Security Leftovers

posted by Roy Schestowitz on Aug 27, 2023

• Ransoming Linux and ESXi systems is getting easier [Ed: The issue is proprietary software like VMware, not the kernel]

  Ransomware threat actors are widening the pool of potential targets as they shift their sights from Windows-powered devices to Linux and VMware ESXi hosts, according to SentinelOne.

• North Korean APT Hacks Internet Infrastructure Provider via ManageEngine Flaw

  North Korea-linked Lazarus Group exploited a ManageEngine vulnerability to compromise an internet backbone infrastructure provider.

• In Other News: Africa Cybercrime Crackdown, Unpatched macOS Flaw, Investor Disclosures

  Weekly cybersecurity news roundup that provides a summary of noteworthy stories that might have slipped under the radar for the week of August 21, 2023.

• Lawmaker Wants Federal Contractors to Have Vulnerability Disclosure Policies

  Congresswoman Nancy Mace has introduced a bill that would require federal contractors to have a Vulnerability Disclosure Policy (VDP).

• Nearly 1,000 Organizations, 60 Million Individuals Impacted by MOVEit Hack

  Nearly 1,000 organizations and 60 million individuals are impacted by the MOVEit hack, and the Cl0p ransomware gang is leaking stolen data.

• A Brazilian phone spyware was hacked and victims’ devices ‘deleted’ from server

  Portuguese-language spyware called WebDetetive has been used to compromise more than 76,000 Android phones in recent years across South America, largely in Brazil. WebDetetive is also the latest phone spyware company in recent months to have been hacked.

  In an undated note seen by TechCrunch, the unnamed hackers described how they found and exploited several security vulnerabilities that allowed them to compromise WebDetetive’s servers and access to its user databases. By exploiting other flaws in the spyware maker’s web dashboard — used by abusers to access the stolen phone data of their victims — the hackers said they enumerated and downloaded every dashboard record, including every customer’s email address.

• Metropolitan Police on red alert after details of officers and staff hacked in massive security breach

  The Metropolitan Police were on red alert tonight after details of officers and staff were hacked in a massive security breach. All 47,000 personnel were warned of the risk their photos, names and ranks had been stolen when cyber crooks penetrated the IT systems of a contractor printing warrant cards and staff passes.

• Cloud and hosting provider Leaseweb took down critical systems after a cyber attack

  Global hosting and cloud services provider Leaseweb has disabled some “critical” systems following a recent security breach. The company informed its customers that is now working on restoring these systems.

  According to a notice of incident sent to customers, on August 22, the company discovered “unusual” activity in some of its systems while investigating Customer Portal downtime issues.

• Hackers bring down Poland’s train network in massive cyber attack

  Polish intelligence agencies are currently conducting an investigation into a cyberattack that targeted the country’s railway infrastructure, according to reports from Polish media.

  The incident, which occurred overnight, involved hackers gaining unauthorized access to railway frequencies, resulting in disruptions to train services in the northwestern region of Poland. The Polish Press Agency (PAP) revealed that during the attack, the hackers broadcasted Russia’s national anthem and a speech by President Vladimir Putin.