Top 25 Cybersecurity Stories from the previous week

The list below has 25 Top Cybersecurity incidents reported through the previous week ending on 20 September 2024. These stories cover data breaches, ransomware incidents and other security incidents.

The current page lists all the cybersecurity incidents and happenings for the current week.

Headlines

YouTube, Amazon, Facebook, and other similar tech companies are failing to protect users from privacy intrusion and safeguard children and teens on their platforms, says the US Federal Trade Commission.

In a new staff report, the FTC accuses the companies of not “consistently prioritizing” users’ privacy. According to the agency, the firms also scoop up data en masse to power new AI tools and refuse to confront potential risks to kids. The sprawling 129-page report is based on responses to orders issued back in December 2020 to 9 companies. Read the full story.

The Walt Disney Company is reportedly severing ties with workplace communications platform Slack. The global entertainment firm apparently took this decision after a significant Slack hack earlier this year.

According to Status News, which first reported the move, Disney’s Chief Financial Officer (CFO), Hugh Johnston, has confirmed that most of the entertainment giant’s divisions will stop using Slack later this year. The report states that Hugh Johnston had shared an email to staffers on Wednesday which read, “I would like to share that senior leadership has made the decision to transition away from Slack across the company.” Read the full story.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Ivanti Cloud Services Appliance a path traversal vulnerability CVE-2024-8190 (CVSS score of 9.4) to its Known Exploited Vulnerabilities (KEV) catalog.

Ivanti warned of a new Cloud Services Appliance (CSA) vulnerability, tracked as CVE-2024-8963 (CVSS score of 9.4), actively exploited in attacks in the wild against a limited number of customers. The vulnerability is a path traversal security issue.

A remote unauthenticated attacker could exploit the vulnerability to access restricted functionality. An attacker could chain the issue with the recently disclosed flaw CVE-2024-8190 to bypass admin authentication and execute arbitrary commands on the appliance. Read the full story.

A California city, a Spanish fashion giant, an Indian paper manufacturer, and two pharmaceutical companies are the alleged victims of what looks like a new ransomware gang that started leaking stolen info this week. Brand new cybercrime crew Valencia Ransomware emerged earlier this month.

The alleged victims are the city of Pleasanton, and the crims claim to have stolen 304GB of data from this California municipality; Bangladeshi drugs maker Globe Pharmaceuticals Limited (200MB data); Indian paper manufacturer Satia Industries (7.1GB); Malaysian pharma firm Duopharma Biotech Berhad (25.7GB); and Spanish fashion retailer Tendam, with an unspecified amount of data allegedly stolen. Read the full story.

Two suspects were arrested in Miami this week and charged with conspiracy to steal and launder over $230 million in cryptocurrency using crypto exchanges and mixing services. During a successful attack on August 18, they stole more than 4,100 Bitcoin from a Washington, D.C., victim (worth more than $230 million at the time).

The two defendants, 20-year-old Malone Lam (aka “Greavys,” “Anne Hathaway,” and “$$$”) and 21-year-old Jeandiel Serrano (aka “Box,” “VersaceGod,” and “@SkidStar”) were arrested Wednesday night by FBI agents and appeared in court on Thursday. Read the full story.

German law enforcement seized 47 cryptocurrency exchange services hosted in the country that facilitated illegal money laundering activities for cybercriminals, including ransomware gangs. The platforms allowed users to exchange cryptocurrencies without following applicable “Know Your Customer” regulations, meaning that users remained completely anonymous when making transactions.

“Among the users are ransomware groups, darknet dealers, and botnet operators who use such services to bring extorted ransom or other criminal proceeds into the regular currency cycle in order to utilize the money obtained through criminal means.” Read the full story.

Europol on Thursday said authorities disrupted an international phishing campaign that ensnared 483,000 victims, mainly from Spanish-speaking countries. Law enforcement in Spain, Argentina, Chile, Colombia, Ecuador and Peru last week conducted 17 arrests and seized more than 900 items, including phones, electronic devices, cars and weapons.

The administrator of the phishing platform, an Argentinian national who had operated it for the last five years, is in custody, Europol said. The phishing-as-a-service platform known as iServer had more than 2,000 users, who provided phone unlocking services to other criminals in possession of stolen phones. Read the full story.

A Federal Trade Commission (FTC) report released Thursday asserts that large social media and video streaming companies are essentially maintaining an all-seeing surveillance apparatus that spies on consumers with few internal controls to regulate how users and non-users’ data is collected, stored and sold.

The report is based on FTC orders for information sent to nine platforms including Meta, Amazon, X, Snap, YouTube and ByteDance, the parent company of TikTok.  The orders were sent in 2020 and reflect the companies’ practices between 2019 and 2020 — but the agency said many of the behaviors it covered remain in use today. Read the full story.

Chinese state-sponsored spies have been spotted inside a global engineering firm’s network, having gained initial entry using an admin portal’s default credentials on an IBM AIX server.

In an exclusive interview with The Register, Binary Defense’s Director of Security Research John Dwyer said the cyber snoops first compromised one of the victim’s three unmanaged AIX servers in March, and remained inside the US-headquartered manufacturer’s IT environment for four months. Read the full story.

China-backed spies are said to have tore down their own 260,000-device botnet after the FBI and its international pals went after them. A Beijing-run crew called Flax Typhoon had been building the Mirai-based botnet since 2021 and was accused of spying on Taiwanese networks by Microsoft in 2023, although that claim is disputed.

The botnet was controlled by the somewhat misnamed Integrity Technology Group, a Chinese business whose chairman has admitted that for years his company has “collected intelligence and performed reconnaissance for Chinese government security agencies,” FBI Director Christopher Wray said. “We think the bad guys finally realized it was the FBI and our partners that they were up against, and with that realization, they essentially burned down their new infrastructure and abandoned their botnet,” said Wray. Read the full story.

Cencora, a healthcare solutions provider, paid a total of $75 million to a ransomware group earlier this year, according to Bloomberg. The publicly traded drug distributor, formerly known as AmerisourceBergen, reportedly sent Bitcoin worth $75 million to cyberattackers following a data breach in February.

In the Sept. 18 report, which cited sources familiar with the matter, Bloomberg stated that Cencora sent the hackers BTC in three transactions. The attackers had initially demanded $150 million from the pharmaceutical solutions provider. Read the full story.

The mass pager attack against Hezbollah in Lebanon has turned the spotlight on Israel’s secretive Unit 8200, the Israel Defense Forces’ intelligence unit, which a Western security source said was involved in planning the operation.

Israeli officials have remained silent on the audacious intelligence operation that killed 12 people on Tuesday and wounded thousands of Hezbollah operatives. At least one person was killed on Wednesday when hand-held radios used by Hezbollah detonated. Read the full story.

Positive Technologies has unveiled comprehensive research on the shadow market of cybercriminal services targeting the Gulf countries. According to the research, cybercriminals remain focused on the two largest economies in the region – the UAE (40% of all posts) and Saudi Arabia (26%). 

Amid geopolitical tensions, hacker groups have ramped up calls for DDoS attacks and breaches to disrupt government institutions in the region. In the first half of 2024, the number of reports on the results of DDoS attacks on the dark web surged by 70% compared to the same period in 2023. Read the full story.

The McMahons Point-headquartered Compass Group has confirmed it has fallen victim to a significant ransomware attack after the Medusa ransomware gang listed it as a victim on its darknet leak site overnight.

Medusa claimed to have stolen 785.5 gigabytes of data and is threatening to publish it within eight days. Medusa is demanding US$2 million to delete the data, or the same amount for anyone to purchase it. The ransom deadline can also be extended by one day for US$100,000. Read the full story.

AT&T has agreed to pay $13 million to resolve a Federal Communications Commission (FCC) investigation. The investigation centered on a January 2023 incident where hackers infiltrated the cloud environment of an AT&T vendor and stole troves of customer information.

The FCC was looking into whether AT&T did enough to stop the attack and more generally keep customer data safe. AT&T agreed to the $13 million settlement and entered into a consent decree that forces the company to “strengthen” its data governance practices, “increase its supply chain integrity” and ensure that there are procedures around the handling of sensitive data. Read the full story.

Song Wu, 39, ran a spear phishing campaign for many years to obtain some of the US’s most coveted information through NASA. Given that Wu worked for a Chinese state-owned aerospace corporation, Wu may have orchestrated this spear phishing campaign to steal software and source code that could later be used to build sophisticated missiles and other weapons for the state.

Wu emailed people employed in the United States government, NASA, the US Air Force, the Navy, the Army, and the Federal Aviation Administration, as well as various research universities in Georgia, Michigan, Massachusetts, Pennsylvania, Indiana, and Ohio. If found guilty, this cybercriminal faces a heavy penalty. He could face almost 300 years on the 14 counts of wire fraud alone.  Read the full story.

Meta banned Russian state-owned media accounts — including RT — from its social media platforms late Monday, an action the Kremlin called “unacceptable.” The owner of Facebook, Instagram and WhatsApp said it made the move because Russian state media networks engage in deceptive influence operations, likely aimed at amplifying Moscow’s propaganda online.

Kremlin spokesman Dmitry Peskov said during a press conference on Tuesday that Russian authorities “have an extremely negative attitude” toward Meta’s decision. Read the full story.

The trend of ransomware crews claiming to sell stolen data privately instead of leaking it online continues with Rhysida marketing the data allegedly belonging to Port of Seattle for 100 Bitcoin (around $5.9 million).

Seen amongst the data the crims say they stole from Port of Seattle were full names, social security numbers, dates of birth, home addresses, phone numbers, heights and weights, hair and eye colors, signatures, and passport scans. Read the full story.

The U.S. Department of Justice announced the indictment of Song Wu, a Chinese national, on charges of wire fraud and aggravated identity theft. Wu is accused of carrying out an advanced phishing campaign to steal specialized software and source code created by the National Aeronautics and Space Administration (NASA) and other critical U.S. aviation agencies.

According to U.S. Attorney Ryan K. Buchanan, Song Wu engaged in a multi-year spear phishing campaign, targeting individuals in key positions across U.S. government agencies, including NASA, the Air Force, Navy, Army, and the Federal Aviation Administration. Read the full story.

From January 2025, Amazon employees are expected to return to the office five days a week. The move from remote to in-office work has been slowly taking place over the past 15 months, as Amazon employees have been told to return to their desks for at least three days per week.

“Our expectation is that people will be in the office outside of extenuating circumstances or if you already have a remote work exception approved,” Jassy said. The move to almost exclusively work from the office environment has been initiated to improve collaboration and connection and “deliver the absolute best for customers and the business.” Read the full story.

According to the calculations of the British news organization, from 2020 to 2022 the real emissions from the company-owned data centers of Google, Microsoft, Meta, and Apple are likely about 662% (7.62 times) higher than officially reported.

Still, all five tech giants have been claiming carbon neutrality, even though Google admitted in its 2020 environmental report that the company’s emissions surged nearly 50% compared to 2019. The company’s total data center electricity consumption grew 17% in 2023 alone. Read the full story.

A $65 million settlement has been agreed to resolve a class action data breach lawsuit against Lehigh Valley Health Network (LVHN) that will see plaintiffs compensated for having nude photographs and other sensitive data stolen and published on the dark web.

In February 2023, LVHN in Pennsylvania confirmed it had fallen victim to a Blackcat ransomware attack. The attack was detected on February 6, 2023. If agreed, the plaintiffs’ attorneys will receive around one-third of the settlement – approximately $21.5 million – and after legal costs have been covered, the plaintiffs’ and class members’ compensation will be paid. Read the full story.

The Federal Bureau of Investigation (FBI) has issued a warning to businesses about business email compromise (BEC) scams, which have resulted in losses of almost $55.5 billion over the past decade. These attacks commonly start with phishing attempts with social engineering techniques used to compromise email accounts. Accounts may also be accessed using stolen credentials or through computer intrusions.

According to the FBI’s Internet Crime Complaint Center (IC3), between October 2013 and December 2023, more than 305,000 domestic and international BEC incidents have been reported. Read the full story.

The Office of the Australian Information Commissioner (OAIC) has released new statistics revealing that the first half of 2024 saw the highest number of data breach notifications in three and a half years.

From January to June 2024, the OAIC report stated that it received 527 notifications of data breaches—a notable increase of 9% compared to the previous six months and the highest since the second half of 2020 in Australia. While 63% of breaches affected 100 or fewer individuals, there was one incident involving a staggering 12.9 million Australians. Read the full story.

Genetic testing giant 23andMe will pay $30 million to more than six million people affected by a data breach that occurred in October 2023. The company settled dozens of lawsuits that arose from an incident.

Dozens of lawsuits filed across the country were consolidated and a mediator’s proposal of $30 million was accepted in July. A company named Verita has been appointed the claims administrator and will manage the financial disbursements. Read the full story.

Rajesh Dhawan

Rajesh Dhawan is a technology professional who loves to write about Cyber-security events and stories, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.