Latest Cybersecurity News

Read the handpicked cybersecurity stories. Know more about the ransomware incidents, data theft, and other cyber attacks affecting organizations worldwide. These incidents have been reported on or before 12 July 2024.

A Ukrainian malware kingpin who evaded law enforcement for a decade will face nine years in prison for his role in the IcedID malware operation. Vyacheslav Igorevich Penchukov pleaded guilty to two charges relating to two separate indictments in two different cases in a plea agreement [PDF] in February. He was already sentenced on the racketeering count in the earlier case (4:11-CR-3074), originally filed in Nebraska, and yesterday received a nine-year sentence for the conspiracy count of the North Carolina indictment (7:22-CR-87) in a Lincoln, Nebraska court. Read the full story.

On July 1, 2024, the HHS Office of Civil Rights (OCR) announced that Pennsylvania-based healthcare system, Heritage Valley Health System (Heritage Valley), has agreed to pay $950,000 to settle potential violations of the HIPAA Privacy, Security, and Breach Notification Rules. In addition, Heritage Valley agreed to a corrective action plan (CAP) to address alleged gaps in its HIPAA compliance program. The settlement with Heritage Valley is the third HIPAA enforcement action by HHS in a case involving ransomware. The settlement stems from a global ransomware cyber-attack that occurred in 2017. Read the full story.

The call and text message records of nearly all of AT&T’s cellular customers were exposed in a data breach, the company said Friday. The company said in a filing with the U.S. Securities and Exchange Commission it learned in April that customer data was illegally downloaded from an AT&T workspace onto a third-party cloud platform. AT&T said that as a general rule, customers should remain cautious of any phone call or text request asking you for personal, account or credit card details. AT&T also says customers should only open text messages from people you know and trust, and shouldn’t reply to a text from an unknown sender with personal details. Read the full story.

Akira ransomware actors are now capable of squirreling away data from victims in just over two hours, marking a significant shift in the average time it takes for a cybercriminal to move from initial access to information exfiltration. That’s the word from the BlackBerry Threat Research and Intelligence Team, which today released a breakdown of a June Akira ransomware attack on a Latin American airline. According to BlackBerry’s anatomy of the attack, the threat actor, using Secure Shell (SSH) protocol, gained initial access via an unpatched Veeam backup server, and immediately set about heisting information before deploying the Akira ransomware the next day. Read the full story.

U.S. phone giant AT&T confirmed Friday it will begin notifying millions of consumers about a fresh data breach that allowed cybercriminals to steal the phone records of “nearly all” of its customers, a company spokesperson told TechCrunch. In a statement, AT&T said that the stolen data contains phone numbers of both cellular and landline customers, as well as AT&T records of calls and text messages — such as who contacted who by phone or text — during a six-month period between May 1, 2022 and October 31, 2022. Read the full story.

A critical security issue has been disclosed in the Exim mail transfer agent that could enable threat actors to deliver malicious attachments to target users’ inboxes. The vulnerability, tracked as CVE-2024-39929, has a CVSS score of 9.1 out of 10.0. It has been addressed in version 4.98. Attack surface management firm Censys said 4,830,719 of the 6,540,044 public-facing SMTP mail servers are running Exim. As of July 12, 2024, 1,563,085 internet-accessible Exim servers are running a potentially vulnerable version (4.97.1 or earlier). Read the full story.

A massive phishing campaign exploits Microsoft SharePoint servers to host malicious PDFs containing phishing links. The campaign is particularly dangerous because it appears legitimate at every stage, leveraging trusted SharePoint services to host phishing PDFs. This makes detecting malicious intent challenging for both users and security systems. Using legitimate SharePoint servers makes this phishing campaign particularly challenging to detect. Since all actions occur on trusted websites, traditional security mechanisms struggle to identify threats. Additionally, the CAPTCHA requirement further complicates automated detection efforts. Read the full story.

DevOps platform GitLab has pushed out security updates that address six vulnerabilities in GitLab Community Edition (CE) and Enterprise Edition (EE), including a critical-severity bug with serious implications. The issue, tracked as CVE-2024-6385 (CVSS score 9.6/10), allows an attacker to trigger a pipeline as another users, under certain circumstances, and impacts GitLab CE/EE versions 15.8 to 16.11.5, 17.0.0 to 17.0.3, and 17.1.0 to 17.1.1. Read the full story.

The Goshen Central School District has been hit with a cyber-attack. Superintendent of Schools Dr. Kurtis Kotes said Thursday that the ransomware attack occurred late Wednesday afternoon disabling the district’s computer services, which has disabled access to the district’s phones and email. “We have notified law enforcement and have begun working with cyber security experts to determine the source of the attack and take necessary steps to repair the problems as quickly as possible,” Kotes said. Read the full story.

Banks in Asia are struggling with an increased number of cyber attacks, a problem exacerbated by a lack of adequately trained industry professionals to protect banking services from cyber crime, according to experts. They note there is a need for an industry-wide approach to ensuring that there are enough skilled workers in the right roles, and for banks to be proactive in ensuring they have staff with the right skills on their teams.  In a report, S&P flags that it is the smallest banks in the region that are most at risk of cyber crime. Read the full story.

A data breach at the phone surveillance operation mSpy has exposed millions of its customers who bought access to the phone spyware app over the past decade, as well as the Ukrainian company behind it. Unknown attackers stole millions of customer support tickets, including personal information, emails to support, and attachments, including personal documents, from mSpy in May 2024. The hack encompassed customer service records dating back to 2014, which were stolen from the spyware maker’s Zendesk-powered customer support system. Read the full story.

Advance Auto Parts is sending data breach notifications to over 2.3 million people whose personal data was stolen in recent Snowflake data theft attacks. Advance operates 4,777 stores and 320 Worldpac branches, serving 1,152 independently owned Carquest stores in the United States, Canada, Puerto Rico, the U.S. Virgin Islands, Mexico, and various Caribbean islands. On June 5, 2024, a threat actor known as ‘Sp1d3r’ began selling a massive 3TB database allegedly containing 380 million Advance customer records, orders, transaction details, and other sensitive information. Read the full story.

IntelBroker, a solo hacker on dark web forums, has claimed the LuLu Hypermarket data breach, targeting a prominent retail giant in the Gulf region. The hacker allegedly breached the database of the hypermarket giant, compromising the personal information of approximately 196,000 individuals. In his post, the hacker claims to have access to full databases related to the organization, stating, “I have the full database, including the millions of users and orders that I’m currently importing as a bacpac file so I can release it at a later date. The compromised data, according to IntelBroker, includes, “cellular numbers & email Addresses”. Read the full story.

Threat actors affiliated with RT (formerly Russia Today), a Russian government-backed media organization, have used artificial intelligence (AI) features of the Meliorator software to create fake online personas used to disseminate disinformation to and about the US, Germany, Israel, the Netherlands, Poland, Spain, and Ukraine, reads a joint advisory from the government agencies. According to the authoring agencies, RT had access to the AI-enabled bot farm generation and management software since 2022 and used it to disseminate disinformation in support of Russia’s interests. Read the full story.

The Heritage Foundation, the think tank behind Project 2025, says that it was not hacked and that SiegedSec is exaggerating what has actually happened. The conservative think tank was hacked after hacktivist group SiegedSec said it had gained access to the public policy organization and published a couple of gigabytes worth of data. “The Heritage Foundation was not hacked. An organized group stumbled upon a two-year-old archive of The Daily Signal website that was available on a public-facing website owned by a contractor,” the think tank’s spokesperson told Cybernews. Read the full story.