Articles of interest from the week of July 22, 2024

Cybercriminals Exploit CrowdStrike Update Mishap to Distribute Remcos RAT Malware

Cybersecurity firm CrowdStrike, which is facing the heat for causing worldwide IT disruptions by pushing out a flawed update to Windows devices, is now warning that threat actors are exploiting the situation to distribute Remcos RAT to its customers in Latin America under the guise of providing a hotfix. (The Hacker News)

“Given the chaos of the day and the sheer impact, it is no surprise threat actors immediately moved to capitalize on it. My hope is that this event is a watershed moment for many developers’ software development cycles, leading to better software change management and testing policies.” – Michael Schwartz, CSM Lead at Ingalls Information Security

AT&T Paid a Hacker $370,000 to Delete Stolen Phone Records

US telecom giant AT&T, which disclosed Friday that hackers had stolen the call records for tens of millions of its customers, paid a member of the hacking team more than $300,000 to delete the data and provide a video demonstrating proof of deletion. (WIRED)

KnowBe4 Hired Fake North Korean IT Worker, Catches While Installing Malware

Security awareness and training provider KnowBe4 recently disclosed that it inadvertently hired a fake North Korean IT worker who attempted to install malware on a company-issued computer. (Cyber Security News)

Daggerfly APT Group Attacks Showcase Updated Tools

A known APT espionage group has updated its toolset in a number of recent attacks against organizations in Taiwan, as well as a U.S. non-governmental organization in China. (Decipher, Duo Security)

New Linux Variant of Play Ransomware Targeting VMware ESXi Systems

Cybersecurity researchers have discovered a new Linux variant of a ransomware strain known as Play (aka Balloonfly and PlayCrypt) that's designed to target VMware ESXi environments, (The Hacker News)

Top Phishing Campaigns in July 2024: SharePoint Abuse, DeerStealer, and More

ANY.RUN sandbox recently detected a surge in a phishing campaign that exploited SharePoint. In just 24 hours, over 500 instances of SharePoint phishing were uploaded to the service. (Cyber Security News)

Two Foreign Nationals Plead Guilty to Participation in LockBit Ransomware Group

Two foreign nationals pleaded guilty today in Newark federal court to participating in the LockBit ransomware group – at various times the most prolific ransomware variant in the world – and to deploying LockBit attacks against victims in the United States and worldwide. (U.S. Attorney's Office, District of New Jersey)

Rite Aid Says Hack Impacts 2.2M People as Ransomware Gang Threatens to Leak Data

Pharmacy chain Rite Aid has revealed that a recent data breach impacts 2.2 million people. Meanwhile, a known ransomware group is threatening to leak sensitive information stolen from the company. (SecurityWeek)

Sizable Chunk of SEC Charges Against SolarWinds Tossed Out of Court

Judge dismisses claims against SolarWinds for actions taken after its systems had been breached, but allows the case to proceed for alleged misstatements prior to the incident. (Dark Reading)

New ICS Malware 'FrostyGoop' Targeting Critical Infrastructure

Cybersecurity researchers have discovered what they say is the ninth Industrial Control Systems (ICS)-focused malware that has been used in a disruptive cyber attack targeting an energy company in the Ukrainian city of Lviv earlier this January, (The Hacker News)

Hackers Claim to Have Leaked 1.1 TB of Disney Slack Messages

A hacker group called “NullBulge” says it stole more than a terabyte of Disney’s internal Slack messages and files from nearly 10,000 channels in an apparent protest over AI-generated art. (WIRED)

Cisco Warns of Critical Flaw Affecting On-Prem Smart Software Manager

Cisco has released patches to address a maximum-severity security flaw impacting Smart Software Manager On-Prem (Cisco SSM On-Prem) that could enable a remote, unauthenticated attacker to change the password of any users, including those belonging to administrative users. The vulnerability, tracked as CVE-2024-20419, carries a CVSS score of 10.0. (The Hacker News)

Apache HugeGraph Vulnerability Exploited in Wild

A recently patched Apache HugeGraph-Server vulnerability tracked as CVE-2024-27348 is being targeted in attacks. (SecurityWeek)

Automated Threats Pose Increasing Risk to the Travel Industry

As the travel industry rebounds post-pandemic, it is increasingly targeted by automated threats, with the sector experiencing nearly 21% of all bot attack requests last year. That's according to research from Imperva, a Thales company. In their 2024 Bad Bot Report, Imperva finds that bad bots accounted for 44.5% of the industry's web traffic in 2023—a significant jump from 37.4% in 2022. (The Hacker News)