Hackers use ISP to send malware through software updates
The hacking group known as both StormBamboo and Evasive Panda has been observed exploiting an internet service provider in order to “poison automatic software updates with malware.” The ISP itself has not been named, but researchers at Volexity say the gang “exploited insecure HTTP software update mechanisms that didn’t validate digital signatures to deploy malware payloads on victims’ Windows and macOS devices.” When certain applications sought out updates, the gang’s modified DNS addresses would serve up MACMA and POCOSTICK malware.
CrowdStrike sued by investors following update failure
The lawsuit claims that the company “provided false claims about its Falcon platform,” this following the massive failure of its security update on July 19. The failure caused its stock price to fall by almost 38%. Furthermore,, the plaintiffs claim that the outage “proves CrowdStrike’s claims that their cybersecurity platform is thoroughly tested and validated are false.” This particular action is a class action lawsuit submitted by the Plymouth County Retirement Association in the U.S. District Court of Austin. The group is seeking compensatory damages for its losses.
Historic prisoner swap includes cybercriminals returned to Russia
The prisoner exchange that freed 16 people from Russia, including Wall Street Journal reporter Evan Gershkovich and former U.S. Marine Paul Whelan, also included the release of convicted Russian cybercriminals Roman Seleznev and Vladislav Klyushin. Seleznev was involved in a number of under the alias “Track2” and “nCux.” He is also the son of a prominent member of the Russian Duma, the country’s parliament. Klyushin was “extradited to the U.S. for his involvement in an elaborate hack-to-trade scheme that netted approximately $93 million through securities trades based on confidential corporate information stolen from U.S. computer networks.”
Russian APT uses a car for sale as a phishing lure
Researchers from Palo Alto Networks are describing a recent campaign by the Russia-linked outfit Fancy Bear, also known as Fighting Ursa, that targeted diplomats in an attempt to distribute a backdoor malware named HeadLace. This style of campaign offering a car for sale has been successfully deployed by GRU-related groups in previous years. In this case, the group used a photo of Audi Q7 Quattro SUV from legitimate image hosting site ImgBB, advertising it as a “diplomatic car for sale,” and included fake contact details. This led to a malicious HTML page hosted on the legitimate webhook site actually called webhook.site. The Palo Alto Networks experts suggest the use of legitimate web services like this will be central to similar campaigns like this in the future.(Security Affairs)
Thanks to today’s episode sponsor, Vanta
Jerico Pictures faces class action regarding breach of PII of 3 billion people
This suit follows a hack that occurred in April in which a threat actor with the name USDoD offered to sell a database belonging to the background check company National Public Data on a dark web forum. Jerico Pictures Inc. is the company that operates as National Public Data. Experts state that this data breach could be among the biggest ever. National Public Data “gathers data on billions of individuals by scraping their personally identifying information from non-public sources. The plaintiff and class members state they did not knowingly provide their PII to the defendant.”
Hackers email customers of immigration firm after damaging cyberattack
The immigration firm, Sable International, has offices in the U.K., Australia, and South Africa. It suffered a cyberattack last week that has involved the release of personal data belonging to some of its clients. Sable staff shut down its servers, website, and transactional portal on Friday, and as of this recording, its main website is still unavailable. The BianLian ransomware gang has taken credit for the attack, and is reportedly contacting the company’s clients directly by email to add pressure to the situation. Sable’s operations are considered sensitive since they deal with visas to the U.K. as well as international business registrations, and tax filings.
Intel to cut 15,000 jobs in resizing and recovery effort
Following a loss in its second quarter, chipmaker Intel has announced a cut to its workforce of 15%, which amounts to 15,000 employees, “as it tries to cut billions of dollars in costs and turn its business around to compete with more successful rivals.” The bulk of these layoffs will happen this year.
CISA names Lisa Einstein as first Chief AI Officer
CISA stated, “the position was established to institutionalize our ongoing efforts to responsibly govern our own uses of AI and to ensure critical infrastructure partners develop and adopt AI in ways that are safe and secure.” Einstein has been in charge of CISA’s AI efforts since 2023, in the role of Senior Advisor for AI, and she has also served as the Executive Director of the CISA Cybersecurity Advisory Committee since 2022.