The FTC took enforcement actions against three data brokers—Gravy Analytics, Venntel, and Mobilewalla—for illegally tracking and selling non-anonymized consumer location data. The FTC’s actions aim to curb the unauthorized collection and sale of sensitive location data, which could reveal visits to sensitive locations such as healthcare facilities, schools, or religious institutions. The proposed settlements ban the companies from such practices and mandate the deletion of existing data. This underscores the importance of protecting consumer privacy and regulating the data brokerage industry.
An active exploitation of a decade-old cross-site scripting (XSS) vulnerability (CVE-2014-2120) in Cisco’s Adaptive Security Appliance (ASA) Software’s WebVPN login page is underway. This vulnerability allows unauthenticated, remote attackers to execute XSS attacks against WebVPN users. Cisco has released updates; immediate patching is critical.
Mikhail Pavlovich Matveev, also known as Wazawaka, Uhodiransomwar, m1x, and Boriselcin, a notorious ransomware affiliate, was arrested in Russia for developing malware and involvement in several hacking groups. He faced US sanctions and charges, highlighting the international collaboration to combat cybercrime. The arrest is significant due to Wazawaka’s prolific malware development and ties to major ransomware operations.
The Salt Typhoon hacking group, suspected to be state-sponsored by China, infiltrated multiple major global telecommunications providers. This resulted in access to sensitive data, raising significant national security concerns and prompting CISA to release guidance for network defenders to mitigate similar attacks.
This cluster involves incidents related to the takedown of various criminal communication platforms. The MATRIX encrypted messaging service, used by criminals for illegal activities, was dismantled in an international operation involving French and Dutch authorities, supported by Eurojust and Europol. The criminals were monitored for months before the operation was conducted. This demonstrates the continued efforts to disrupt and counteract criminal activity online through international cooperation.
Operation HAECHI V, a global cybercrime operation involving 40 countries, resulted in over 5,500 arrests and the seizure of over \$400 million in assets. The operation targeted various financial crimes, including phishing, romance scams, sextortion, and business email compromise (BEC).
A supply chain ransomware attack targeted Blue Yonder, impacting its customers including Starbucks and UK grocery chains. The attack disrupted operations and highlighted vulnerabilities in supply chain security. Further details on the specific ransomware used and the extent of data exfiltration are still emerging.
This cluster focuses on the emergence of a new phishing-as-a-service (PhaaS) platform called ‘Rockstar 2FA’. It facilitates large-scale adversary-in-the-middle (AiTM) attacks, primarily targeting Microsoft 365 credentials. This highlights the ongoing threat of credential theft and the increasing sophistication of phishing attacks, emphasizing the importance of robust multi-factor authentication (MFA) and security awareness training.
A data broker, SL Data Services, exposed 644,869 sensitive files, including background checks, in a publicly accessible cloud storage container. The files contained personal information like names, addresses, phone numbers, and criminal histories. This highlights the risks of data brokers and the need for individuals to protect their personal information.
A malicious PyPI package, ‘aiocpa’, disguised as a legitimate cryptocurrency client, was used to steal cryptocurrency wallet information. Attackers used a stealthy approach, publishing their own package instead of typosquatting. The malicious code was obfuscated using Base64 encoding and zlib compression; it exfiltrated sensitive data to a Telegram bot. This highlights the risk of malicious packages in software supply chains.
The Tor Project is seeking volunteers to establish 200 WebTunnel bridges to counter increased online censorship in Russia, which is actively blocking access to Tor and other circumvention tools. This highlights the ongoing struggle for internet freedom and the need for resilient anonymity tools.
ESET researchers discovered Bootkitty, the first UEFI bootkit designed for Linux systems. While appearing to be a proof-of-concept, its existence signals a concerning shift in the UEFI threat landscape, expanding threats beyond traditionally targeted Windows systems. Further research is needed to determine its potential for active exploitation and the extent of its capabilities.
A Chinese commercial vessel, Yi Peng 3, is suspected of intentionally dragging its anchor across the Baltic seabed, severing two critical undersea telecommunications cables between Lithuania, Sweden, Finland, and Germany. Western officials believe that Russia likely orchestrated the incident as an act of sabotage against EU maritime infrastructure. The incident disrupted communications and raised concerns about the vulnerability of undersea cables. The Chinese ship’s actions, involving extended anchor dragging while its transponder was disabled, point to deliberate actions.
Check Point Research discovered a new malware delivery technique using the Godot game engine. Malicious GDScript code within .pck files is used to execute commands and deliver malware, evading detection by most antivirus engines. The GodLoader malware is distributed through a GitHub network, legitimized by ghost accounts. This multi-platform vulnerability affects Windows, macOS, Linux, Android, and iOS and poses a risk to millions of users. This is a new and innovative way to spread malware.
This cluster covers a cyberattack that significantly disrupted services at Wirral University Teaching Hospital (WUTH) in the UK. The attack resulted in postponed appointments and procedures, highlighting the vulnerability of healthcare systems to cyberattacks and the potential impact on patient care. The incident underscores the need for robust cybersecurity measures within the healthcare sector.