By security practitioners, for security practitioners novacoast federal | Apex Program | novacoast | about innovate
By security practitioners, for security practitioners

Weekly Top 10: 10.21.2024: North Korean Threat Actors Target ATMs; BianLian Claims Responsibility for Attack on Children’s Hospital; Hacker Behind the Infamous NPD Breach Arrested by Brazilian Authorities, and More.

WEEKLY TOP TEN: October 21, 2024, 16:00 GMT

  1. North Korean Threat Actors Target ATMs

    Researchers are observing threat actors believed to be affiliated with the DRPK using a variant of the FASTCash malware to infect Linux-based ATMs. This malware infects the payment processing switch servers, which handle card transactions, allowing for the theft of payment card information.
  2. New Android Tool for Anti-Malware Protection

    Researchers at George Tech have released a new tool for Android devices which scans for malware abusing the accessibility features, a common tactic used by malware authors. It does this by simulating accessibility events which tricks the malware into revealing it’s functions.
  3. Ransomware Encryption Rates on a Decline

    The recent Microsoft Digital Defense Report showed some hopeful news. Although ransomware attacks are still on the rise, successful encryption rates have declined by nearly 300%. This is due to security tooling and analysts catching the attack pre-encryption. Either blocking the payload from executing or stopping the threat actor prior to the encryptor being dropped.
  4. BianLian Claims Responsibility for Attack on Children’s Hospital

    Although ransomware groups are inherently immoral, most will avoid targeting critical infrastructure and healthcare organizations, likely because those attacks will put the spotlight on them, increasing the chances of law-enforcement action. However, BianLian has been relentless in attacks on those specific sectors. With their most recent example being an attack on Boston Children’s Health Physicians, an organization of 300 pediatric doctors.
  5. Kubernetes Default Credential Allows for Root Access

    A hard-coded default credential included in the Kubernetes image build process has been discovered and can lead to root access of virtual machines via SSH. Specifically, this most heavily impacts Proxmox servers, a popular server operating system built for virtualization.
  6. Hacker Behind the Infamous NPD Breach Arrested by Brazilian Authorities

    The threat actor, known online as ‘USDoD’ was behind several major data breaches including, NPD, the FBI’s InfraGuard system, and CrowdStrike’s threat actor database. Which lead CrowdStrike to investigate him and uncover his identity as Belo Horizonte a Brazilian national. This led to his arrest by the Brazilian authorities under ‘Operation Data Breach’.
  7. US Government Places $10M Bounty on Russian Media Company

    The Russian media company Rybar has been responsible for social media campaigns promoting a pro-Russian world view. The US government has now placed a ten-million-dollar bounty on information leading to the indictment or arrest of its key contributors, with the stated reason of election security.
  8. Hackers Breach Pokémon Developers and Leak Source Code

    Hackers have breached the developers of the world-famous Pokémon video game franchise and leaked source code of several iterations of the games. Some of which are unreleased titles and demos. The attackers also leaked employee data.
  9. Fake Google Meet Pages Utilized to Deliver Infostealers

    Attackers have begun using fake Google Meet pages to get users to run malware on their system as part of the ongoing ClickFix campaign. When attempting to join the fake meet an error will be displayed, prompting users to copy and paste encoded PowerShell commands into the Windows run dialog box claiming it will fix the error, when in fact, this simply executes malicious code.
  10. Intel and AMD Processors Leave Linux Systems Vulnerable

    A new vulnerability in Intel and AMD processors, which are being utilized to run Linux based operating systems was discovered by researchers. This takes advantage of Speculative Execution, which is an optimization feature used by modern processors. Abuse can lead to the theft of sensitive information such as passwords.

Our Threat Operations and Intelligence team compiles a daily digest of the most recent online cybersecurity risks. The following top 10 stories were selected from the 40+ original ones we determined to be most significant during the course of the week, ranking by highest risk and using multiple sources when available:

Previous Post

Weekly Top 10: 10.14.2024: American Water Under Attack Forced to Shut Down Systems; Ukrainian National Pled Guilty to Involvement in Raccoon Stealer; 31 Million Accounts Leaked in Security Breach Against the Internet Archive, and More.

Next Post

XM Cyber and Endor Labs Win “Most Innovative Technology” Award at Innovate Cybersecurity Summit in Scottsdale

Innovate uses cookies to give you the best online experience. If you continue to use this site, you agree to the use of cookies. Please see our privacy policy for details.