Hacking update 03/04/2024

A new malware threat was added to the cybercrime world by a subset of APT41. It was spotted deploying the UNAPIMON malware for stealthy operations. Employing LOLBins and custom tools, it targets diverse sectors globally. Meanwhile, a prolific threat actor continues to target different sectors in Latin America by deploying Venom RAT via phishing emails. Operating since 2018, the group has attacked various verticals in Spain, Mexico, and the U.S.

Several notable cyberattack victims, including Prudential Financial, OWASP Foundation, PandaBuy, and a British council, have surfaced in the past 24 hours. The OWASP incident endured for approximately eight years, with server misconfiguration identified as the root cause.

Top Breaches Reported in the Last 24 Hours

Shopping platform hack impacted millions

A threat actor claimed responsibility for hacking the PandaBuy online shopping platform, affecting the data of over 1.3 million customers. The breach involved exploiting critical vulnerabilities in PandaBuy’s platform and API. Stolen data includes user IDs, names, phone numbers, emails, login IPs, order details, addresses, and more. The leaked data is being sold on a cybercrime forum, with a sample provided as proof.

U.K City council compromised

Leicester City Council is held at ransom by the  INC Ransom group that claims to have stolen 3TB of data. The council continues to withhold comment on whether any data was compromised during the incident, citing ongoing criminal investigations. Services, including waste management and schooling, have been restored after a month-long shutdown.

Eight-year-long cyberattack unveiled

The OWASP Foundation, aiding software security globally, disclosed a breach due to an old Wiki server misconfiguration. It exposed members’ resumes containing names, emails, and addresses, spanning from 2006 to 2014. While most of the data was outdated, the Foundation later disabled directory browsing, securing resumes, and purging cache. OWASP reportedly ceased resume collection in 2014, prioritizing member security.

BlackCat hits Fortune 500 firm

In an update on the recent cyberattack, Prudential Financial revealed that over 36,000 individuals’ personal information was compromised by the Alphv/BlackCat ransomware group. The stolen data included names, addresses, driver’s license numbers, and non-driver identification card numbers. As per the investigation, an unauthorized third party gained access to its network in February and extracted customers’ personal information from infected systems.

Top Malware Reported in the Last 24 Hours

Massive phishing campaign deploys Venom RAT

The threat actor TA558 launched a significant phishing campaign targeting diverse sectors in Latin America, aiming to distribute Venom RAT. Sectors such as hospitality, travel, finance, manufacturing, and government in Spain, Mexico, the U.S., and other countries are being singled out. Through the campaign, attackers employ phishing emails to introduce the RAT which is equipped with functionalities for harvesting sensitive data and remotely controlling the infected systems.

Earth Freybug deploys UNAPIMON

Cyber espionage group Earth Freybug (aka APT41) recently launched a phishing campaign utilizing a new malware called UNAPIMON. The attack, reminiscent of previous campaigns, targeted various sectors across several countries. UNAPIMON, detected in the attack flow, utilizes DLL hijacking and API unhooking techniques to evade detection. The malware, deployed through batch files and service manipulation, prevents child processes from being monitored, allowing malicious activity to go undetected.

Top Vulnerabilities Reported in the Last 24 Hours

Vulnerability in Ibis Budget hotel kiosks

Swiss IT security assessment firm Pentagrid uncovered a security flaw in self check-in kiosks at Ibis Budget hotels across Europe, potentially exposing keypad access codes for room entry. Discovered in late 2023, the flaw allowed access to room numbers and keypad codes by entering dashes instead of booking IDs. While the vulnerability required physical access to the kiosk, it posed a risk for theft and raised concerns over the security of low-budget hotel rooms without safes.

Join our internship: Click here

News Source and Credit: Multiple online platform including the cyberexpress, The Register, Security affairs, Security week, The hacker news, trend micro, Pentagrid, Cyware

Leave a Comment

Your email address will not be published. Required fields are marked *