As your dedicated cybersecurity services provider, Cyberone equips you with timely and in-depth information about current cyber attacks. Discover a comprehensive overview of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape.
Weekly Cybersecurity Report | Week 5, 2024
1 – The Lockbit attack group announces that it hacked the Subway fast food chain
Subway is an American fast-food chain, with branches all over the world.
According to the company’s website, the chain has 36,821 restaurants in 102 countries and as of 2010 it is ranked as the largest fast-food chain in the world.
The Lockbit Group claims to have stolen hundreds of gigabytes of data, which it will sell to competitors if Subway does not meet their demands.
Meanwhile, Subway’s main website is not available and there is no official comment from the company on the issue.
https://cybersecuritynews.com/lockbit-ransomware-subway/
2 – Microsoft reports that hackers from Russia managed to break into some of the company’s systems and access the email accounts of senior executives, including those dealing in the cyber field.
Microsoft emphasizes that the attackers were not exposed to the information of the company’s customers.
Microsoft’s full report:
3 – The GitLab company warned against a zero-click vulnerability in its API system.
The vulnerability, CVE-2023-7028, allows attackers to take over GitLab accounts without having to enter passwords or code.
Almost a week, more than 5,300 servers in the network are exposed to these attacks.
The vulnerability could lead to the theft of sensitive data, such as passwords, API keys, and native code. The attackers can take advantage of the vulnerability to perform a variety of actions, such as: stealing sensitive data, using user accounts for other cyber-attacks or corrupting source code.
The recommendation for GitLab users to immediately update their API systems.
4 – Russian hackers hacked HPE security team email accounts
Hewlett Packard Enterprise (HPE) today disclosed that suspected Russian hackers known as Midnight Blizzard gained access to the company’s Microsoft Office 365 email environment to steal data from its cybersecurity team and other departments.
The Midnight Blizzard gang, aka Cozy Bear, APT29, is a Russian state-sponsored hacking group believed to be part of the Russian Intelligence Service (SVR). The threat actors have been linked to multiple attacks throughout the year, including the 2020 SolarWinds supply chain attack.
HPE says it was notified on December 12 that suspected Russian hackers breached its cloud-based email environment in May 2023.
5 – Global fintech company EquiLend is down after a recent cyber attack
New York-based global financial technology firm EquiLend says its operations have been disrupted after several systems were down in a cyber-attack on Monday.
Following the incident, the technology, data, and analytics company also detected unauthorized access to its network and is now working to restore all affected services.
“On January 22, 2024, EquiLend identified a technical issue that disabled portions of our systems,” an EquiLend spokesperson said today.
6 – Tesla Hacked, and 24 Day Zero Demos at Pwn2Own Automotive 2024
Security researchers hacked into a Tesla modem and collected $722,500 in bounties on the first day of Pwn2Own Automotive 2024 for three bug crashes and 24 unique zero-day exploits.
Team Synacktiv (@Synacktiv) took home $100,000 after successfully chaining together three zero-day bugs to gain Root privileges on a Tesla modem.
They also used two unique networks of two bugs to hack an Ubiquiti Connect EV station and a JuiceBox 40 Smart EV charging station, earning an additional $120,000.
7 – Major IT shutdown at Europe’s largest RV club
The Caravan and Motorhome Club of Great Britain (CAMC) is battling a suspected cyber-attack with members reporting widespread IT outages over the past five days.
The company, which describes itself as “Europe’s largest travel community, helping caravanners, motorcyclists and campers’ access more than 3,000 locations in the UK and Europe”, has alerted the UK’s Information Commissioner’s Office (ICO) to its situation, reporting that it is suffering from a major data security incident.
UK organizations must notify the ICO within 72 hours if they suffer a breach that could put people’s rights and freedoms at risk.
https://www.theregister.com/2024/01/24/major_it_outage_at_caravan/
8 – Water services giant Veolia North America was hit by a ransomware attack
Veolia North America, a subsidiary of the multinational conglomerate Veolia, disclosed a ransomware attack that affected the systems of part of its municipal water division and disrupted its bill payment systems.
After identifying the attack, Veolia implemented protective measures, temporarily disabling some systems to contain the breach.
The company is currently working with law enforcement and third-party forensic experts to assess the extent of the attack’s impact on its operations and systems.
9 – Massive cyber-attack targeting a Ukrainian bank
Hackers attacked Monobank, Ukraine’s largest mobile-only bank, with waves of denial-of-service (DDoS) attacks on January 21, company founder and CEO Ole Horchovsky reported.
According to Horchovsky, Monobank was targeted with 580 million service requests in one attack.
“I think today Monobank is one of the most attacked IT targets in the country,” he said and reported a DDoS attack of 50 million service requests the previous day, January 20.
While Horchowski said the situation was under control, he said another wave of attacks had begun as he was writing his message.
Horchovsky did not say who he believed was behind the attacks, although previous threats have been linked to Russian hackers.
https://news.yahoo.com/massive-cyberattack-targets-ukrainian-online-010639938.html
10 – Hackers steal $7.5 million from the US Department of Health through an email cyber attack
In a recent cybersecurity incident, hackers were able to steal millions of dollars from the US Department of Health and Human Services through a sophisticated spoofing attack.
The cybercriminals assumed the identities of legitimate fund recipients, skillfully communicating with Ministry of Health staff via e-mail to fraudulently obtain funds.
The cyberattack resulted in the unauthorized withdrawal of about $7.5 million of the agency’s funds, posing a significant challenge for security experts trying to recover the stolen assets.
11 – Jira platform down: The cyber-attack on Atlassian affects several cloud services, several Atlassian Jira products are experiencing a continuous outage since this morning.
Users of Jira Work Management, Jira Software, Jira Service Management, and Jira Product Discovery are experiencing connection issues.
As of an update in the last few hours, Atlassian implemented fixes that should resolve the issue and continues to monitor the incident.
12 – Guardio Labs discloses a critical vulnerability in the Opera browser
Guardio Labs, known for its browser security tools boasting over a million users, recently disclosed a critical zero-day vulnerability in the Opera family of browsers.
The company launched a report detailing these vulnerabilities called MyFlawCross Platform 0-Day RCE Vulnerability discovered in Opera browsers. The Opera family of browsers, notably the fourth most widely used browser in the world, has over 350 million active users.
The vulnerability originates from Opera’s “My-Flow” feature. This tool allows users to synchronize messages and files between using the mobile app and using a desktop browser.
https://securitybrief.in/story/guardio-labs-exposes-critical-vulnerability-in-opera-browser
The attacks highlighted in this report aren’t just incidents; they’re blueprints of the adversary’s arsenal. To protect your business you need the right protection. Cyberone is here to help! Check out our services.