Weekly Cybersecurity Report | Week 12, 2024

As your dedicated cybersecurity services provider, Cyberone equips you with timely and in-depth information about current cyber attacks. Discover a weekly cybersecurity report of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape.

Weekly Cybersecurity Report | Week 12, 2024

Information security updates and events from the past week 

 

1 – Microsoft reports – the Russian Midnight Blizzard group managed to break into our corporate network, access source code and internal systems. 

Microsoft’s update follows the report published in January according to which hackers from Russia gained access to the email accounts of company executives. 

Microsoft is now reporting that through those email accounts the attackers obtained identification details, through which they later connected to the company’s internal systems and were exposed to sensitive information. 

Learn more: https://www.bleepingcomputer.com/news/microsoft/microsoft-says-russian-hackers-breached-its-systems-accessed-source-code/ 

2 – Several government offices in France suffer from a significant DDos attack. 

In a statement issued by the Prime Minister’s Office in France, it was stated that the attack damaged the availability of some services, but there is no fear of data theft. 

The Anonymous Sudan group is the one responsible for the attack while announcing that it has continuously attacked about 17k IP addresses and 300 domains. 

3 – The US Cyber and Infrastructure Protection Agency (CISA) reports that attackers were able to exploit a weakness in Ivanti’s product, break into the agency’s network and access two internal systems. 

CISA reports that as soon as it was detected, they disabled the systems immediately. 

The source with details reports that the attackers were able to access the Infrastructure Protection (IP) Gateway system and the Chemical Security Assessment Tool (CSAT) system. 

Both systems contain sensitive security information. 

CISA refused to confirm the above details. 

4 – Roku canceled unauthorized subscribers and refunded 15 thousand hacked accounts 

The company canceled unauthorized subscribers after discovering “suspicious activity”. 

The streaming TV giant with revenues of $3.4 billion a year, announced that from the end of December to the end of February, hackers managed to break into 15K accounts and sold them for $50 per account. 

“After gaining access, they changed Roku login information for accounts and, in a limited number of cases, attempted to purchase streaming subscriptions,” the company said. 

“However, accessing the accounts did not provide the attackers with access to social security numbers, full payment account numbers, dates of birth or similar sensitive personal information.” 

Roku’s security team forced password resets and investigated account activity to determine if the hackers made unauthorized charges, any unauthorized charges were reversed, and users were refunded. 

Because password reuse is so common, hackers have little trouble breaking into accounts on a variety of platforms.

5 – Researchers hacked Google A.I and made $50,000 

At Google’s LLM bugSWAT event in Las Vegas, researchers uncovered and reported bugs in the company’s Bard AI (formerly known as Gemini) and were awarded $50,000. 

The security flaws the researchers found allowed DoS attacks, extraction of user data and access to uploaded images belonging to a specific user. 

Learn more: https://cybersecuritynews.com/researchers-hacked-google/ 

6 – The ransomware attack on Xplain exposed 65,000 files containing data relevant to the Swiss federal government. 

The May 23 ransomware attack on Xplain affected tens of thousands of federal government files, Switzerland’s National Cyber Security Center (NCSC) said. 

Learn more: https://securityaffairs.com/160174/data-breach/xplain-data-breach-report.html 

7 – Canada’s anti-money laundering agency shut down after cyber attack 

The Financial Transactions and Reporting Analysis Center of Canada (FINTRAC) has announced that a “cyber incident” has forced it to shut down its corporate systems as a precaution. 

FINTRAC is a government agency in Canada that acts as the country’s financial intelligence unit. It deals with money laundering investigations, monitors millions of suspicious transactions every year and discloses thousands of revelations about the flow of illegal funds to the police. 

The agency issued a brief press statement on its website saying there was no access to the center’s classified intelligence or systems. 

Learn more: https://www.bleepingcomputer.com/news/security/canadas-anti-money-laundering-agency-offline-after-cyberattack/ 

8 – Stanford: 27,000 people’s data was stolen in a ransomware attack in September 

Stanford University says the personal information of 27,000 people was stolen in a ransomware attack that affected the Department of Public Safety (SUDPS) network. 

The university discovered the attack on September 27 and revealed a month later that it was investigating a cyber security incident affecting SUDPS systems. 

In an update issued Monday, Stanford said the attackers did not gain access to other systems outside of the Department of Public Safety’s network. 

Learn more: https://www.bleepingcomputer.com/news/security/stanford-data-of-27-000-people-stolen-in-september-ransomware-attack/ 

 

The attacks highlighted in this report aren’t just incidents; they’re blueprints of the adversary’s arsenal. To protect your business you need the right protection. Cyberone is here to help! Check out our services.