Charter Communications says vendor breach exposed some customer data
According to The Record, “Telecommunications company Charter Communications said one of its third-party vendors suffered from a security breach after data from the company showed up on a hacking forum.” This follows a posting last Thursday of PII of more for about 550,000 customers. A spokesperson for Charter stated, “at this time, we do not believe that any customer proprietary network information or customer financial data was included,” but did not respond to follow-up questions about what third-party vendor was hacked, when the hack occurred, or when affected customers will be notified.
Russia’s Sandworm hackers blamed in fresh Ukraine malware attack
A malware attack against Ukrainian targets last week has been attributed by researchers at ESET, to Sandworm, a group in the Russian Main Intelligence Directorate, or GRU, who is behind numerous destructive malware attacks and hack-and-leak campaigns over the years, according to the U.S. government and private researchers. Although ESET did not identify the victim of last week’s attack, it “focused on a specific target” in the public sector, deploying a new data wiping malware called “SwiftSlicer.”
Experts plan to release VMware vRealize log RCE exploit this week
As reported in Security Affairs, “researchers from the Horizon3 Attack Team have announced the impending release of PoC exploit code for remote code execution in VMware vRealize Log.” VMware Aria Operations for Logs was formerly named vRealize Log Insight, and is a log collection and analytics virtual appliance “that enables administrators to collect, view, manage and analyze syslog data. Log Insight provides real-time monitoring of application logs, network traces, configuration files, messages and performance data.” This exploit means a threat actor “can develop its own version to gain initial access to targets’ networks and perform a broad range of malicious activities.”
Massive Microsoft 365 outage caused by WAN router IP change
Last week’s five-hour-long Microsoft 365 worldwide outage was caused by a “router IP address change that led to packet forwarding issues between all other routers in its Wide Area Network,” said Microsoft. This resulted in impacts to service happening in waves, peaking approximately every 30 minutes. Microsoft also stated that “the issue was triggered when changing the IP address of a WAN router using a command that had not been thoroughly vetted and that has different behaviors on different network devices.”
Thanks to this week’s episode sponsor, Hunters
Gootkit malware continues to evolve with new components and obfuscations
The people behind Gootkit malware have updated toolkit to include new components and obfuscations to their infection chains. Mandiant, which is monitoring the activity as UNC2565, states “the usage of the malware is exclusive to this group.” Gootkit, which is also called Gootloader, moves through compromised websites that victims are duped into visiting “when searching for business-related documents like agreements and contracts, via SEO poisoning.” These fake documents are made available as ZIP archives that “harbor the JavaScript malware, which, when launched, paves the way for additional payloads such as Cobalt Strike Beacon, FONELAUNCH, and SNOWCONE.”
Federal Reserve rejects crypto-focused bank’s application
The Fed has rejected the application from crypto-focused Custodia Bank’s to become a member of the Federal Reserve System. It says its proposed business model and focus on digital assets presented significant safety and soundness risks. Custodia is based in Wyoming and is chartered there as a special purpose depository institution. The Fed pointed out it “lacked sufficient risk management framework to address the heightened risks associated with crypto,” , including the potential use for money laundering and terrorist financing activities. According to Reuters, “Custodia Bank Chief Executive Caitlin expressed surprise and disappointment by this Fed’s decision. “Custodia actively sought federal regulation, going above and beyond all requirements that apply to traditional banks,” she said.
(Reuters)
ChatGPT is now finding, fixing bugs in code
Researchers from Johannes Gutenberg University and University College London have found that ChatGPT can weed out errors with sample code and fix it better than existing programs designed to do the same. They gave 40 pieces of buggy code to four different code-fixing systems. Essentially, they asked ChatGPT: “What’s wrong with this code?” and then copy and pasted it into the chat function. On the first pass, ChatGPT performed about as well as the other systems, solving 19 out of the 40 problems. They discovered that the ability to chat with ChatGPT after receiving the initial answer made the difference, ultimately leading to ChatGPT solving 31 questions, and easily outperforming the others, which provided more static answers.
(PCMag)
Last week in ransomware
The FBI’s announcement of the disruption of the Hive ransomware operation dominated ransomware news last week. Since its launch in June 2021, Hive quickly became one of the most active and prominent ransomware operations. The FBI and its partners disclosed that they had secretly hacked the organization’s servers in July 2022,monitored their communications, intercepted decryption keys, and helped victims with free decryptors. BleepingComputer also reported last week on Google advertisements being abused by ransomware access brokers who had previously partnered with the Royal Ransomware gang using the ads for access to corporate networks. This incident serves as a reminder to always click on legitimate links in search results for software developers rather than using Google ads. Last week we also reported on Riot Games refusing to pay ransom for stolen source code, and PLAY ransomware hitting a big UK car dealer.
(Bleeping Computer and CISOSeries)