Charter Comm breach, Sandworm hacks Ukraine, VMware exploits

by · January 30, 2023

Charter Comm breach, Sandworm hacks Ukraine, VMware exploits

Charter Communications says supplier breach exposed some customer data

Telecommunications company Charter Communications said one of its third-party providers suffered a security breach after data from the company surfaced on a hacking forum. On Thursday, a forum user posted information allegedly stolen from the company that includes the names, account numbers, addresses and more of about 550,000 customers. A Charter spokesperson stated, “at this time we do not believe that any customer-protected network information or customer data was included,” but did not respond to follow-up questions about which third-party provider was hacked, when the hack occurred, or when affected customers will be notified.

(The record)

Russia’s Sandworm hackers blamed for another Ukrainian malware attack

Another destructive malware attack against Ukrainian targets last week was attributed by researchers at ESET to Sandworm, a group within the Russian General Intelligence Directorate, or GRU, behind a string of devastating malware attacks and hack-and-leak campaigns over the years. according to US authorities and private researchers. Although ESET did not identify the victim of last week’s attack, it “focused on a specific target” in the public sector, distributing a new data-wiping malware called “SwiftSlicer.”

See also  China is sitting on a pile of hacked US business and personal data, report finds

(Cyberscoop)

Experts plan to release VMware vRealize log RCE exploit this week

Researchers from the Horizon3 Attack Team have announced the imminent release of PoC exploit code for remote code execution in VMware vRealize Log. VMware Aria Operations for Logs (formerly vRealize Log Insight) is a virtual log collection and analysis appliance that enables administrators to collect, view, manage, and analyze syslog data. Log Insight provides real-time monitoring of application logs, network traces, configuration files, messages and performance data. The availability of an exploit like the one announced by Horizon3’s attack team is bad news for organizations, a threat actor could develop their own version to gain access to target networks and perform a wide range of malicious activities.

(Safety Matters)

Massive Microsoft 365 outage caused by WAN router IP change

Microsoft says last week’s five-hour Microsoft 365 worldwide outage was caused by a router IP address change that caused packet forwarding problems between all other routers in the Wide Area Network. The issue caused service impact in waves, peaking approximately every 30 minutes as shared on the Microsoft Azure service status page. In total, it took Redmond over five hours to resolve the issue. Microsoft now also revealed that the problem was triggered when the IP address of a WAN router was changed using a command that was not thoroughly checked and has different behavior on different network devices.

(Blueing computer)

Thanks to this week’s episode sponsor, Hunters

Hunters is a SOC platform, built for your security team. Hunters enables companies to go beyond SIEM with unlimited ingest and normalization of security data at a predictable cost. Using Hunters, a CISO at a leading online retailer tripled the amount of data ingested by her security team, while reducing costs from a legacy SIEM vendor by 75%. Visit hunters.ai to learn more.

Gootkit malware continues to evolve with new components and obfuscations

The threat actors associated with the Gootkit malware have made notable changes to their toolkit, adding new components and obfuscations to their infection chains. Google-owned Mandiant is monitoring the cluster of activity under the name UNC2565, noting that the use of malware is “exclusive to this group.” Gootkit, also called Gootloader, is spread through compromised websites that victims are tricked into visiting when searching for business-related documents such as agreements and contracts, via SEO poisoning. The alleged documents take the form of ZIP archives containing JavaScript malware, which, when launched, paves the way for additional payloads such as Cobalt Strike Beacon, FONELAUNCH and SNOWCONE.

See also  You need to play the most hardcore sci-fi platformer ASAP

(The Hacker News)

Federal Reserve rejects crypto-focused bank’s application

The U.S. Federal Reserve on Friday rejected crypto-focused Custodia Bank’s application to join the Federal Reserve System, saying the bank’s proposed business model and focus on digital assets posed significant security and solvency risks. Custodia, which is based in Wyoming and is chartered through the state as a special purpose depository institution, lacked an adequate risk management framework to address the increased risks associated with crypto, the Fed said, including crypto’s potential use in money laundering and terrorist financing. . Custodia Bank CEO Caitlin Long said in a statement that the bank was “surprised and disappointed” by the Fed’s decision. “Custodia actively sought federal regulation, going beyond any requirements applicable to traditional banks,” she said.

(Reuters)

ChatGPT now finds, fixes errors in the code

Researchers from Johannes Gutenberg University and University College London have found that ChatGPT can weed out errors with sample code and fix them better than existing programs designed to do the same. They provided 40 pieces of buggy code to four different code fixing systems. Essentially, they asked ChatGPT, “What’s wrong with this code?” and then copy and paste it into the chat function. On the first pass, ChatGPT performed about as well as the other systems, solving 19 of the 40 problems. They discovered that being able to chat with ChatGPT after receiving the first answer made all the difference, ultimately leading to ChatGPT solving 31 questions and easily outperforming the others, which produced more static answers.

(PCMag)

Last week in ransomware

The FBI’s announcement of the disruption of the Hive ransomware operation dominated ransomware news last week. Since its launch in June 2021, Hive quickly became one of the most active and prominent ransomware operations. The FBI and its partners revealed that they had secretly hacked the organization’s servers in July 2022, monitored their communications, intercepted decryption keys and helped victims with free decryption. BleepingComputer also reported last week about Google ads being misused by ransomware access brokers who had previously collaborated with the Royal Ransomware gang by using the ads to access corporate networks. This incident serves as a reminder to always click on legitimate links in search results for software developers instead of using Google ads. Last week we also reported on Riot Games refusing to pay ransom for stolen source code, and PLAY ransomware hitting a major UK car dealership.

See also  Reddit user uninstalls GTA 5 amid reports of PC hacking RCE exploits

(Bleeping Computer and CISOSeries)

Related posts:

  1. Brighton & Hove Albion
  2. Hackers who target online players and take over accounts to gain access to financial information
  3. 01 | December | 2022
  4. Canada 1 Morocco 2 LIVE RESULT: Ziyech & En Neysri secure Morocco TOP group F and setup last 16 match

Tags:

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *