Rite Aid update, AT&T ransom laundered, Hacktivists leak Disney data

Rite Aid update, AT&T ransom laundered, Hacktivists leak Disney data

Subscribe to Cyber Security Headlines podcast

Spotify, Apple Podcasts, RSS link, add as an Alexa Skill, or search "Cyber Security Headlines" on your favorite podcast app.

In today’s cybersecurity news…

Rite Aid says ‘limited’ cybersecurity incident affected over 2 million people

Follow up on a story we brought to you on Monday on Cyber Security Headlines, Rite Aid revealed that sensitive information of 2.2 million people was exposed during a cyberattack it suffered in early June. Last week the company told Recorded Future News that the attack was a “limited cybersecurity incident.” Rite Aid said a hacker “impersonated a company employee to compromise their business credentials and gain access to certain business systems.” The company said it detected the incident within 12 hours and has restored its systems and plans to send “notices to impacted consumers.”

(The Record and Bleeping Computer)

AT&T ransom laundered through mixers and gambling services

Yesterday, we reported that a 5.72 Bitcoin (BT) ransom totaling roughly $370,000 was paid to a hacker that stole a massive trove of AT&T data. It turns out that those funds are now on the move. According to blockchain analysis company, TRM Labs, about $150,000 was diverted to wallets at two different centralized exchanges and a small deposit was made to a gambling service. TRM Labs did not name the exchanges, but law enforcement agencies are in a near constant game of whack-a-mole with these types of services. AT&T revealed that a hacker stole metadata from “nearly all” call logs and texts made by about 109 million AT&T customers over a six-month period in 2022. At least one of the hackers involved has been apprehended, according to AT&T’s regulatory filings. 

(The Record)

Hacktivists leak Disney data to protect artist rights

On Friday, hacktivist group NullBulge published a terabyte of Disney’s internal Slack channel data to the decentralised BitTorrent filesharing platform. The group claims the move is part of a protest against what they say is Disney’s anti-artist stance. NullBulge said it breached the Disney network when a developer installed a video game mod it had compromised. The group has been active since at least May and claims to “protect artists rights and ensure fair compensation for their work.” The group did not publicly request a ransom from Disney, and posted the first selection of stolen files almost immediately. 

(The Guardian)

Email addresses of 15 million Trello users leaked on hacking forum

Following up on a story we covered here on Cyber Security Headlines back in January, a threat actor known as ‘emo’ has released over 15 million Trello account email addresses. Trello is an online project management tool owned by Atlassian. emo confirmed the email addresses were collected using an unsecured REST API. While almost all of the data in these profiles is public information, each profile also contained a non-public email address associated with the account. emo shared the entire list of profiles on the Breached hacking forum for eight site credits worth just $2.32.

(Bleeping Computer)

And now a word from our sponsor, Conveyor

CISA warns critical GeoServer flaw is under attack

CISA said a 9.8 severity remote code execution flaw in GeoServer’s GeoTools plugin (CVE-2024-36401) is being actively exploited in the wild. GeoServer is an open-source server that allows users to share, process, and modify geospatial data. GeoServer disclosed the vulnerability on June 30th and said the flaw is caused by the GeoTools plugin unsafely evaluating property names. The project maintainers patched the flaw (in GeoServer versions 2.23.6, 2.24.4, and 2.25.2) and also offered workarounds but warned that the workarounds may break some GeoServer functionality. CISA now requires federal agencies to patch servers by August 5, 2024.

(Bleeping Computer and SecurityWeek)

EU and Ukraine strengthen cybersecurity partnership 

The 3rd EU-Ukraine Cyber Dialogue took place in Brussels on Monday with both parties reaffirming their commitment to responsible state behavior in cyberspace. Ukraine indicated it plans to align its legislation with the EU’s Network and Information Security (NIS) 2 Directive, strengthening critical infrastructure and supply chain resilience. Both sides also agreed to enhance sharing of intel on cyber threats, risks, and crisis management. Going forward, Ukraine may also leverage the EU Cybersecurity Reserve, a pool of cybersecurity experts readily deployable in crisis situations. Finally, multiple European institutions plan to provide targeted training for Ukrainian civilian and military personnel.

(The Cyber Express)

Microsoft to introduce new Windows ‘checkpoint’ updates

Microsoft has announced it plans to roll out checkpoint cumulative updates starting in late 2024 for systems running Windows Server 2025 and Windows 11, version 24H2 or later. This new type of update will deliver security fixes and new features via smaller, incremental differentials that include only changes added since the previous update. The goal is to save Windows users’ bandwidth, hard drive space, and, more importantly, the time spent installing new cumulative updates every month. Those who want to check out this new feature can join the Insider Dev Channel and install the corresponding Windows Insider Preview Build (26120.1252).

(Bleeping Computer)

Cloud security and PowerShell expertise emerge as key SOC analyst skills

According to a survey conducted by the SANS Institute, a series of hard skills have emerged as key to success of analysts working in enterprise security operations centers (SOCs). These include a knowledge of cloud security issues, PowerShell expertise, and the ability to automate repetitive tasks and systems management functions. The SANS survey polled 400 respondents from small, medium, and large companies globally. The responses showed that many SOCs continue to struggle with a lack of automation and orchestration of key functions, high-staffing requirements, a shortage of skilled staff, and a lack of visibility. They also reported a pervasive silo mentality among security, incident response, and operations teams. On the positive side, SOC analyst retention improved with 30% of respondents indicating the average tenure is between three and five years, compared to the one-to-three year tenures reported in previous SANS surveys.

(Dark Reading)

To view or add a comment, sign in

More articles by CISO Series

Insights from the community

Others also viewed

Explore topics