Nearly 2.7 TB of sensitive data - 31.5 million invoices, contracts, HIPPA patient consent forms, and other business documents regarding numerous companies across industries - has been exposed to the public internet in a non-password protected database for an unknown amount of time. "Once I started seeing invoices, it was pretty clear what the risks were here, including invoice fraud," said information security researcher Jeremiah Fowler. READ MORE...
Texas Dow Employees Credit Union (TDECU) is notifying over 500,000 individuals that their personal information was compromised in the MOVEit campaign last year. Conducted by the Russian-speaking Cl0p ransomware group, the hack came to light on May 31, 2023, when Progress Software warned that hackers had exploited a zero-day in the MOVEit Transfer managed file transfer (MFT) software, tracked as CVE-2023-34362, to access customer data. READ MORE...
California-based Patelco Credit Union is informing customers and employees about a data breach after a ransomware group managed to steal databases containing personal information from its systems. Patelco is a member-owned, not-for-profit credit union that serves Northern California, particularly the San Francisco Bay Area. The organization revealed in a data breach notice on its website that it detected a ransomware attack involving unauthorized access to its databases on June 29. READ MORE...
A wave of attacks that started in July 2024 rely on a less common technique called AppDomain Manager Injection, which can weaponize any Microsoft .NET application on Windows. The technique has been around since 2017, and multiple proof-of-concept apps have been released over the years. However, it is typically used in red team engagements and seldomly observed in malicious attacks, with defenders not actively monitoring it. READ MORE...
A stealthy Linux malware named 'sedexp' has been evading detection since 2022 by using a persistence technique not yet included in the MITRE ATT&CK framework. The malware was discovered by risk management firm Stroz Friedberg, an Aon Insurance company, and enables its operators to create reverse shells for remote access and to further the the attack. "At the time of this writing, the persistence technique used (udev rules) is not documented by MITRE ATT&CK," the researchers note. READ MORE...
A threat actor with likely connections to North Korea's notorious Kimsuky group is distributing a new version of the open source XenoRAT information-stealing malware, using a complex infrastructure of command-and-control (C2) servers, staging systems, and test machines. The variant, that researchers at Cisco Talos are tracking as MoonPeak after discovering it recently, is under active development and has been constantly evolving in little increments over the past few months. READ MORE...
Newly discovered Android malware steals payment card data using an infected device's NFC reader and relays it to attackers, a novel technique that effectively clones the card so it can be used at ATMs or point-of-sale terminals, security firm ESET said. ESET researchers have named the malware NGate because it incorporates NFCGate, an open source tool for capturing, analyzing, or altering NFC traffic. READ MORE...