AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 5/31/2024

 
Ukraine signs new security deals as it seeks long-term support from West 

Since the start of this week, Ukraine has signed security agreements with Spain, Belgium and Portugal, adding to a list that includes a dozen other nations. The signees are pledging to provide financial, humanitarian, military and cyber support to Kyiv in its fight against Russia. All of the nations are NATO members, but the deals have been negotiated bilaterally.  The security deals are “very important to Ukraine” because they guarantee long-term aid — including in cyberspace — while it waits to join NATO, said Oleksandr Potii, the deputy head of the country’s service of special communications and information protection (SSSCIP).  

 

Everbridge warns of corporate systems breach exposing business data 

Everbridge, an American software company focused on crisis management and public warning solutions, notified customers that unknown attackers had accessed files containing business and user data in a recent corporate systems breach. The company provides public warning, crisis management, and risk intelligence services to over 6,500 customers worldwide, including the U.S. Army, the Hartsfield-Jackson Atlanta International Airport, and the countries of Norway and Australia, among others. The attackers were detected on the company’s network last Tuesday, May 21. They breached Everbridge’s corporate systems using information collected in a previous phishing attack targeting some of its employees. 

 

Data of 560 million Ticketmaster customers for sale after alleged breach 

A threat actor known as ShinyHunters is selling what they claim is the personal and financial information of 560 million Ticketmaster customers on the recently revived BreachForums hacking forum for $500,000. The allegedly stolen databases, which were first put up for sale on the Russian hacking forum Exploit, supposedly contain 1.3TB of data and the customers’ full details (i.e., names, home and email addresses, and phone numbers), as well as ticket sales, order, and event information. They also contain customer credit card information, including hashed credit card numbers, the last four digits of the card numbers, credit card and authentication types, and expiration dates, with financial transactions spanning from 2012 to 2024. 

 

Largest ever operation against botnets hits dropper malware ecosystem 

Between 27 and 29 May 2024 Operation Endgame, coordinated from Europol’s headquarters, targeted droppers including, IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee and Trickbot. The actions focused on disrupting criminal services through arresting High Value Targets, taking down the criminal infrastructures and freezing illegal proceeds. This approach had a global impact on the dropper ecosystem. The malware, whose infrastructure was taken down during the action days, facilitated attacks with ransomware and other malicious software. Following the action days, eight fugitives linked to these criminal activities, wanted by Germany, will be added to Europe’s Most Wanted list on 30 May 2024. The individuals are wanted for their involvement in serious cybercrime activities. 

 

CISA Alerts Federal Agencies to Patch Actively Exploited Linux Kernel Flaw 

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a security flaw impacting the Linux kernel to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2024-1086 (CVSS score: 7.8), the high-severity issue relates to a use-after-free bug in the netfilter component that permits a local attacker to elevate privileges from a regular user to root and possibly execute arbitrary code. “Linux kernel contains a use-after-free vulnerability in the netfilter: nf_tables component that allows an attacker to achieve local privilege escalation,” CISA said. 

Related Posts