Cyber security news July 2024

This posting is here to collect cyber security news in July 2024.

I post links to security vulnerability news to comments of this article.

You are also free to post related links to comments.

126 Comments

  1. Tomi Engdahl says:

    Zack Whittaker / TechCrunch:
    A May 2024 data breach at mobile spyware company mSpy leaked millions of customer support tickets, including personal data, its third known breach since 2010 — Customer service emails dating back to 2014 exposed in May breach — A data breach at the phone surveillance operation mSpy …

    https://techcrunch.com/2024/07/11/mspy-spyware-millions-customers-data-breach/

    Reply
  2. Tomi Engdahl says:

    Sean Lyngaas / CNN:
    Sources: US car dealership software provider CDK Global appears to have paid ~$25M to hackers on June 21, after a ransomware attack shut down its systems

    How did the auto dealer outage end? CDK almost certainly paid a $25 million ransom
    https://edition.cnn.com/2024/07/11/business/cdk-hack-ransom-tweny-five-million-dollars/

    CDK Global, a software firm serving car dealerships across the US that was roiled by a cyberattack last month, appears to have paid a $25 million ransom to the hackers, multiple sources familiar with the matter told CNN.

    The company has declined to discuss the matter. Pinpointing exactly who sends a cryptocurrency payment can be complicated by the relative anonymity that some crypto services offer. But data on the blockchain that underpins cryptocurrency payments also tells its own story.

    On June 21, about 387 bitcoin — then the equivalent of roughly $25 million — was sent to a cryptocurrency account controlled by hackers affiliated with a type of ransomware called BlackSuit, Chris Janczewski, head of global investigations at crypto-tracking firm TRM Labs, told CNN.

    Reply
  3. Tomi Engdahl says:

    Matt Burgess / Wired:
    A US judge sentences Ukrainian Vyacheslav Igorevich Penchukov, who helped lead the prolific Zeus malware gang, to 18 years in jail and orders payment of $73M+ — The cybercrime boss, who helped lead the prolific Zeus malware gang and was on the FBI’s “most wanted” list for years …

    Notorious Hacker Kingpin ‘Tank’ Is Finally Going to Prison
    The cybercrime boss, who helped lead the prolific Zeus malware gang and was on the FBI’s “most wanted” list for years, has been sentenced to 18 years and ordered to pay more than $73 million.
    https://www.wired.com/story/vyacheslav-igorevich-penchukov-tank-zeus-malware-sentencing/

    Reply
  4. Tomi Engdahl says:

    Olga Kharif / Bloomberg:
    Chainalysis: more than half of all illicit transaction volume in crypto now winds up on centralized exchanges — – Chainalysis finds record stablecoin usage in suspect activity — Over half of illegal funds wind up on centralized exchanges — Suspect digital wallets have distributed close …

    Crypto’s $100 Billion in Illicit Flows Swamp Stablecoins, Exchanges
    https://www.bloomberg.com/news/articles/2024-07-11/crypto-s-100-billion-in-illicit-flows-swamp-stablecoins-exchanges

    Chainalysis finds record stablecoin usage in suspect activity
    Over half of illegal funds wind up on centralized exchanges

    Reply
  5. Tomi Engdahl says:

    CISA Takedown of Ivanti Systems Is a Wake-up Call
    The exploitation of vulnerabilities in Ivanti’s software underscores the need for robust cybersecurity measures and proactive response strategies to mitigate risks and protect critical assets.
    https://www.darkreading.com/vulnerabilities-threats/cisa-takedown-ivanti-systems-is-wake-up-call

    In the wake of the attack on Ivanti’s VPN software, which prompted decisive action from the Cybersecurity and Infrastructure Security Agency (CISA), what can we learn? This incident raises new questions about exploit techniques, organizational response to security breaches, and the skyrocketing cost of downtime.

    First, let’s break down what happened. From what’s been disclosed, the vulnerabilities in Ivanti’s system, particularly its VPN gateway, enabled threat actors to bypass authentication and gain unauthorized access. By sending maliciously crafted packets to the VPN gateway, attackers had a free pass to infiltrate the system without needing to steal credentials. Once inside, they could export user credentials — including domain administrator credentials.

    Reply
  6. Tomi Engdahl says:

    Hackers target WordPress calendar plugin used by 150,000 sites
    https://www.bleepingcomputer.com/news/security/hackers-target-wordpress-calendar-plugin-used-by-150-000-sites/

    Hackers are trying to exploit a vulnerability in the Modern Events Calendar WordPress plugin that is present on more than 150,000 websites to upload arbitrary files to a vulnerable site and execute code remotely.

    The plugin is developed by Webnus and is used to organize and manage in-person, virtual, or hybrid events.

    The vulnerability exploited in attacks is identified as CVE-2024-5441 and received a high-severity score (CVSS v3.1: 8.8). It was discovered and reported responsibly on May 20 by Friderika Baranyai during Wordfence’s Bug Bounty Extravaganza.

    Reply
  7. Tomi Engdahl says:

    Ticketmaster warns customers to take action after hack
    https://www.bbc.com/news/articles/c729e3qr48qo

    Ticketmaster customers in North America have been sent emails warning them to take action after the company was hacked in May.
    Emails were sent overnight to Canadian customers, urging them to “be vigilant and take steps to protect against identity theft and fraud.”
    The company has not commented on the notification process – however similar emails have reportedly been sent to victims in the US and Mexico.
    The personal details of 560 million Ticketmaster customers worldwide were stolen in the hack – with cyber criminals then attempting to sell that information online.

    Reply
  8. Tomi Engdahl says:

    Indonesia gov ransomware chaos may be over after hack group apologizes and says it has shared decrypt keys
    News
    By Jowi Morales published July 4, 2024
    This is lucky, as the government didn’t have backups.
    https://www.tomshardware.com/tech-industry/cyber-security/indonesia-gov-ransomware-chaos-may-be-over-after-hack-group-apologizes-and-says-it-has-shared-decrypt-keys

    Reply
  9. Tomi Engdahl says:

    Critical Unpatched Flaws Disclosed in Popular Gogs Open-Source Git Service
    https://thehackernews.com/2024/07/critical-vulnerabilities-disclosed-in.html

    Reply
  10. Tomi Engdahl says:

    GOVERNMENTSupreme Court Ruling Threatens the Framework of Cybersecurity Regulation
    The Supreme Court’s striking down of the Chevron Doctrine will have a major effect on the determination and enforcement of cyber regulation in the US.
    https://www.securityweek.com/supreme-court-ruling-threatens-the-framework-of-cybersecurity-regulation/

    Reply
  11. Tomi Engdahl says:

    How to Change Your IP Address With and Without a VPN
    You can refresh your IP address using several methods. Here’s how to do it with a VPN, a proxy server, restarting your router, and manually or automatically updating it on your device.
    https://www.cnet.com/tech/services-and-software/how-to-change-ip-address/

    Reply
  12. Tomi Engdahl says:

    Zotac server misconfig exposed customer info to Google searches — customer RMA documents are available on the open web
    News
    By Jeff Butts published July 7, 2024
    If you’ve ever requested an RMA, now’s a good time to Google yourself to make sure your own data isn’t open to the public.
    https://www.tomshardware.com/tech-industry/cyber-security/zotac-suffers-massive-customer-data-spill-server-misconfiguration-let-anyone-search-customer-rma-documents-via-google

    Reply
  13. Tomi Engdahl says:

    Biggest password database posted in history spills 10 billion passwords — RockYou2024 is a massive compilation of known passwords
    News
    By Christopher Harper published July 6, 2024
    The leak dropped on the 4th of July. Here’s what you need to know
    https://www.tomshardware.com/tech-industry/cyber-security/biggest-password-leak-in-history-spills-10-billion-passwords

    Reply
  14. Tomi Engdahl says:

    Cloudflare’s new free tool stops bots from scraping your website content to train AI
    AI bots accessed around 39% of the top one million ‘internet properties’ using Cloudflare in June of 2024, according to the company
    https://www.zdnet.com/article/cloudflares-new-free-tool-stops-bots-from-scraping-your-website-content-to-train-ai/#google_vignette

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*