TomCyberDaily #17
Yup. Here we are again: You, Me, Your coffee (Red Bull, or anything else that touches your needs); enjoy it. And cyber, a lot of it.
1.Ransomware Crooks' New Low: SIM Swapping Execs' Kids!
Just when you thought ransomware gangs couldn't sink any lower, they've started SIM swapping executives' children to pressure their parents into paying up. It's like a cybercriminal version of "Take Your Kid to Work Day," but instead of learning about the family business, the kids are being used as bargaining chips!
Mandiant's CTO, Charles Carmakal, calls it a "psychological attack" against the victim organization. These digital deviants are going beyond just encrypting files and stealing data; they're now targeting ambulances, leaking cancer patients' nudes, and even swatting victims at their homes. It's like they've graduated from "Cybercrime 101" to "Advanced Douchebaggery"!
With the rise of cryptocurrency, these ransomware ruffians have found a way to monetize their malicious activities like never before. It's like they've hit the jackpot in the lottery of human misery!
Hospitals and healthcare companies are becoming prime targets due to the sensitive data they hold. Executives are forced to choose between paying up or facing the consequences of a leak or disruption. It's like a twisted game of "would you rather," but with much higher stakes!
So, if you're an exec and you get a call from your kid's phone that sounds like a bad impersonation of Darth Vader, hang up immediately! And maybe invest in a good old-fashioned landline, just to be safe.
2.Veeam Plugs High-Severity RCE Hole in Backup Management Platform!
Attention all Veeam Service Provider Console (VSPC) users: it's time to patch up a nasty vulnerability that could leave your backup operations in shambles! The culprit? CVE-2024-29212, a high-severity flaw that could allow attackers to execute code remotely on your server. It's like giving a burglar the keys to your house, but instead of stealing your TV, they're messing with your backups!
The vulnerability exists due to an unsafe deserialization method used by the VSPC server, which is like leaving your front door unlocked and putting a sign out front that says "Free Stuff Inside!" It affects VSPC versions 4.0, 5.0, 6.0, 7.0, and 8.0, so if you're running any of these, it's time to update faster than you can say "data loss!"
Exploiting this vulnerability could allow attackers to disrupt your backup and disaster recovery processes, which is like a dream come true for ransomware operators. It's like giving a kid a free pass to the candy store, but instead of cavities, you get encrypted files!
The good news is that Veeam discovered the vulnerability internally, and there's no evidence of it being actively exploited in the wild. It's like finding a hole in your pocket before you lose your wallet!
Veeam is urging users of supported versions (7 & 8) to update to the latest cumulative patch, while those using unsupported versions should upgrade to the latest VSPC version. It's like getting a new pair of shoes when your old ones have holes in them â sure, it's a bit of a hassle, but it beats walking around with wet socks!
Thankfully, no other Veeam products are affected by this vulnerability, so you can breathe a sigh of relief if you're not using VSPC. It's like finding out that the recall on your car only applies to the floor mats!
So, if you're one of the 1,600+ internet-facing VSPC setups out there (looking at you, US users), it's time to patch up and secure your backups. After all, there's nothing funny about data loss â unless you're a comedian with a really niche audience!
3.Report: Undetectable Threats Lurking in F5's Central Manager!
Attention all F5 Next Central Manager users: your network infrastructure might be harboring some unwanted guests, and they're not just crashing the party â they're taking over the whole house!
According to a report by the supply chain cybersecurity firm Eclypsium, researchers have uncovered a bunch of vulnerabilities in F5's Next Central Manager that could give hackers the keys to the kingdom. It's like finding out that your trusted bouncer has been letting in anyone with a fake ID!
The star players in this cybersecurity drama are CVE-2024-21793 and CVE-2024-26026, two flaws that could allow threat actors to execute unauthenticated attacks and compromise your network security. It's like leaving your front door wide open and putting up a neon sign that says "Hackers Welcome!"
F5 released patches for these flaws back in April, but apparently, there were three more vulnerabilities that didn't get the CVE treatment. It's like playing whack-a-mole, but instead of cute little critters, you've got security holes popping up left and right!
Now, here's where it gets really spooky: attackers can use these flaws to create new accounts on any BIG-IP Next asset managed by F5's Central Manager, and these accounts are like ninjas â they're invisible on the platform! It's like having a ghost in your system, but instead of rattling chains, they're wreaking havoc on your network!
To make matters worse, network edge devices are becoming increasingly popular targets for state-sponsored hackers and cybercriminals. It's like having a "Kick Me" sign taped to your back, but instead of a harmless prank, you've got a bullseye for digital troublemakers!
So, what's an F5 customer to do? Eclypsium recommends upgrading to the latest software version (20.2.0) faster than you can say "patch me up, Scotty!" And while you're at it, maybe say a little prayer to the cybersecurity gods that those other three vulnerabilities have been fixed, too.
In the meantime, keep a close eye on your network and watch out for any suspicious activity. And if you see any ghosts in your system, call the Ghostbusters â or, you know, your friendly neighborhood cybersecurity expert. Because when it comes to undetectable threats, it's better to be safe than sorry!
4.Taylor Swift Fans Targeted by Ticketing Tricksters!
Desperate Swifties are falling victim to ticket scams faster than you can say "Love Story!" With demand for Taylor Swift's Eras tour tickets higher than her high notes, scammers have found the perfect hunting ground.
According to Lloyds Bank, UK fans have already lost £1m to these scams, with 90% originating from Facebook. It's like the social media giant has become the Tinder of ticket scams, swiping right on unsuspecting fans!
These scams often involve compromised Facebook accounts, leaving both victims and account owners feeling like they're in a bad rom-com. US fans faced similar heartbreak last year, with some losing up to $2,500 on non-existent tickets.
But it's not just Swifties at risk. Any sold-out event is a potential goldmine for scammers, even the Van Gogh Museum fell prey to a phishing scam masquerading as a sponsored search result. Talk about a post-impressionist impression!
To avoid falling victim, fans need to channel their inner Nancy Drew. Research the seller, check ticket transferability, use a credit card, and don't be fooled by a "secure" website. It's like playing "Spot the Scammer" on hard mode!
And if you do snag a ticket, give it a thorough once-over. Check the date, time, location, and seat numbers. It's like playing "Ticket Inspector" but with higher stakes than just catching fare-dodgers!
In the end, the best defense against ticket scams is vigilance, research, and trusting your gut. And if all else fails, just remember: "Shake It Off" and keep trying for those elusive tickets!
5.Zscaler's "Test Environment" Takes a Timeout After Breach Rumors!
Cybersecurity giant Zscaler found itself in the hot seat after rumors surfaced that a threat actor was selling access to the company's systems. It's like the digital equivalent of finding out someone's been rummaging through your underwear drawer!
Initially, Zscaler was all, "Nothing to see here, folks! No evidence of any breach in our customer or production environments!" It's like they were trying to sweep the rumors under the virtual rug.
But then, plot twist! Zscaler admitted they'd found an "isolated test environment" that was exposed to the internet. They quickly took it offline for a digital autopsy, probably while mumbling, "How the heck did that happen?!"
Zscaler reassured everyone that the test environment wasn't hosted on their infrastructure and had no connection to their other environments. It's like finding out your embarrassing high school photos were stored on a separate hard drive â crisis averted!
The rumors all started when a notorious threat actor, IntelBroker, began selling what they claimed was access to a cybersecurity company with a cool $1.8 billion in revenue. It's like they were dangling a juicy carrot in front of the hacker community!
IntelBroker, who's been making quite a name for themselves with breaches left and right, allegedly had their hands on some pretty sensitive stuff, like credentials, SMTP access, and SSL certificates. It's like they hit the jackpot at the hacker's version of a swap meet!
While IntelBroker didn't name names, some clever digital detectives connected the dots to Zscaler, thanks to a sneaky screenshot and a little help from ZoomInfo. It's like playing "Guess Who?" but with billion-dollar companies!
In the end, Zscaler maintains that no company, customer, or production environments were impacted by the incident. It's like they're saying, "Move along, nothing to see here!" while quietly sweeping up the digital debris.
So, the moral of the story? Even the big shots in cybersecurity aren't immune to the occasional "oopsie" moment. And if you're going to have a test environment, maybe don't leave it hanging out on the internet like an unlocked car in a shady neighborhood!
6.University System of Georgia's MOVEit Misadventure: 800K Exposed in Clop's Data Heist!
The University System of Georgia (USG) is sending out data breach notifications like they're college acceptance letters, except instead of a bright future, recipients are getting a one-way ticket to identity theft town! A whopping 800,000 individuals are learning the hard way that their personal data was caught in the crosshairs of the notorious Clop ransomware gang's MOVEit attacks back in 2023.
USG, which operates 26 public colleges and universities in Georgia, found itself in the unenviable position of being one of the first organizations listed as compromised when Clop started its extortion phase. It's like being the first one picked for dodgeball, but instead of balls, you're getting pelted with data breaches!
Fast forward almost a year, and with a little help from their friends at the FBI and CISA, USG has finally figured out that Clop made off with a treasure trove of sensitive files. They've started sending out data breach notices, which probably feel like getting a "wish you were here" postcard from your stolen data!
So, what kind of juicy info did Clop manage to snag? Oh, just little things like Social Security Numbers, dates of birth, bank account numbers, and federal income tax documents. It's like hitting the jackpot in the identity theft lottery!
And it's not just current students who are affected. The breach also includes former students, academic staff, contractors, and pretty much anyone else who's ever looked at a USG school sideways. With 800,000 people impacted, that's more than double the number of current students. Talk about an alumni network!
But don't worry, USG has got your back! They're offering a whole 12 months of identity protection and fraud detection services through Experian. It's like getting a free trial of "please don't steal my identity" software!
Clop's MOVEit attacks were the data breach equivalent of a blockbuster movie, with nearly 95 million individuals worldwide learning that their personal data is now a hot commodity on the dark web. It's like finding out your private information is being sold like hotcakes at a cybercrime bake sale!
So, if you're one of the lucky 800,000 who got a data breach notice from USG, congratulations! You're now part of an exclusive club that nobody wants to join. And remember, when life gives you data breaches, make lemonade... and then use that lemonade to wash away the bitter taste of having your identity stolen!
7.FBI Warns of Gift Card Grinches: Hackers Stealing the Holiday Spirit!
The FBI is playing Santa's little helper this year, warning retail companies in the US that a group of financially motivated hackers has been targeting their gift card departments in a series of phishing attacks. It's like the Grinch has traded in his green fur for a keyboard and a taste for digital gift cards!
These hackers, known as Storm-0539, have been causing a ruckus since at least January 2024. They're targeting the personal and work mobile devices of retail staff using a sophisticated phishing kit that's so sneaky, it can bypass multi-factor authentication. It's like they've got a digital skeleton key that unlocks any account they want!
Once they've wormed their way into an employee's account, these hackers start exploring the network like they're on a virtual shopping spree. They're on the hunt for the gift card business process, pivoting towards compromised accounts linked to this specific portfolio. It's like they're playing a game of "capture the gift card flag"!
But these hackers aren't just after login credentials. They're also swiping SSH passwords and keys, along with employee info like names, usernames, and phone numbers. It's like they're building a virtual dossier on their victims, ready to sell to the highest bidder or use in future attacks. Talk about a "gift" that keeps on giving!
If these hackers manage to breach the victim's corporate gift card department, they start generating fraudulent gift cards like they're printing money. In one case, a corporation caught on to their scheme and put a stop to it, but Storm-0539 wasn't about to give up that easily. They regained access and started hunting for unredeemed gift cards, changing the associated email addresses to ones they controlled. It's like they're playing a game of "finders, keepers" with other people's gift cards!
To defend against these holiday hackers, the FBI is advising retail corporations to review and update their incident response plans, train their employees to spot phishing scams, and not share sensitive info like credentials via email, chat, or phone calls. It's like a crash course in "how not to get hacked 101"!
They're also recommending multi-factor authentication, up-to-date antivirus and anti-malware solutions, strong password policies, and enforcing the principle of least privilege across networks. It's like a digital fortress designed to keep the hackers at bay!
So, if you're a retail company this holiday season, keep an eye out for these gift card grinches. They may not be dressed in green and stealing presents, but they're definitely out to steal your holiday spirit (and your gift cards)!
8.BogusBazaar: The Fake Webshop Bonanza That Duped 850,000!
Hold on to your credit cards, folks, because there's a new online shopping scam in town, and it's a doozy! A massive network of 75,000 fake webshops, cleverly dubbed "BogusBazaar," has managed to trick over 850,000 people in the US and Europe into making purchases. But instead of getting a sweet deal on shoes or clothes, these unlucky shoppers got their credit card info stolen and their bank accounts drained!
According to the German cybersecurity firm SRLabs, these crafty criminals have attempted to process a whopping $50 million in fake orders since launching their operation three years ago. It's like they're playing a game of "go big or go home" with other people's money!
But here's the kicker: while most of the victims are concentrated in the US and Western Europe, there are virtually no victims from China. Coincidence? Probably not, considering China is thought to be the operational base of this scam-tastic operation!
So, how does BogusBazaar work? These cybercriminals are like the used car salesmen of the internet, setting up shop on previously expired domains with a good rep on Google. They lure in unsuspecting shoppers with promises of crazy-low prices on shoes and clothing, but it's all just a digital mirage!
The payment pages on these sites are like a black hole for your personal info, sucking up contact details and credit card numbers or straight-up stealing your cash via PayPal, Stripe, and credit card payments for orders that will never arrive. It's like paying for a trip to Narnia, but instead of a magical wardrobe, you get a magical disappearing act for your money!
But wait, there's more! SRLabs says this cybercrime group is more organized than a Type-A personality's sock drawer. They've got distinct teams with dedicated roles, operating under an "infrastructure-as-a-service" model. It's like they're running the Amazon Web Services of online scams!
The core team is like the puppet masters, pulling the strings behind the scenes. They're in charge of developing software, deploying backends, and customizing WordPress plugins to support their fraudulent endeavors. Meanwhile, a vast network of franchisees are like the minions, running the day-to-day operations of the fake shops. It's like a twisted version of a fast-food chain, but instead of burgers, they're serving up stolen credit card numbers!
So, how can you avoid falling victim to the BogusBazaar scam? It's all about being a savvy shopper. Check for contact info, read the return policy, look for trust seals, and browse the website content. If it looks like it was slapped together by a kindergartener with a crayon, it's probably not legit!
And if you see a site offering designer shoes at 90% off, remember: if it seems too good to be true, it probably is. Stick to reputable retailers, read reviews, and keep an eye out for warnings from consumer protection agencies. And maybe, just maybe, consider dusting off that old pair of sneakers instead of falling for the next big online shopping scam!