The Exim mail transfer agent has a critical security flaw that could allow threat actors to send malicious attachments to target users' inboxes. Exim is a free mail transfer agent used in hosts running Unix or Unix-like operating systems. According to Censys, 4,830,719 of the 6,540,044 public-facing SMTP mail servers run Exim. As of July 12, 2024, 1,563,085 Internet-accessible Exim servers run a vulnerable version. This article continues to discuss findings regarding the critical Exim mail server vulnerability.

A Nebraska federal judge has sentenced a Ukrainian national named Vyacheslav Igorevich Penchukov (known as "Tank" in the hacker community) to prison and ordered him to pay millions in restitution for his involvement in two malware schemes. In February, he pleaded guilty to charges associated with participating in the operation of the "Zeus" banking malware in the 2010s and later the "IcedID" malware. Penchukov was on the Federal Bureau of Investigation's (FBI) "Most Wanted" list for over a decade before his 2022 arrest in Switzerland and 2023 extradition to the US.

Security researchers at Patchstack have recently found a new vulnerability in the Backup and Staging by WP Time Capsule plugin, affecting versions 1.22.20 and below.  The researchers noted that the WordPress plugin, with over 20,000 active installations, facilitates website backups and update management through cloud-native file versioning systems. The flaw allowed unauthorized users to exploit a broken authentication mechanism, potentially gaining administrative access to affected sites.

According to security researchers at Have I Been Pwned, over 310 gigabytes of data from spyware maker mSpy, including 2.4 million unique emails, was leaked online in June.  The researchers noted that the data, reportedly leaked online by hacktivists, includes 142 GB of user data, such as email addresses, IP addresses, and names, obtained from support tickets filed by individuals seeking help to install the application.  An additional 176 GB of attachments, including screen captures of financial transactions, photos of credit cards, and selfies, were also leaked.

US telecom giant AT&T, which disclosed Friday that hackers had stolen the call records for tens of millions of its customers, allegedly paid a member of the hacking team more than $300,000 to delete the data.  The hacker, who is part of the notorious ShinyHunters hacking group, tells WIRED that AT&T paid the ransom in May.  The hacker provided the address for the cryptocurrency wallet that sent the currency to him, as well as the address that received it.

Rite Aid has recently fallen victim to ransomware actors after revealing a “limited” cybersecurity incident that occurred last month.  RansomHub has claimed to be behind the incident.  The group claims to have obtained 10GB of data from the pharmacy, equating to “45 million lines” of personal information on customers.  This information includes names, addresses, ID numbers, dates of birth, and Rite Aid reward numbers.  Rite Aid is the third-largest pharmacy chain in the US, with over 2000 locations countrywide and more than $24bn in revenue.

The "Akira" and "EstateRansomware" cybercrime groups have been exploiting a year-old Veeam Backup and Replication vulnerability to steal data. The exploited security flaw, tracked as CVE-2023-27532 with a CVSS score of 7.5, was patched in March 2023. Proof-of-Concept (PoC) code for the vulnerability was published shortly after, and the first exploitation of unpatched Veeam Backup and Replication instances was observed in April 2023. According to Veeam, the bug could be used to extract encrypted credentials stored in the configuration database.

NATO members have agreed to construct a new cyber defense facility to strengthen the military alliance and better combat digital threats. The new NATO Integrated Cyber Defense Centre (NICC) will include civilian and military experts from across member states and use advanced technology to improve situational awareness, cyber resilience, and defense. This article continues to discuss plans surrounding the new cyber defense facility.

A County in Indiana has recently filed a disaster declaration following a ransomware attack on local government networks, which has prevented the administration of critical services.  Clay County made the declaration after confirming the incident, which resulted in an inability to operate Clay County Courthouse and Clay County Probation/Community Corrections facilities.  No group has so far been identified as being behind the attack, which was first detected on July 9.