CyberWatch

In April of 2024, AT&T suffered a significant data breach where threat actors illegally downloaded call and text records of approximately 109 million customer accounts.The AT&T data breach was the result of compromised credentials used to access the company's Snowflake account. Snowflake, a cloud-based database provider, allows customers to perform data warehousing and analytics on large volumes of data. This breach is part of a broader wave of data theft attacks targeting Snowflake customers, attributed to the financially motivated threat actor UNC5537, who used credentials stolen via infostealer malware.

Implementing strong passwords is essential to protect your online accounts from unauthorized access. This article explains why.

Understanding Phishing Phishing is a form of social engineering where cybercriminals aim to trick individuals into revealing sensitive information or downloading malware. This type of attack typically involves sending an email that appears to come from a legitimate, trusted source. The email often contains a brief message followed by a link or attachment. Clicking the link usually redirects the victim to a fake login page that requests their credentials, while attachments may contain malware. Cybercriminals seek information such as login credentials, bank account details, and credit card information to commit identity theft and financial fraud.

The Florida Department of Health (DOH) is currently addressing a significant ransomware attack that has severely impacted its vital statistics system, which processes birth and death certificates. The cybercriminal group RansomHub has claimed responsibility for the attack, asserting that it stole over 100 gigabytes of data, including personally identifiable information (PII) and protected health information (PHI). RansomHub began leaking the stolen data after the DoH missed a July 1 payment of ransom deadline.

On June 3, Cybersecurity researchers Sina Kheirkhah of Summoning Team and Soroush Dalili successfully completed a proof of concept exploit leveraging two vulnerabilities, CVE-2024-4358 and CVE-2024-1800. These vulnerabilities affect Progress Telerik Report Server and allow remote code execution utilizing deserialization and authentication bypass.

A critical vulnerability has been confirmed in select D-Link NAS devices, including DNS-340L, DNS-320L, DNS-327L, and DNS-325. Evidence suggests that other D-Link NAS devices may also be affected. The vulnerability, identified as CVE-2024-3273 (CVSS: 9.8), exploits the /cgi-bin/nas_sharing.cgi component of the HTTP GET Request Handler. By manipulating this component, an attacker can perform remote command injection to obtain hardcoded credentials. A publicly disclosed exploit developed by NetSecFish has confirmed the presence of this vulnerability. Network scans indicate that over 92,000 devices are affected.

Last November, a ransomware collective did something unprecedented. A week after breaching a fintech company, it wrote to the U.S. government. The criminals reported their own crime. They didn’t intend to turn themselves in, or give up anything they’d stolen, though. Quite the contrary: they wanted to wield the power of U.S. regulatory law against their victim. The stunt reflected a broader, sweeping change to how organizations across America must now handle their data breaches. And if fear was the goal, it certainly worked.

A critical vulnerability categorized as CVE-2024-24919 (CVSS 3.1: 7.5) has been identified in multiple Check Point products by the Check Point Research Division. This zero-day vulnerability allows attackers to access specific information on gateways connected to the internet with Remote Access VPN or Mobile Access enabled. On May 24th, Check Point detected increased threat actor activity targeting Remote Access VPN environments. On May 27th, a customer reported an attack leveraging this vulnerability.

On October 3rd, the prescription management company Sav-Rx experienced a significant cyberattack that resulted in the exposure of sensitive information. The incident was discovered on October 8th when the company experienced a network disruption. Despite the breach, Sav-Rx successfully restored its IT system within 24 hours. An investigation, which concluded on April 30th, revealed that the hackers accessed non-clinical systems and obtained files related to the company's medication benefits management services. The company has since notified law enforcement and affected individuals.