Articles of interest from the week of October 28, 2024

Black Basta Ransomware Poses as IT Support on Microsoft Teams to Breach Networks

The BlackBasta ransomware operation has moved its social engineering attacks to Microsoft Teams, posing as corporate help desks contacting employees to assist them with an ongoing spam attack. Black Basta is a ransomware operation active since April 2022 and responsible for hundreds of attacks against corporations worldwide. (BleepingComputer)

“Posing as IT support staff on Microsoft Teams is a novel approach, exploiting the fact that many Intercompany communications platforms now allow third-party vendor access. Using the platform's more casual conversation familiarity to build trust with employees, this new strategy is the perfect example of evolving threats to companies and end users.  Adversaries continually find new ways to effectively circumvent traditional defenses, posing a significant challenge for organizations relying solely on perimeter-based security measures or outdated training. Proper Social Engineering training for employees and contractors, and a rigorous vetting program for allowing third party vendors on your Intercompany communication platforms is prudent for all organizations, big or small.” – Andrew Tucker, Tier 3 SOC Analyst at Ingalls Information Security

Fitness App Strava Gives Away Location of Biden, Trump and other Leaders, French Newspaper Says

An investigation by French newspaper Le Monde found that the highly confidential movements of U.S. President Joe Biden, presidential rivals Donald Trump and Kamala Harris, and other world leaders can be easily tracked online through a fitness app that their bodyguards use. (SecurityWeek)

Casio Ransomware Recovery Remains Uncertain

TechCrunch reports that major Japanese electronics manufacturing firm Casio has disclosed uncertainty in its recovery from a ransomware attack earlier this month as many of its systems continued to be inoperable. (MSSP Alert)

Cisco Disables DevHub Access After Security Breach

Cisco has disabled public access to one of its DevHub environments after threat actors downloaded some customer data from the site and put it up for sale on a cybercrime forum. (Dark Reading)

FortiGate Admins Report Active Exploitation 0-Day. Vendor Isn’t Talking.

Patch Tuesday: Redmond warns that attackers are rigging Microsoft Saved Console (MSC) files to execute remote code on targeted Windows systems. (Ars Technica)

Tricky CAPTCHA Caught Dropping Lumma Stealer Malware

OpenAI has disrupted over 20 malicious cyber operations abusing its AI-powered chatbot, ChatGPT, for debugging and developing malware, spreading misinformation, evading detection, and conducting spear-phishing attacks. (Dark Reading)

Apple Opens Private Cloud Compute for Public Security Inspection

Apple has introduced new tools and launched a virtual research lab to enable public inspection and verification of the security and privacy claims of the Private Cloud Compute technology integrated into modern iPhones. (SecurityWeek)