Welcome to the 33 new members from the last 30 days! This newsletter now has 1,579 subscribers.

Partners and Affiliates

🔐 NordVPN Black Friday & Cyber Monday

Campaign duration:

• Black Friday: October 16 - December 2

• Cyber Monday: December 2 - 10

• Special offer: up to 74% off + 3 months extra, starting at $2.99 / 2.99 €

GET THE DEAL

Breaches & Security Incidents

The biggest data breaches in 2024: 1 billion stolen records and rising

The cybersecurity skills gap contributed to a $1.76 million increase in average breach costs

↳ EIW — ESET Israel Wiper — used in active attacks targeting Israeli orgs, by Kevin Beaumont

↳ ESET partner breached to send data wipers to Israeli orgs

🇺🇸 🔓 Cybercriminals have stolen sensitive customer data from Globe Life and are extorting the company for money. The breach affects about 5,000 individuals, but the total number of impacted customers may be much higher. Globe Life has reported the incident to federal law enforcement and is investigating the situation further.

🇩🇪 🔓 Volkswagen has confirmed that its IT infrastructure remains unaffected after a ransomware group claimed to have stolen data from the company — The group, named 8Base, alleges that it has taken various confidential documents but has not released any information publicly. Volkswagen is monitoring the situation closely but has not provided further details about the cyberattack.

🇺🇸 🔓 Cisco is investigating claims of a data breach after a hacker named "IntelBroker" claimed to have stolen sensitive information — The hacker is selling various Cisco-related files on a hacking forum, including source code and customer data. Cisco is looking into the situation to determine the validity of these claims.

↳ Cisco takes DevHub portal offline after hacker publishes stolen data

🇺🇸 🔓 The America First Policy Institute, which supports Donald Trump, reported that its computer systems were breached — This is the second time a group linked to Trump has faced a cyberattack. The organization believes the attack resembles tactics used by foreign nation-states.

👾 🔓 Game Freak, the developer of Pokémon games, confirmed a cyberattack in August that led to the leak of source code and personal information of its employees. The leaked data includes names and email addresses, but it appears that player data was not affected. Game Freak has implemented new security measures to prevent future incidents.

🇺🇸 🔓 Hackers have stolen and are selling data from Verizon's push-to-talk systems, which are used by government agencies and first responders — This breach does not affect Verizon's main consumer network and involves less severe data loss compared to recent hacks of other telecom companies. Verizon confirmed the incident and stated that no private or personal information was released, but security concerns remain for the industry.

➝ More breaches:

• Gryphon Healthcare, Tri-City Medical Center Disclose Significant Data Breaches

• Varsity Brands Data Breach Impacts 65,000 People

• Omni Family Health Data Breach Impacts 470,000 Individuals

Cybercrime, Cyber Espionage, APT’s

🇷🇺 🇺🇦 The Russian hacker group called RomCom has launched new cyber attacks against Ukrainian government agencies using a variant of malware known as SingleCamper — These attacks aim to gain long-term access to networks, gather sensitive data, and potentially deploy ransomware for financial gain. The group has been rapidly expanding its tools and methods since it was first identified in 2022.

🇧🇷 🇺🇸 A hacker known as USDoD, linked to major data breaches, was arrested in Brazil during "Operation Data Breach" — He had stolen and leaked sensitive information, including data from the FBI's InfraGard and National Public Data. His arrest followed a leak that revealed his identity as Luan BG, a 33-year-old Brazilian.

🇸🇩 🇺🇸 Two Sudanese brothers have been charged for launching numerous DDoS attacks on major tech companies and government agencies — Their operation, called Anonymous Sudan, targeted companies like Microsoft, PayPal, and CNN. If convicted, one brother could face life in prison, while the other could face up to five years.

↳ US Department of Justice Press Release

🇫🇮 Finnish Customs has shut down the dark web drug marketplace 'Sipultie' and seized its servers, which were used for selling illegal narcotics. The site, which launched in February 2023, had a turnover of about 1.3 million Euros. Authorities identified the operators and users, hinting that arrests may follow soon.

🇨🇳 🇺🇸 China's National Computer Virus Emergency Response Center claims that the U.S. invented the Volt Typhoon threat to distract from its own cyber espionage activities — They accuse the U.S. of conducting false flag operations and using advanced technology to mislead investigations into cyber attacks. The report calls for international collaboration to improve cybersecurity and addresses concerns about the U.S.'s control over internet infrastructure.

🇮🇷 The Iranian hacker group APT34, also known as OilRig, is exploiting a Windows kernel flaw in a cyber espionage campaign targeting the UAE and Gulf region — They use advanced tactics, such as stealing credentials through Microsoft Exchange servers and deploying a new backdoor called STEALHOOK. Their recent activities show a focus on exploiting vulnerabilities in critical infrastructure to maintain access and launch further attacks.

Government, Politics, and Privacy

🇺🇸 The US cybersecurity agency CISA and the FBI have released guidance on bad security practices for software manufacturers and are asking for public feedback — The guidance highlights risky practices and recommends ways to improve security, especially for software related to critical infrastructure. While aimed at software makers, all developers are encouraged to follow these recommendations to enhance security.

🇫🇷 ⚖️ A French court has ordered several porn websites, including Tukif and Xhamster, to be blocked for not using strong age verification systems to protect children. The sites have 15 days to implement effective measures or face extended blocking. This decision is part of a larger effort in Europe to enhance child safety online.

Partners and Affiliates

🌐 Stay connected and secure on the go with Airalo's global eSIMs — Use the code NEWTOAIRALO15 if you’re new to Airalo to get an additional 15% discount.

Malware & Threats

Fake Google Meet conference errors push infostealing malware

🦠 🇰🇵 North Korea's ScarCruft group exploited a Windows security flaw to spread RokRAT malware — The attack involved tricking users into clicking a malicious link, allowing the malware to take control of their devices.

🦠 🇧🇷 A new spear-phishing campaign in Brazil is delivering banking malware called Astaroth by impersonating official tax documents — This attack affects various industries, including manufacturing and government agencies, by tricking users into downloading malicious files. Experts recommend using strong passwords, multi-factor authentication, and keeping software updated to protect against such threats.

🦠 🏧 North Korean hackers have created a new Linux version of FASTCash malware to steal money from ATMs by infecting payment switch systems. This malware manipulates transaction messages to falsely approve cash withdrawals, allowing thieves to take large amounts of money without detection. The discovery of this Linux variant highlights the ongoing threat posed by these hackers, who have been active in stealing millions since at least 2016.

🦠 🤖 New variants of the TrickMo malware have been found, designed to steal Android PINs through a fake lock screen. It uses phishing techniques to trick users into entering their PINs, allowing attackers to access devices and sensitive information. Over 13,000 victims have been identified, primarily in Canada, and users are advised to avoid suspicious downloads and keep Google Play Protect active.

AI, Crypto, Tech & Tools

Some Americans are still using Kaspersky’s antivirus despite U.S. government ban

☁️ 🤷🏻‍♂️ Microsoft has informed customers that it lost security logs for its cloud products during a two-week period in September due to a bug. This missing data could hinder the ability to detect unauthorized access and threats. The issue was not caused by a security incident, and Microsoft has since rolled back the service change that led to the outage.

🇭🇰 🤖 Hong Kong police arrested 27 people in a romance scam that used AI to create fake online personas, swindling victims out of $46 million — The scammers set up fake cryptocurrency trading platforms and showed false profit records to lure in victims. Some of those arrested are linked to a major organized crime group in the region.

🛍️ 📱 Over 200 malicious apps on Google Play were downloaded nearly eight million times in one year — The most common threats included info-stealers and adware that could subscribe victims to premium services. Users are advised to check app reviews and permissions to avoid malware infections.

✉️ 🤖 Gmail users are facing new AI-driven scams that can trick even experienced individuals into revealing their account information — Google has launched a Global Signal Exchange to help combat these threats and improve security for all users. To stay safe, users should remember that Google will never contact them directly and should use protective measures like the Advanced Protection Program.

🤖 A new technique called ShadowLogic can create hidden backdoors in AI models without needing to alter the code. This method manipulates the model's computational graph to trigger specific actions when certain inputs are detected. As a result, many AI systems, including those used in healthcare and cybersecurity, are vulnerable to targeted attacks.

Vulnerabilities, Research, and Threat Intelligence

• F5 BIG-IP Updates Patch High-Severity Elevation of Privilege Vulnerability

• GitHub Patches Critical Vulnerability in Enterprise Server

• Juniper Networks Patches Dozens of Vulnerabilities

• Microsoft Patches Vulnerabilities in Power Platform, Imagine Cup Site

• Oracle Patches Over 200 Vulnerabilities With October 2024 CPU

• Splunk Enterprise Update Patches Remote Code Execution Vulnerabilities

• VMware Patches High-Severity SQL Injection Flaw in HCX Platform

• WordPress Plugin Jetpack Patches Major Vulnerability Affecting 27 Million Sites

• Tens of thousands of IPs vulnerable to Fortinet flaw dubbed ‘must patch’ by feds

🇰🇵 A North Korean hacking group exploited a newly discovered Internet Explorer vulnerability to carry out a supply chain attack. They compromised an advertising agency to deliver malware through ads without requiring user interaction. This attack could affect many programs that still use the vulnerable IE engine.

🪳 🍎 Microsoft has revealed a security flaw in macOS that allows attackers to bypass privacy controls in Safari and access user data without consent. This vulnerability, known as HM Surf, has been patched by Apple in the latest macOS update. Users are advised to update their systems to protect against potential exploits related to this weakness.

🪳 🧐 A security researcher discovered a serious vulnerability in Zendesk that allowed attackers to access customer support tickets from many Fortune 500 companies through email spoofing — Despite reporting the bug to Zendesk, the company rejected the claims, leading the researcher to inform affected companies directly. Ultimately, Zendesk fixed the issue but did not acknowledge or reward the researcher for their findings.

🪳 A serious security flaw in Kubernetes Image Builder could allow attackers to gain root access to nodes using certain virtual machine images — The vulnerability has been fixed in version 0.1.38, which replaces default credentials with randomly-generated passwords during image builds. Users are advised to disable the builder account on affected VMs and rebuild their images with the updated version.

🪳 🤖 NVIDIA has identified a significant security flaw in its NeMo generative-AI framework that allows hackers to execute code and tamper with data. The vulnerability, linked to unsafe file extraction, affects systems running Windows, Linux, and MacOS. Nvidia has released a patch and recommends users upgrade to version r2.0.0rc0 or later to protect their systems.

🔓 Chinese researchers have demonstrated that D-Wave's quantum computers can break RSA encryption and attack other encryption methods, raising concerns for cybersecurity. This study suggests that quantum computers could threaten data security sooner than expected, making it crucial for organizations to rethink their encryption strategies. Experts stress the urgent need for "quantum-safe" encryption to protect sensitive information from future quantum attacks.

🪳 💰 Google released a new update for Chrome that fixes 17 vulnerabilities, including a severe security issue for which they paid a $36,000 reward — Most of the problems were reported recently, and users are encouraged to update their browsers immediately. The latest Chrome versions are now available for Windows, macOS, Linux, and Android.

🪳 🔓 Security researchers have discovered new attacks, CounterSEVeillance and TDXDown, that target the trusted execution environments (TEEs) of AMD and Intel processors — These attacks exploit vulnerabilities in the systems meant to protect sensitive data and can potentially allow attackers to access confidential information. Both AMD and Intel have responded by advising developers to adopt best practices to mitigate these risks, while Intel has updated its security measures for TDX.

ICS, OT & IoT

🇮🇷 Iranian hackers are targeting passwords in critical sectors like healthcare and energy, according to a joint advisory from U.S., Canadian, and Australian cyber agencies. They use methods like brute force attacks and multifactor authentication push bombing to gain access to systems. The agencies recommend using strong passwords and enabling MFA to protect against these cyber threats.