Weekly Cybersecurity Report | Week 46, 2024

As your dedicated cybersecurity services provider, Cyberone equips you with timely and in-depth information about current cyber attacks. Discover a weekly cybersecurity report of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape.

Weekly Cybersecurity Report | Week 46, 2024

Information security updates and events from the past week 

1 – The Dutch company Ahold Delhaize, which operates hundreds of supermarkets around the world, reports extensive disruptions following a cyber-attack.

Ahold Delhaize is one of the largest food companies in the world, in 2023 the company reported net revenues of more than 24 billion dollars.

In the report published by the company, it updates that some of the company’s websites are unavailable due to a cyber-attack and as a result, it is not possible to place online orders, etc.

At this point, no infidel group has claimed responsibility for the attack.

2 – Attacker publishes information of Amazon employees and 20+ other companies.

The attacker allegedly obtained the information through the weakness in the MOVEit system

It is not clear why the information was not published until now and whether there is a connection between the attacker and the CL0P group that exploited the weakness in MOVEit widely and attacked hundreds of companies.

The Hudson Rock company published an extended post about the leaking information.

I am attaching part of the list of companies and the number of records that the attacker published:

Amazon — 2,861,111 records

Cardinal Health — 407,437 records

HSBC — 280,693 records

U.S. Bank — 114,076 records

HP — 104,119 records

Delta Airlines — 57,317 records

Applied Materials (AMAT) — 53,170 records

Lenovo — 45,522 records

British Telecom (BT) — 15,347 records

3 – Local councils are increasingly becoming targets for cyber-attacks, as they manage valuable data and vital public infrastructure

The City of Sheboygan, Wisconsin, is reporting a serious cyber-attack involving unauthorized access to its network and a ransom demand

The city of Sheboygan (Sheboygan) in Wisconsin, is on the eastern shore of Lake Michigan, a port and transportation city. The city is known for diverse industries such as food, tools, and engineering and has approximately 49,000 residents as of 2023.

Officials in the municipality published that based on the findings there is no evidence that sensitive personal information was compromised, the municipality undertook to inform each person if the investigation reveals Walspec escorts accordingly

4 – Halliburton disclosed that a ransomware attack in August led to $35 million in losses after the breach caused the company to disable IT systems and disconnect customers.

Halliburton is a global supplier of products and services to the energy industry, offering a variety of solutions for oil and gas reservoirs, including exploration, development and production.

The company operates in 70 countries, employs 48,000 people and reports revenues that exceeded 23.02 billion dollars.

5 – Unpatched vulnerabilities allow hacking Mazda ZDI cars

Vulnerabilities in the infotainment system of multiple Mazda car models could allow attackers to execute arbitrary code with root privileges, Trend Micro’s Zero Day Initiative (ZDI) warns.

The problems, according to ZDI, exist because the Mazda Connect Connectivity Master Unit (CMU) system does not properly validate user-supplied input, which could allow an attacker to physically send commands to the system by plugging in a specially crafted USB device.

The CMU, which has released software updates to change its operations, is manufactured by Visteon and runs software originally developed by Johnson Controls.

According to ZDI, the flaws, identified in software version 74.00.324A, can be used together to “achieve complete and continuous control of the infotainment system.” Earlier software iterations may also be affected. Mazda 3 year 2014-2021 and other vehicle models are affected.

https://www.securityweek.com/unpatched-vulnerabilities-allow-hacking-of-mazda-cars-zdi/

6 – Texas oil field supplier Newpark was hit by Ransomware

Newpark Resources announced this week that access to certain information systems and business applications was disrupted following a ransomware attack.

The incident was discovered on Oct. 29 and a cybersecurity response plan was put in place immediately, the Texas-based supplier of drilling fluid systems and systems for the oilfield sector said in a filing with the Securities and Exchange Commission (SEC).

“The incident caused disruptions and limited access to some of the company’s information systems and business applications that support aspects of the company’s activity and organizational functions, including financial and operational reporting systems,” Newpark said.

According to the company, going beyond shutdown procedures allowed it to continue production and field operations without interruption.

 The attacks highlighted in this report aren’t just incidents, they’re blueprints of the adversary’s arsenal. To protect your business you need the right partner. Cyberone is here to help! Check out our services.