Charter Comm breach, Sandworm hacks Ukraine, VMware exploits
Charter Communications says supplier breach exposed some customer data
Telecommunications company Charter Communications said one of its third-party providers suffered a security breach after data from the company surfaced on a hacking forum. On Thursday, a forum user posted information allegedly stolen from the company that includes the names, account numbers, addresses and more of about 550,000 customers. A Charter spokesperson stated, “at this time we do not believe that any customer-protected network information or customer data was included,” but did not respond to follow-up questions about which third-party provider was hacked, when the hack occurred, or when affected customers will be notified.
Russia’s Sandworm hackers blamed for another Ukrainian malware attack
Another destructive malware attack against Ukrainian targets last week was attributed by researchers at ESET to Sandworm, a group within the Russian General Intelligence Directorate, or GRU, behind a string of devastating malware attacks and hack-and-leak campaigns over the years. according to US authorities and private researchers. Although ESET did not identify the victim of last week’s attack, it “focused on a specific target” in the public sector, distributing a new data-wiping malware called “SwiftSlicer.”
Experts plan to release VMware vRealize log RCE exploit this week
Researchers from the Horizon3 Attack Team have announced the imminent release of PoC exploit code for remote code execution in VMware vRealize Log. VMware Aria Operations for Logs (formerly vRealize Log Insight) is a virtual log collection and analysis appliance that enables administrators to collect, view, manage, and analyze syslog data. Log Insight provides real-time monitoring of application logs, network traces, configuration files, messages and performance data. The availability of an exploit like the one announced by Horizon3’s attack team is bad news for organizations, a threat actor could develop their own version to gain access to target networks and perform a wide range of malicious activities.
Massive Microsoft 365 outage caused by WAN router IP change
Microsoft says last week’s five-hour Microsoft 365 worldwide outage was caused by a router IP address change that caused packet forwarding problems between all other routers in the Wide Area Network. The issue caused service impact in waves, peaking approximately every 30 minutes as shared on the Microsoft Azure service status page. In total, it took Redmond over five hours to resolve the issue. Microsoft now also revealed that the problem was triggered when the IP address of a WAN router was changed using a command that was not thoroughly checked and has different behavior on different network devices.
Thanks to this week’s episode sponsor, Hunters
Gootkit malware continues to evolve with new components and obfuscations
(The Hacker News)
Federal Reserve rejects crypto-focused bank’s application
The U.S. Federal Reserve on Friday rejected crypto-focused Custodia Bank’s application to join the Federal Reserve System, saying the bank’s proposed business model and focus on digital assets posed significant security and solvency risks. Custodia, which is based in Wyoming and is chartered through the state as a special purpose depository institution, lacked an adequate risk management framework to address the increased risks associated with crypto, the Fed said, including crypto’s potential use in money laundering and terrorist financing. . Custodia Bank CEO Caitlin Long said in a statement that the bank was “surprised and disappointed” by the Fed’s decision. “Custodia actively sought federal regulation, going beyond any requirements applicable to traditional banks,” she said.
ChatGPT now finds, fixes errors in the code
Researchers from Johannes Gutenberg University and University College London have found that ChatGPT can weed out errors with sample code and fix them better than existing programs designed to do the same. They provided 40 pieces of buggy code to four different code fixing systems. Essentially, they asked ChatGPT, “What’s wrong with this code?” and then copy and paste it into the chat function. On the first pass, ChatGPT performed about as well as the other systems, solving 19 of the 40 problems. They discovered that being able to chat with ChatGPT after receiving the first answer made all the difference, ultimately leading to ChatGPT solving 31 questions and easily outperforming the others, which produced more static answers.
Last week in ransomware
The FBI’s announcement of the disruption of the Hive ransomware operation dominated ransomware news last week. Since its launch in June 2021, Hive quickly became one of the most active and prominent ransomware operations. The FBI and its partners revealed that they had secretly hacked the organization’s servers in July 2022, monitored their communications, intercepted decryption keys and helped victims with free decryption. BleepingComputer also reported last week about Google ads being misused by ransomware access brokers who had previously collaborated with the Royal Ransomware gang by using the ads to access corporate networks. This incident serves as a reminder to always click on legitimate links in search results for software developers instead of using Google ads. Last week we also reported on Riot Games refusing to pay ransom for stolen source code, and PLAY ransomware hitting a major UK car dealership.
(Bleeping Computer and CISOSeries)