"Turla Group Deploys LunarWeb and LunarMail Backdoors in Diplomatic Missions"
"Turla Group Deploys LunarWeb and LunarMail Backdoors in Diplomatic Missions"
Two previously undocumented backdoors, "LunarWeb" and "LunarMail," targeted an unnamed European Ministry of Foreign Affairs (MFA) and its three diplomatic missions in the Middle East. ESET attributed the activity to the Russia-aligned cyber espionage group "Turla" with medium confidence, citing tactical overlaps with previous campaigns. Turla, an Advanced Persistent Threat (APT) found to be affiliated with Russia's Federal Security Service (FSB), has been active since at least 1996. It has targeted government, embassies, military, education, research, and pharmaceutical industries.
"900k Impacted by Data Breach at Mississippi Healthcare Provider"
"900k Impacted by Data Breach at Mississippi Healthcare Provider"
Mississippi healthcare provider Singing River Health System (SRHS) recently notified roughly 900,000 individuals that their personal information was compromised in an August 2023 ransomware attack. SRHS revealed that its systems were compromised on August 16, 2023, while ransomware was deployed three days later, on August 19. SRHS noted that during this timeframe, the attackers accessed personal information such as names, addresses, dates of birth, Social Security numbers, and health and medical information.
"How Attackers Deliver Malware to Foxit PDF Reader Users"
"How Attackers Deliver Malware to Foxit PDF Reader Users"
According to Check Point researchers, threat actors are exploiting Foxit PDF Reader's flawed alerts to deliver malware via booby-trapped PDFs. The researchers analyzed several campaigns involving malicious PDF files targeting Foxit Reader users. The attackers use various .NET and Python exploit builders, with the "PDF Exploit Builder" being the most popular. They create PDF documents with macros that execute commands/scripts. These download and execute "Agent Tesla," "Remcon RAT," "Xworm," "NanoCore RAT," and other malware.
"NIST Finalizes Updated Guidelines for Protecting Sensitive Information"
"NIST Finalizes Updated Guidelines for Protecting Sensitive Information"
The National Institute of Standards and Technology (NIST) has finalized its updated guidelines for protecting Controlled Unclassified Information (CUI) in two publications titled "Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations" and "Assessing Security Requirements for Controlled Unclassified Information." Contractors and other organizations doing business with the federal government now have clearer guidance for protecting the sensitive data they handle.
"Female Health Apps Misuse Highly Sensitive Data, Study Finds"
"Female Health Apps Misuse Highly Sensitive Data, Study Finds"
New research from King's College London and University College London (UCL) delved into the poor data handling practices followed by apps designed for female health monitoring, which put users at risk of privacy and safety issues.
"FBI Seize BreachForums Hacking Forum Used to Leak Stolen Data"
"FBI Seize BreachForums Hacking Forum Used to Leak Stolen Data"
The Federal Bureau of Investigation (FBI) has seized BreachForums, a forum that leaked and sold corporate data to cybercriminals. The seizure follows the leak of Europol law enforcement portal data on the website. BreachForums now shows a message saying the FBI controls the website and its backend data, suggesting that its servers and domains were seized. Gaining access to the hacking forum's backend data could help in law enforcement investigations due to the exposure of email addresses, IP addresses, and private messages between members.
"Santander Customer Data Compromised Following Third-Party Breach"
"Santander Customer Data Compromised Following Third-Party Breach"
Banking giant Santander has recently announced that customer and employee data has been breached following a compromise of a third-party provider. The bank revealed that “certain information” relating to customers of Santander Chile, Spain, and Uruguay, as well as all current and some former Santander employees of the group, had been accessed by hackers. Customer data in all other Santander markets and businesses have not been affected. Santander said the breach was caused by threat actors’ unauthorized access to a Santander database hosted by a third-party provider.
"400,000 Linux Servers Hit by Ebury Botnet"
"400,000 Linux Servers Hit by Ebury Botnet"
According to ESET, the Ebury Linux botnet has continued to grow over the past decade, with about 100,000 systems found to be infected at the end of 2023. Ebury, a botnet discovered in 2014, survived a takedown attempt and Maxim Senakh's sentencing for his involvement in the botnet's operation. Ebury is an OpenSSH backdoor and credential stealer that has continually been updated. It has infected over 400,000 hosts since 2009 for financial gain.