Security News > 2023 > October
More than 40,000 Cisco devices running the IOS XE operating system have been compromised after hackers exploited a recently disclosed maximum severity vulnerability tracked as CVE-2023-20198. Initial estimates of breached Cisco IOS XE devices were around 10,000 and the number started growing as security researchers scanned the internet for a more accurate figure.
Sandu Diaconu, the operator of the E-Root marketplace, has been extradited to the U.S. to face a maximum imprisonment penalty of 20 years for selling access to compromised computers. Last month, Diaconu consented to be extradited to the United States for wire fraud, money laundering, computer fraud, and access device fraud.
The introduction of Munchkin to BlackCat's already extensive and advanced arsenal makes the RaaS more attractive to cybercriminals seeking to become ransomware affiliates. After compromising a device, the threat actors install VirtualBox and create a new virtual machine using the Munchkin ISO. This Munchkin virtual machine includes a suite of scripts and utilities that allow the threat actors to dump passwords, spread laterally on the network, build a BlackCat 'Sphynx' encryptor payload, and execute programs on network computers.
Microsoft is extending Purview Audit log retention as promised after the Chinese Storm-0558 hacking group breached dozens of Exchange and Microsoft 365 corporate and government accounts in July.The changes to audit logging retention announced today will roll out to Microsoft Purview Audit customers with Standard licenses in the coming weeks, starting with enterprise tenants this month and government customers in November.
Japanese electronics giant Casio said miscreants broke into its ClassPad server and stole a database with personal information belonging to customers in 149 countries. As of October 18, the crooks accessed 91,921 items belonging to Japanese customers, including individuals and 1,108 educational institution customers, as well as 35,049 items belonging to customers from 148 other countries.
A Google Ads campaign was found pushing a fake KeePass download site that used Punycode to appear as the official domain of the KeePass password manager to distribute malware. Even worse, Google Ads can be abused to show the legitimate domain for Keepass in the advertisements, making the threat hard to spot even for more diligent and security-conscious users.
India's Central Bureau of Investigation raided 76 locations in a nationwide crackdown on cybercrime operations behind tech support scams and cryptocurrency fraud. The police operation, part of Operation Chakra-II, aims to dismantle cyber-enabled financial crime rings and is a collaborative effort involving international law enforcement agencies and tech companies such as Microsoft and Amazon, working alongside the Indian federal enforcement agency.
The Iranian hacking group tracked as MuddyWater breached at least twelve computers belonging to a Middle Eastern government network and maintained access for eight months between February and September 2023. The attacks observed by Symantec began on February 1, 2023, and utilize a wide assortment of malware, tools, and malicious activity that lasted for 8 months.
Law enforcement agencies have taken over RagnarLocker ransomware group's leak site in an internationally coordinated takedown. The takedown follows a concerted effort from law enforcement in recent years to shutter ransomware groups as their success continues to exceed previous records.
23andMe told The Reg: "We are aware that the threat actor involved in this investigation posted what they claim to be additional customer DNA Relative profile information. We are currently reviewing the data to determine if it is legitimate. Our investigation is ongoing and if we learn that a customer's data has been accessed without their authorization, we will notify them directly with more information." Golem posted a link to what was advertised as a trove of 1 million records of 23andMe profiles including Ashkenazi Jewish markers to BreachForums on October 2.