The CyberWire Daily Briefing
"AT&T discloses breach affecting nearly every customer."
Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents. Accessed on 12 July 2024, 2332 UTC.
Content and Source: https://thecyberwire.com/newsletters/daily-briefing/13/132
Please check link or scroll down to read your selections. Thanks for joining us today.
Russ Roberts (https://www.hawaiicybersecurityjournal.net).
Daily Briefing for 07.12.24
SUMMARY
At a glance.
- AT&T discloses breach affecting nearly every customer.
- Advance Auto Parts breach affected 2.3 million job applicants.
- CRYSTALRAY abuses open-source security tools to compromise 1,500 victims.
- AT&T discloses breach affecting nearly every customer.
- Advance Auto Parts breach affected 2.3 million job applicants.
- CRYSTALRAY abuses open-source security tools to compromise 1,500 victims.
AT&T discloses breach affecting nearly every customer.
AT&T has disclosed that a threat actor stole phone call and text message records from nearly every AT&T customer (approximately 109 million people) between May and October of 2022. The company stated, "These records identify other phone numbers that an AT&T wireless number interacted with during this time, including AT&T landline (home phone) customers. For a subset of the records, one or more cell site ID numbers associated with the interactions are also included. At this time, we do not believe the data is publicly available. We continue to work with law enforcement in their efforts to arrest those involved. Based on information available to us, we understand that at least one person has been apprehended."
TechCrunch reports that the breach occurred after a threat actor gained access to AT&T's Snowflake cloud storage account. Snowflake hired Mandiant several weeks ago to investigate a widespread hacking campaign targeting Snowflake accounts with stolen credentials, and Mandiant attributed the campaign to the cybercriminal group UNC5537.
If you're on the front line, we've got your back.Mark your calendar for mWISE™, the unique cybersecurity conference from Mandiant, now part of Google Cloud. Built by practitioners for practitioners, it runs from September 18–19, 2024 in Denver, Colorado.
What makes mWISE different from other cybersecurity conferences? It’s a targeted event with hands-on learning for frontline practitioners. The intimate setting allows you to make one-on-one connections with leaders in the field. And best of all, it’s focused on learning without the sales pitches.
AT&T has disclosed that a threat actor stole phone call and text message records from nearly every AT&T customer (approximately 109 million people) between May and October of 2022. The company stated, "These records identify other phone numbers that an AT&T wireless number interacted with during this time, including AT&T landline (home phone) customers. For a subset of the records, one or more cell site ID numbers associated with the interactions are also included. At this time, we do not believe the data is publicly available. We continue to work with law enforcement in their efforts to arrest those involved. Based on information available to us, we understand that at least one person has been apprehended."
TechCrunch reports that the breach occurred after a threat actor gained access to AT&T's Snowflake cloud storage account. Snowflake hired Mandiant several weeks ago to investigate a widespread hacking campaign targeting Snowflake accounts with stolen credentials, and Mandiant attributed the campaign to the cybercriminal group UNC5537.
Mark your calendar for mWISE™, the unique cybersecurity conference from Mandiant, now part of Google Cloud. Built by practitioners for practitioners, it runs from September 18–19, 2024 in Denver, Colorado.
What makes mWISE different from other cybersecurity conferences? It’s a targeted event with hands-on learning for frontline practitioners. The intimate setting allows you to make one-on-one connections with leaders in the field. And best of all, it’s focused on learning without the sales pitches.
Advance Auto Parts breach affected 2.3 million job applicants.
Advance Auto Parts is notifying 2.3 million people that their personal data was stolen after a threat actor breached the company's Snowflake account, BleepingComputer reports. The breach notification states, "Our investigation determined that an unauthorized third party accessed or copied certain information maintained by Advance Auto Parts from April 14, 2024, to May 24, 2024...The personal information about you involved in this incident may include your name and the following: Social Security number, driver’s license or other government issued identification number, and date of birth. This information was collected as part of the Advance Auto Parts job application process."
Attention all security professionals! Want real-time IP intelligence at your fingertips?Sign up for Scout Insight's free trial today! Get immediate insights into threats, search any IP with no training required, and enjoy intuitive graphical results. Whether you need to identify compromised hosts or enrich Splunk queries, Scout Insight has you covered. Don’t wait – accelerate your threat response now. Visit team-cymru.com/cyberwire to start your free trial!
Advance Auto Parts is notifying 2.3 million people that their personal data was stolen after a threat actor breached the company's Snowflake account, BleepingComputer reports. The breach notification states, "Our investigation determined that an unauthorized third party accessed or copied certain information maintained by Advance Auto Parts from April 14, 2024, to May 24, 2024...The personal information about you involved in this incident may include your name and the following: Social Security number, driver’s license or other government issued identification number, and date of birth. This information was collected as part of the Advance Auto Parts job application process."
Sign up for Scout Insight's free trial today! Get immediate insights into threats, search any IP with no training required, and enjoy intuitive graphical results. Whether you need to identify compromised hosts or enrich Splunk queries, Scout Insight has you covered. Don’t wait – accelerate your threat response now. Visit team-cymru.com/cyberwire to start your free trial!
CRYSTALRAY abuses open-source security tools to compromise 1,500 victims.
Sysdig has published a report on "CRYSTALRAY," a threat actor that's compromised more than 1,500 victims using a combination of open-source tools, including zmap, asn, httpx, nuclei, platypus, and SSH-Snake. The threat actor's "motivations are to collect and sell credentials, deploy cryptominers, and maintain persistence in victim environments." The researchers note, "Rather than massive internet-wide ipv4 scans or very specific IP targets, CRYSTALRAY creates a range of IPs for specific countries to launch scans with more precision than a botnet, but less precision than an APT or ransomware attack. The United States and China combined for over 54% of the known targets."
Sysdig has published a report on "CRYSTALRAY," a threat actor that's compromised more than 1,500 victims using a combination of open-source tools, including zmap, asn, httpx, nuclei, platypus, and SSH-Snake. The threat actor's "motivations are to collect and sell credentials, deploy cryptominers, and maintain persistence in victim environments." The researchers note, "Rather than massive internet-wide ipv4 scans or very specific IP targets, CRYSTALRAY creates a range of IPs for specific countries to launch scans with more precision than a botnet, but less precision than an APT or ransomware attack. The United States and China combined for over 54% of the known targets."
Notes.
Today's issue includes events affecting China, Germany, and the United States.
SELECTED READING
Today's issue includes events affecting China, Germany, and the United States.
Attacks, Threats, and Vulnerabilities
Beware of Phishing Attack that Abuses SharePoint Servers (Cyber Security News) A massive phishing campaign exploits Microsoft SharePoint servers to host malicious PDFs containing phishing links.
FIN7: Silent Push unearths the largest group of FIN7 domains ever discovered. 4000+ IOFA domains and IPs found. Louvre, Meta, and Reuters targeted in massive global phishing and malware campaigns. (Silent Push) FIN7: Silent Push unearths 4000+ phishing and shell domains. Meta, Reuters, Louvre targeted in phishing and fake browser extension campaigns.
ARRL finally confirms ransomware gang stole data in cyberattack (BleepingComputer) The American Radio Relay League (ARRL) finally confirmed that some of its employees' data was stolen in a May ransomware attack initially described as a "serious incident."
Beware of Phishing Attack that Abuses SharePoint Servers (Cyber Security News) A massive phishing campaign exploits Microsoft SharePoint servers to host malicious PDFs containing phishing links.
FIN7: Silent Push unearths the largest group of FIN7 domains ever discovered. 4000+ IOFA domains and IPs found. Louvre, Meta, and Reuters targeted in massive global phishing and malware campaigns. (Silent Push) FIN7: Silent Push unearths 4000+ phishing and shell domains. Meta, Reuters, Louvre targeted in phishing and fake browser extension campaigns.
ARRL finally confirms ransomware gang stole data in cyberattack (BleepingComputer) The American Radio Relay League (ARRL) finally confirmed that some of its employees' data was stolen in a May ransomware attack initially described as a "serious incident."
Security Patches, Mitigations, and Software Updates
Signal downplays encryption key flaw, fixes it after X drama (BleepingComputer) Signal is finally tightening its desktop client's security by changing how it stores plain text encryption keys for the data store after downplaying the issue since 2018.
Signal downplays encryption key flaw, fixes it after X drama (BleepingComputer) Signal is finally tightening its desktop client's security by changing how it stores plain text encryption keys for the data store after downplaying the issue since 2018.
Legislation, Policy, and Regulation
Germany to Strip Huawei From Its 5G Networks (NYTimes) Major telecom companies agreed to stop using critical components made by Chinese companies in their mobile infrastructure by 2029.
INDUSTRY EVENTSFor a complete running list of events, please visit the Event Tracker.
Germany to Strip Huawei From Its 5G Networks (NYTimes) Major telecom companies agreed to stop using critical components made by Chinese companies in their mobile infrastructure by 2029.
For a complete running list of events, please visit the Event Tracker.
Events
SANSFIRE Washington, DC 2024 (Washington (or virtual), DC, USA, Jul 15 - 20, 2024) At SANSFIRE Washington, DC 2024, choose from 48 interactive courses with hands-on labs. Practice your skills and compete against your peers during NetWars Tournaments, and network with your instructor and industry colleagues in real-time. Each course includes electronic and printed books, and several courses align with GIAC certifications!
SecureWorld Artificial Intelligence Virtual Conference (Virtual, Jul 24, 2024) Join with cybersecurity professionals for training and information sharing through an interactive online experience. Earn 6 CPE credits learning from nationally recognized industry leaders. The agenda offers 12+ educational presentations, including panel discussions, breakout sessions, and keynotes. Connect with your peers in the Networking Lounge, enter to win prizes, and see demos and resources from top solution vendors in the Exhibitor Hall.
Insider Risk Management Program Evaluation & Optimization Training Course (Laurel, Maryland, USA, Jul 29 - 30, 2024) This highly sought after and very comprehensive training course, will ensure that the Insider RIsk Program Manager / Insider Threat Program (ITP) Manager and other key stakeholders that support the ITP, have the Core / Advanced Knowledge, Blueprint, Resources needed for developing, managing or optimizing a program. Students will be provided with an ITP Management Toolkit that provides an abundance of educational resources, templates and checklists for ITP development, management and optimization. Our student satisfaction levels are in the exceptional range. The Insider Threat Defense Group is so confident about our training courses that they come with a money back training guarantee.
SPONSOR & SUPPORTGrow your brand, generate leads, and fill your funnel.With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust the CyberWire to get the message out. Learn more.
SANSFIRE Washington, DC 2024 (Washington (or virtual), DC, USA, Jul 15 - 20, 2024) At SANSFIRE Washington, DC 2024, choose from 48 interactive courses with hands-on labs. Practice your skills and compete against your peers during NetWars Tournaments, and network with your instructor and industry colleagues in real-time. Each course includes electronic and printed books, and several courses align with GIAC certifications!
SecureWorld Artificial Intelligence Virtual Conference (Virtual, Jul 24, 2024) Join with cybersecurity professionals for training and information sharing through an interactive online experience. Earn 6 CPE credits learning from nationally recognized industry leaders. The agenda offers 12+ educational presentations, including panel discussions, breakout sessions, and keynotes. Connect with your peers in the Networking Lounge, enter to win prizes, and see demos and resources from top solution vendors in the Exhibitor Hall.
Insider Risk Management Program Evaluation & Optimization Training Course (Laurel, Maryland, USA, Jul 29 - 30, 2024) This highly sought after and very comprehensive training course, will ensure that the Insider RIsk Program Manager / Insider Threat Program (ITP) Manager and other key stakeholders that support the ITP, have the Core / Advanced Knowledge, Blueprint, Resources needed for developing, managing or optimizing a program. Students will be provided with an ITP Management Toolkit that provides an abundance of educational resources, templates and checklists for ITP development, management and optimization. Our student satisfaction levels are in the exceptional range. The Insider Threat Defense Group is so confident about our training courses that they come with a money back training guarantee.
Comments
Post a Comment
Please leave a comment about our recent post.