Not one, not two, but three open-source software registries have come under attack at once in an organized cybercrime operation aimed at macOS users. The criminals uploaded harmful packages to PyPI, NPM, and RubyGems repositories. However, the ultimate goal of the attackers remained unclear. The unprecedented saga of events continues with an exploit chain targeting non-native solutions, indicating a worrying trend of exploitation of critical vulnerabilities to gain unauthorized access to systems running high-performance distributed object storage systems like MinIO; admin credentials are on the line.

Furthermore, a reworked variant of the Chaes malware is causing havoc in the banking and logistics sectors with significant overhauls. It has been completely rewritten in Python to bypass traditional security defenses and improve communication protocols.

Top Breaches Reported in the Last 24 Hours

Over 320K patient records exposed

A data breach has compromised the official website of the Ministry of AYUSH in the state of Jharkhand, India, blurting out more than 320,000 patient records on the dark web. Cybersecurity firm CloudSEK revealed that the breached database, totaling 7.3 MB, contains sensitive patient information, including personally identifiable data and medical diagnoses. The breach also revealed the confidential data of doctors. The attack was attributed to a threat actor named Tanaka.

UK schools hit by cyberattacks

Recent reports reveal that a north London school and a Berkshire schools group have fallen victim to serious cyberattacks just before the start of the new academic term. Highgate Wood School in Crouch End has delayed its reopening by six days due to the attack, impacting parents and around 1,500 students. While details about the nature of the attack are scarce, ransomware is suspected.

German financial regulator targeted by DDoS

The German Federal Financial Supervisory Authority (BaFin) recently experienced a distributed DDoS attack, prompting it to cut online connectivity. While the attackers remain unidentified, media speculations suggest pro-Russian adversaries could be behind the activity. The attack follows BaFin's inclusion on a target list published by the pro-Russia group Killnet.

Crypto gambling platform loses tens of millions

Australia-based crypto gambling platform Stake fell victim to a major cyberattack resulting in a reported loss of over $40 million. Initially, the platform saw $16 million vanish from its blockchain wallets. However, subsequent investigations by blockchain experts revealed an even more substantial loss, with over $25 million in BSC and Polygon tokens depleted from Stake's reserves.

Top Malware Reported in the Last 24 Hours

Malicious packages pollute open source repositories

A new cyber campaign has emerged, with threat actors uploading malicious packages to PyPI, NPM, and RubyGems repositories, posing a significant threat to macOS user data. The malicious packages would collect system information and exfiltrate it to attacker-controlled servers. Security firm Phylum identified a connection between these packages, suggesting a coordinated campaign against software developers.

Chaes malware evolves

A new Chaes malware iteration, referred to as Chae$ 4, has come to the notice of cybersecurity experts. Making it less detectable by traditional defenses, it boasts an expanded list of targeted services for credential theft, clipper functionalities, and the ability to intercept cryptocurrency transfers and payments via Brazil's PIX platform. The malware is typically delivered through compromised websites and communicates with command-and-control servers to steal data and facilitate unauthorized activities.

Top Vulnerabilities Reported in the Last 24 Hours

MinIO storage system exploited

An unidentified threat actor weaponized critical security holes in the MinIO high-performance object storage system, gaining unauthorized code execution on targeted servers. Cybersecurity firm Security Joes reported that the intrusion used a publicly available exploit chain to backdoor the MinIO instances. The vulnerabilities—CVE-2023-28432 and CVE-2023-28434—have the potential to expose sensitive data and allow RCE. The attacker exploited these flaws to obtain admin credentials, ultimately replacing the MinIO client with a trojanized version through a deceptive update.