Cyware Weekly Threat Intelligence - January 22–26
Weekly Threat Briefing • Jan 26, 2024
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Weekly Threat Briefing • Jan 26, 2024
In a digital age where data security is paramount, the HHS launched a two-tiered cyber defense strategy for healthcare, focusing on essentials and enhancements to combat threats like ransomware. A piece of good news for iPhone users as Apple's latest iOS 17 leap adds a shield against data theft with Stolen Device Protection, securing iPhones from the prying hands of thieves.
The HHS released voluntary cybersecurity performance goals for the healthcare sector, divided into essential and enhanced categories. These goals, based on industry frameworks, aim to strengthen the sector's cybersecurity posture and address common attack vectors such as ransomware.
Computer science researchers developed a new method to identify security weaknesses that make people vulnerable to account takeover attacks, where unauthorized access is gained to online accounts. They found that the method could be adopted by device manufacturers and app developers to understand complex hacking attacks and improve security measures.
The director general of the Israel National Cyber Directorate (INCD) and the Czech Republic National Cyber and Information Security Agency have signed a Memorandum of Cooperation. The agreement enables closer collaboration between experts from both countries, facilitating the sharing of information and experience, such as through internships, to bolster cybersecurity efforts.
The latest update for the iOS 17 branch includes a new feature called Stolen Device Protection, which helps protect sensitive information if your iPhone is stolen. This feature makes it difficult for thieves to access certain features and perform actions on the stolen iPhone, and enforces a security delay for making changes to critical settings.
In a stunning revelation, over 12TB of data and 26 billion records were compromised from giants like X, Tencent, and Dropbox, spilling secrets from the U.S. to the Philippines. Concurrently, a Trello API misstep exposed 15 million members' private details. Adding to the cyber turmoil, Hewlett Packard Enterprise revealed details on the December cyberattack by the notorious Russia-linked group Midnight Blizzard, targeting its cloud-based email environment.
Microsoft revealed that the email accounts of its top executives, including the individuals in the cybersecurity and legal departments, were breached in an attack attributed to Cozy Bear (aka APT29). The campaign is estimated to have commenced in November 2023 and leveraged password spray attacks to gain an initial foothold.
Monobank, Ukraine's largest mobile-only bank, faced a second massive DDoS attack involving 580 million service requests on January 21, after it tackled a similar disruption on January 20. No threat group has yet been held responsible for the attacks.
Resecurity researchers detected threat actors circulating the PII of 55 million Thai citizens on the dark web. It’s believed that these sensitive details were sourced from various breached platforms and are from organizations in e-commerce, fintech, and government sectors.
An unsecured storage instance leaked over 12TB of data, including 26 billion records, from several companies such as X, Tencent, Weibo, Dropbox, LinkedIn, Adobe, and Canva, among others. The leak also included records of various government organizations in the U.S., Brazil, Germany, Turkey, and the Philippines.
The sensitive personal information of 16.6 million customers was stolen during a ransomware attack earlier this month, loanDepot confirmed in a filing with the SEC. The kind of data impacted in the incident remains unknown.
A ransomware group called Slug claimed that it stole 1TB of data in an attack at AerCap, the world's largest aircraft leasing company. While the group revealed no further information, the firm claimed in the SEC filing that there was no financial loss and that all systems were under control.
In another update, 23andMe confirmed that attackers stole health reports and raw genotype data of customers in the credential stuffing attack that went unnoticed from April 29, 2023, to September 27, 2023. The hack impacted 6.9 million people, leading to lawsuits and updated Terms of Use.
Trezor, the hardware crypto wallet provider, disclosed a data breach that exposed the emails and names of nearly 66,000 users. The incident occurred on January 17 and affected users who interacted with their support team since December 2021.
An exposed Trello API allowed the linking of private email addresses with public Trello profiles, leading to a data leak of 15 million members' information, including emails, usernames, full names, and other details.
An unsecured database containing 1.3 million sets of Dutch COVID-19 records, including 118,441 test certificates, 506,663 appointment records, and 660,173 testing samples, was left exposed by CoronaLab.
Hewlett Packard Enterprise disclosed that the December cyberattack was conducted by the Russia-linked cyberespionage group Midnight Blizzard that gained unauthorized access to its cloud-based email environment. The attackers collected information on the company's cybersecurity division and other functions, exfiltrating data since May 2023.
The HHS issued a warning about a cybersecurity breach involving the self-hosted version of the remote access tool ScreenConnect from ConnectWise. The incident involved the compromise of the pharmacy supply chain and managed services provider, Outcomes, allowing threat actors to gain unauthorized access to their IT environment.
Unmasking digital espionage, ESET researchers revealed NSPX30, an implant by the China-aligned APT group Blackwood, targeting entities from China, Japan, and the U.K. In a separate cyber heist, BlackBerry uncovered a scheme against Mexican banks, where attackers deploy the AllaKore RAT under the guise of legitimate IMSS documents, pilfering banking credentials. Meanwhile, The National Investor in Abu Dhabi alerted of online scammers fraudulently exploiting its identity, echoing the diverse and cunning nature of cyber threats.