Cybersecurity News for July 1, 2024

Read the handpicked cybersecurity stories for 1 July, 2024. Know more about the ransomware incidents, data theft and other cyber attacks affecting organizations worldwide.

Microsoft Corp. has told more than a dozen state agencies and public universities in Texas that Russian state-sponsored hackers accessed emails between them and the software giant. The attackers were able to gain access to the communications through a breach of Microsoft, disclosed in January, in which they stole emails from some of the company’s executives.  The agencies that Microsoft warned of exposure in the attack include the Texas Department of Transportation, Texas Workforce Commission, Texas Department of Motor Vehicles, Texas General Land Office and the Texas State Securities Board Read the full story.

Over 14 million OpenSSH instances exposed to the internet are now at risk following the discovery of a critical vulnerability in OpenSSH’s server, according to a new analysis by Qualys. The remote unauthenticated code execution (RCE) vulnerability (CVE-2024-6387) could lead to full system compromise where an attacker can execute arbitrary code with the highest privileges. Read the full story.

Cisco has patched an NX-OS zero-day exploited in April attacks to install previously unknown malware as root on vulnerable switches. These attacks were linked to a Chinese state-sponsored threat actor it tracks as Velvet Ant. Cisco says the vulnerability (tracked as CVE-2024-20399) can be exploited by local attackers with Administrator privileges to execute arbitrary commands with root permissions on vulnerable devices’ underlying operating systems. Read the full story.

Life insurance company Landmark Admin is sending notifications to an unknown number of individuals about a data breach impacting personal, medical, and insurance information. Landmark Admin says it detected the incident on May 13 and found evidence that the attackers accessed specific files containing information such as names, addresses, dates of birth, Social Security numbers, driver’s license numbers, passport numbers, financial account numbers, tax identification numbers, medical information, health insurance policy numbers, and life and annuity policy information. Read the full story.

After confirming a production-halting cyberattack last month, forklift manufacturer Crown Equipment said Monday operations have resumed. Crown said work was proceeding at all 24 of its manufacturing plants. The company’s manufacturing operations had been suspended since June 10 due to the attack on its business systems. On June 19, the company attributed the attack to an international cybercriminal organization. Read the full story.

A new law in Pennsylvania requires organizations that experience a data breach to cover the cost of a credit report and credit monitoring for a year for all those affected. Gov. Josh Shapiro on Friday signed the legislation that also requires notification to the state attorney general when more than 500 state residents are impacted by a breach, down from 1,000 which had been the threshold. The law takes effect in 90 days. Read the full story.

The money transfer and fintech company Wise announced on Friday that some of its customers’ personal data may have been stolen in the recent data breach at Evolve Bank and Trust. The news highlights that the fallout from the Evolve data breach on third-party companies — and their customers and users —  is still unclear, and it’s likely that it includes companies and startups that are yet unknown. Wise wrote that the company worked with Evolve from 2020 until 2023 “to provide USD account details Read the full story.

Patelco Credit Union has announced its systems were experiencing a serious security incident on Saturday. The credit union announced on X, “Our systems are currently unavailable. We are working to resolve the outage as soon as possible. Thank you for your patience. We apologize for the inconvenience.” Due to the security breach, customers could not use the banking systems, including electronic transactions, such as Zelle transfers, direct deposits, balance inquiries and online payment information. Read the full information.

The new Brain Cipher ransomware operation has begun targeting organizations worldwide, gaining media attention for a recent attack on Indonesia’s temporary National Data Center. On June 20th, one of the temporary National Data Centers suffered a cyberattack that encrypted the government’s servers and disrupted immigration services, passport control, issuing of event permits, and other online services. Read the full story.

A prominent children’s hospital in Chicago confirmed that almost 800,000 people had sensitive health information leaked during a ransomware attack earlier this year. The Ann & Robert H. Lurie Children’s Hospital of Chicago was attacked in January by the Rhysida ransomware group, which allegedly made more than $3 million from selling the data it stole from the hospital. In filings with regulators in Texas, Maine and California this week, the hospital said 791,784 people had data exposed when hackers gained access to their systems between January 26-31. Read the full story.

Google has said it will start blocking sites using certificates from Entrust in its Chrome browser around November 1 this year. According to Google, the primary reasons for this move are compliance issues and Entrust’s inability to address security problems in a timely manner. Learn more about it here. The blocking is expected to begin around November 1 this year and cover the browser’s macOS, Windows, ChromeOS, Linux, and Android versions. Chrome for iPadOS and iOS are exceptions due to Apple policies, which don’t allow the Chrome Root Store to be used. Read the full story.

Jen Easterly, the director of the U.S. Cybersecurity and Infrastructure Security Agency, on Thursday poured cold water on suggestions the United States might bring in a ban on ransomware payments. “I think within our system in the U.S. — just from a practical perspective — I don’t see it happening,” said Easterly at the Oxford Cyber Forum, an event run by the University of Oxford’s Blavatnik School of Government and the European Cyber Conflict Research Initiative (ECCRI). Read the full story.

Israel-based AU10TIX, which offers identity verification services for TikTok, Uber, and X users, among others, exposed administrative credentials online for over a year, according to a report from 404 Media. The vulnerability potentially allowed hackers access to sensitive data, including photographs of users’ faces and driver’s licenses. Mossab Hussein, chief security officer at spiderSilk, found the exposed credentials and alerted 404 Media. The compromised credentials allowed access to a logging platform containing links to personal data, including names, birthdates, nationalities, identification numbers, and images of identity documents. Read the full story.

A critical use-after-free vulnerability, CVE-2024-0193, has been discovered in the Linux kernel’s netfilter subsystem. This vulnerability could potentially allow local, unprivileged users with CAP_NET_ADMIN capability to escalate their privileges. The flaw, identified in the upstream commit 5f68718b34a5 (“netfilter: nf_tables: GC transaction API to avoid race with control plane”), can cause a use-after-free issue on an NFT_CHAIN object or NFT_OBJECT object when the catchall element is garbage-collected during the removal of the pipapo set. Read the full story.

Cyber insurance rates fall as businesses improve security, report says. Cyber insurance premiums are falling globally as businesses become more adept in curbing their losses from cyber crime, even as ransomware attacks are rising, broker Howden said in a report on Monday. Insurance premiums to protect companies against cyber attacks rocketed in 2021 and 2022, as the COVID-19 pandemic drove cyber incidents. Read the full story.

Juniper Networks has released out-of-band security updates to address a critical security flaw that could lead to an authentication bypass in some of its routers. The vulnerability, tracked as CVE-2024-2973, carries a CVSS score of 10.0, indicating maximum severity. The company said that it discovered the vulnerability during internal product testing and that there are no workarounds that resolve the issue. Read the full story.

The 2022 AIIMS ransomware attack brought all digital services in the critical hospital in the national capital to a standstill. A new report by the US-based cybersecurity research company SentinelOne claims that the attack was perpetrated by the Chinese threat actor ChamelGang and that the group used the ransomware known as CatB to cripple the hospital’s systems. Read the full story.

Installers for three different software products developed by an Indian company named Conceptworld have been trojanized to distribute information-stealing malware. The installers correspond to Notezilla, RecentX, and Copywhiz, according to cybersecurity firm Rapid7, which discovered the supply chain compromise on June 18, 2024. The issue has since been remediated by Conceptworld as of June 24 within 12 hours of responsible disclosure. Read the full story.

Nearly a month after Telangana police (in India) pulled down its official department website for maintenance reasons, the technical team restored access to it on Sunday. The website was closed for public use following a series of alleged data breaches in police apps and services. While a 20-year-old college student, allegedly involved in the data hack, was arrested 20 days ago, the police initiated Vulnerability Assessment and Penetration Testing “across all police internal and external networks, web and mobile applications, as well as cloud and endpoints”. Read the full story.

Exploits were the main cause of the crypto losses being estimated to be around $171. 3 million through different breaches and vulnerability cases. The data obtained from CertiK alerts reveals that till now, the different exploited, hacked, and scammed projects resulted in a loss of about $198. 3 million, which might make 2024 the second year to record the second-highest monthly loss. Read the full story.

North Carolina-based Truist Bank exposed customers’ full names, account numbers, and date of birth in a data breach. In addition, the US bank’s data breach shows that customer’s bank account numbers, transaction history, and balances being compromised. The Bank has come under intense scrutiny for exposing personal details of its customers. A class-action lawsuit has now been pressed against the Truist Bank for alleged identity theft. A plaintiff accused the US bank of a data breach and failing to safeguard its customer’s personal information. Read the full story.

Agropur, one of the largest dairy cooperatives in North America, is notifying customers of a data breach after some of its shared online directories were exposed. Although the firm said the breach does not extend to its transactional systems and hasn’t disrupted its core business operations, it launched an investigation to determine the scope and impact on clients, engaging with external cybersecurity experts and law enforcement for help. Read the full story.

Researchers from cybersecurity firm GreyNoise have spotted exploitation attempts for the critical vulnerability CVE-2024-0769 (CVSS score 9.8) impacting all D-Link DIR-859 WiFi routers. The vulnerability is a path traversal issue that can lead to information disclosure. Threat actors are exploiting the flaw to collect account information, including user passwords, from the vulnerable D-Link DIR-859 WiFi routers. Read the full story.

Related stories:

Rajesh Dhawan

Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.