Cybersecurity Digest for 17 July 2024: Today we discuss: MuddyWater’s Latest Cyber Onslaught and a sneaky backdoor!

AT&T Pays Hackers – Was it Worth it?

An Update on RiteAid’s Data Breach

SEXi Ransomware group rebrands…. Meet APT INC!

mSpy Breach

SYS01 Stealer Malware: Malvertising across Social Media

15 Million Trello Email Addresses Leaked

Google’s 23 Billion to acquire Wiz

Octo Tempest, AKA Scattered Spider adds new ransomware payloads

CISA adds one new vulnerability to its Known Exploited Catalog

Articles Referenced in the Show in the order they appear:

CheckPoint Research Bugsleep Backdoor:

New BugSleep Backdoor Deployed in Recent MuddyWater Campaigns - Check Point Research

AT&T Paid Threat Actor:

AT&T Paid a Hacker $370,000 to Delete Stolen Phone Records | WIRED

RiteAid Update: Rite Aid says June data breach impacts 2.2 million people (bleepingcomputer.com) SEXi Rebranding:

SEXi ransomware rebrands to APT INC, continues VMware ESXi attacks (bleepingcomputer.com)

Mspy Data Breach:

Mspy data breach exposes millions of customers' information (candid.technology)

Malvertising in Facebook, LinkedIn, and YoutTube: Facebook Malvertising Epidemic – Unraveling a Persistent Threat: SYS01 (trustwave.com)

Malvertising_Research.pdf (trustwave.com)

Trello Leak:

Email addresses of 15 million Trello users leaked on hacking forum (bleepingcomputer.com)

Wiz Acquisition:

Exclusive | Google Near $23 Billion Deal for Cybersecurity Startup Wiz - WSJ

Microsoft Tweet Thread: Microsoft Threat Intelligence on X

CISA KEV Addition: NVD - CVE-2024-36401 (nist.gov)

Today’s Episode Topics for 15 July 2024

• AT&T Data Leaks
• 70%+ of public facing servers could be Vulnerable
• Apple warns iPhone customers of spyware in certain countries
• Netgear patches a Stored XSS Vulnerability
• A look at CrystalRay
• RiteAid hit with a data breach
• Disney’s Internal Slack possibly leaked
• Is your organization able to keep up with hackers?

Articles Referenced in the Show in the order they appear: AT&T Data Leak:

AT&T 8-K Filing

Exim Vulnerability:

Censys Exim MTA Vulnerability

Apple Warns of Spyware:

Apple warns iPhone users in 98 countries of spyware attacks | TechCrunch

NSO – Darknet Diaries

Netgear Vulnerability:

Netgear Security Advisory

Sysdig Report on CRYSTALRAY:

CRYSTALRAY: Inside the Operations of a Rising Threat Actor Exploiting OSS Tools | Sysdig

RiteAid Data Breach:

Rite Aid confirms data breach after June ransomware attack (bleepingcomputer.com)

Disney Internal Slack possibly leaked: NullBulge's Post

Vx-underground's Post

Cloudfare Applicattion Security Report 2024:

Application Security report: 2024 update (cloudflare.com)

If you like our show, please share it with others who you think would enjoy it. Also feel free to check out www.thecybersecuritydigest.com to find all of the locations you can listen to us. Please leave us a rating if you have found this show helpful, as it helps us out tremendously. Thank you!

This week we talk about

• Microsoft patches 140+ vulnerabilities including 2 zero days, in Patch Tuesday;
• Adobe patches critical issues in several of its products,
• 10 Billion Passwords leaked,
• 39,000 Ticket master tickets leaked,
• Chinese APT 40 hiijack routers
• Hackers are Targeting Wordpress plugins,
• A new attack bypasses RADIUS authentication
• CISA adds 3 new CVEs to its KEV
• and more in this episode

Articles Mentioned In Order they appear in the Show: July 2024 Security Updates - Release Notes - Security Update Guide - Microsoft

Windows MSHTML zero-day used in malware attacks for over a year (bleepingcomputer.com)

Resurrecting Internet Explorer: Threat Actors Using Zero-day Tricks in Internet Shortcut File to Lure Victims (CVE-2024-38112) - Check Point Research

Whispers of Atlantida: Safeguarding Your Digital Treasure | Rapid7 Blog

Adobe Product Security Incident Response Team (PSIRT) RockYou2024: 10 billion passwords leaked in the largest compilation of all time | Cybernews

Hackers leak 39,000 print-at-home Ticketmaster tickets for 154 events (bleepingcomputer.com)

Advance Auto Parts data breach impacts 2.3 million people (bleepingcomputer.com) APT40 Advisory | Cyber.gov.au

$3,094 Bounty Awarded and 150,000 WordPress Sites Protected Against Arbitrary File Upload Vulnerability Patched in Modern Events Calendar WordPress Plugin (wordfence.com)

VU#456537 - RADIUS protocol susceptible to forgery attacks. (cert.org)

BLAST RADIUS Palo Alto Networks Patches Critical Flaw in Expedition Migration Tool (thehackernews.com) GitLab Critical Patch Release: 17.1.2, 17.0.4, 16.11.6 | GitLab

Notable CISA KEV Additions:

NVD - CVE-2024-23692 (nist.gov) NVD - CVE-2024-38080 (nist.gov) NVD - CVE-2024-38112 (nist.gov)

With the cyber threat landscape ever evolving it can be challenging to stay up to date on the latest cybersecurity developments. There are so many fantastic security news sites and blogs out there. However, due to the sheer number of resources, I found it difficult to read them all and I wished there was a consistent way for me to listen to the latest security news…… that’s where the Cybersecurity Digest comes in. The goal of this show is to bring you a summary of the latest news, trends, and information relevant in the cybersecurity community. The hope is that the information you get from the show will help you stay well-informed and ahead of the adversaries out there. If this sounds like something you are interested in listening to, please give us a follow or subscribe and stay tuned for our upcoming first episode! Until Next time… Stay Informed to Stay Secure!