??, and join our growing community on Instagram ?? for bite-sized cyber security tips and trends. ?? ??