Security Bulletin
19 Jul 2024
Biztonsági szemle
US data breach victimization spikes
Such a significant increase in victimization comes amid a 14% increase in the number of data breaches, as well as a 23% growth in driver's license data exfiltration between the first half of 2023 and the first half of 2024, according to a report from the Identity Theft Resource Center.
19 Jul 2024
Biztonsági szemle
Most of SolarWinds hacking suit filed by SEC dismissed
However, allegations of SolarWinds' securities fraud based on its security statement were sustained by the judge.
19 Jul 2024
Biztonsági szemle
Over $230M exfiltrated in WazirX crypto heist
Attackers were noted by WazirX to have compromised the platform's security defenses before proceeding with the asset siphoning activities.
19 Jul 2024
Biztonsági szemle
CrowdStrike confirms faulty update is tied to massive global IT outage: 'Fix has been deployed'
Transport, broadcasters, and financial systems reportedly affected by Microsoft outage.
19 Jul 2024
Biztonsági szemle
Microsoft-signed driver leveraged by HotPage adware
Aside from performing code injections into remote processes, the distributed kernel driver also allows system data exfiltration to a remote server connected to Hubei Dunwang Network Technology Co., Ltd, according to an ESET analysis.
19 Jul 2024
Biztonsági szemle
Third-party postal address sharing resolved by USPS
The U.S. Postal Service has confirmed halting the sharing of its online customers' postal addresses with Meta, Snap, and LinkedIn following a TechCrunch report detailing its disclosure of customer details via tracking pixels across its website.
19 Jul 2024
Biztonsági szemle
Hundreds of thousands of domains registered for Revolver Rabbit infostealer campaigns
Most domains created by Revolver Rabbit contained at least one dictionary word and a five-digit number separated from each other by a dash, a report from Infoblox showed.
19 Jul 2024
Biztonsági szemle
Asia, Europe targeted by new APT41 attacks
APT41, also known as Wicked Panda, Barium, and Winnti, exploited Tomcat Apache Manager servers' web shells to facilitate dropper execution and backdoor distribution before leveraging the DUSTTRAP multi-stage plugin framework to conceal malicious activity.
19 Jul 2024
Biztonsági szemle
Global cyberespionage campaign launched by novel TAG-100 operation
Attacks exploiting known security flaws impacting internet-facing systems, including Microsoft Exchange Server, SonicWall, and F5 BIG-IP instances, as well as the open-source Pantegana and Spark RAT backdoors have been deployed by the new TAG-100 threat operation.
19 Jul 2024
Biztonsági szemle
Widespread IT Outage Due to CrowdStrike Update
Note: CISA will update this Alert with more information as it becomes available. Update 9:45 a.m., EDT, July 21, 2024: Microsoft released a recovery tool that uses a USB drive to boot and repair affected systems. Microsoft also published a blog post that provides links to various remediation solutions and outlines their actions in response to the outage, which include working with CrowdStrike to expedite restoring services to disrupted systems. In the blog post, Microsoft estimates the outage affected 8.5 million Windows devices. Microsoft notes that this number makes up less than one percent of all Windows machines. Update 12:30 p.m., EDT, July 20, 2024: CrowdStrike continues to provide updated guidance on yesterday’s widespread IT outage, including remediation steps for specific environments. CrowdStrike released technical details that provide: A technical summary of the outage and the impact. Information on how the update to the CrowdStrike Falcon sensor configuration file, Channel File 291, caused the logic error that led to the outage. A discussion of the root cause analysis CrowdStrike is undertaking to determine how the logic error occurred. Cyber threat actors continue to leverage the outage to conduct malicious activity, including phishing attempts. CISA continues to work closely with CrowdStrike and other private sector and government partners to actively monitor any emerging malicious activity. According to a new CrowdStrike blog, threat actors have been distributing a malicious ZIP archive file. This activity appears to be targeting Latin America-based CrowdStrike customers. The blog provides indicators of compromise and recommendations. Update 7:30 p.m., EDT, July 19, 2024: The CrowdStrike guidance is updated with additional guidance regarding impacts to specific environments, e.g., Azure, AWS. For additional information: Update from the United Kingdom's National Cyber Security Centre (NCSC-UK) Update from the Australian Cyber Security Centre (ACSC) Update from the Canadian Centre for Cyber Security (CCCS) Threat actors continue to use the widespread IT outage for phishing and other malicious activity. CISA urges organizations to ensure they have robust cybersecurity measures to protect their users, assets, and data against this activity. CISA continues to monitor the situation and will update this Alert to provide continued support. Initial Alert (11:30 a.m., EDT, July 19, 2024): CISA is aware of the widespread outage affecting Microsoft Windows hosts due to an issue with a recent CrowdStrike update and is working closely with CrowdStrike and federal, state, local, tribal and territorial (SLTT) partners, as well as critical infrastructure and international partners to assess impacts and support remediation efforts. CrowdStrike has confirmed the outage: Impacts Windows 10 and later systems. Does not impact Mac and Linux hosts. Is due to the CrowdStrike Falcon content update and not to malicious cyber activity. According to CrowdStrike, the issue has been identified, isolated and a fix has been deployed. CrowdStrike customer organizations should reference CrowdStrike guidance and their customer portal to resolve the issue. Of note, CISA has observed threat actors taking advantage of this incident for phishing and other malicious activity. CISA urges organizations and individuals to remain vigilant and only follow instructions from legitimate sources. CISA recommends organizations to remind their employees to avoid clicking on phishing emails or suspicious links.
19 Jul 2024
Biztonsági szemle
Sajtószemle – 2024. 29. hét
A 2024. 29. hetére vonatkozó hírválogatás, amely az NBSZ NKI által 2024.07.12. és 2024.07.18. között kezelt incidensek statisztikai adatait is tartalmazza.
19 Jul 2024
Biztonsági szemle
Three ways to thwart non-human identity attacks
Why having a plan for managing NHIs has become a requirement.
Pagination
- Previous page ‹‹
- Page 5
- Next page ››