In today’s cybersecurity news…
Ingram Micro suffers ransomware attack
One of the world’s largest distributors of IT and cloud technologies we attacked on last Thursday, July 3, leaving it unable to manage Microsoft 365 and Dropbox licenses. Responsibility for the attack is being claimed by the ransomware group SafePay, which, according to security firm Fortra, was the most active ransomware crew in the world in May. In addition to encrypting company files, the group criticized the company for “mistakes made in setting up its corporate network.” Specifically, they said, “it was the misconfiguration of your network that allowed our experts to attack you, so treat this situation as simply as a paid training session for your system administrators.” Sources have told BleepingComputer that the group may have entered Ingram’s systems via its GlobalProtect VPN platform, however this is a developing story and much remains unconfirmed.
Hacker leaks Telefónica data allegedly from new breach
This breach on the Spanish telecom is not directly connected to the one suffered in January, this one which occurred on May 30, allegedly gave the hacker 12 hours of uninterrupted data exfiltration time. It was, however, conducted by a member of the Hellcat Ransomware group which was responsible for the January breach which traveled through an internal Jira development and ticketing server. This second attack also appears to have been made through a new Jira misconfiguration. This too is a developing story, with Telefónica remaining tight-lipped, while the hacker posts sample data that they claim is ne and not from the January attack.
ChatGPT prone to recommending wrong URLs, creating a new phishing opportunity
Threat researchers at Netcraft are warning of the propensity of LLMs to offer the wrong information when asked questions like, “can you help me find the official website to log in to my account” at such-and-such a brand?” They found that “the AI would produce the correct web address just 66 percent of the time. 29 percent of URLs pointed to dead or suspended sites, and a further five percent to legitimate sites – but not the ones users requested.” The Netcraft team points out that “phishers could ask for a URL and if the top result is a site that’s unregistered, they could buy it and set up a phishing site.” This is because LLMs look for words and associations, and do not evaluate a site’s reputation.
(The Register and Netcraft)
Huge thanks to our sponsor, Vanta
We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks.
But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that’s…a new way to GRC.
Get started at Vanta.com/headlines
NightEagle APT exploits Microsoft Exchange to Target China’s military and tech sectors
Researchers from a Chinese security team known as RedDrip are describing the threat actor as “targeting Microsoft Exchange servers as a part of a zero-day exploit chain designed to target government, defense, and technology sectors in China.” The APT is named NightEagle due to the swiftness of its actions such as switching network infrastructures, as well as striking at night in China. This latter attribute makes the researchers believe the threat actor is based in North America. The nature of the attack is in using a Go-based Chisel utility to achieve the intranet penetration function.”
Grafana releases critical security updates for Image Renderer plugin
Grafana Labs has “addressed four Chromium vulnerabilities in critical security updates for the Grafana Image Renderer plugin and Synthetic Monitoring Agent. Although the issues impact Chromium and were fixed by the open-source project two weeks ago, Grafana received a bug bounty submission from security researcher Alex Chapman proving their exploitability in the Grafana components.” The update is being described as a critical severity security release, three with CVSS scores of 8.8, and one of 8.1. These security problems impact the Grafana Image Renderer versions prior to 3.12.9, and the Synthetic Monitoring Agent versions before 0.38.3.
Taiwan alerts public on data risks from TikTok, Weibo, and RedNote
Taiwan’s National Security Bureau has issued a warning that China-developed applications like RedNote, Weibo, TikTok, WeChat, and Baidu Cloud “pose security risks due to excessive data collection and data transfer to China.” This follows an inspection of these apps carried out in coordination with the Ministry of Justice Investigation Bureau (MJIB) and the Criminal Investigation Bureau (CIB) under the National Police Agency. The agency “evaluated the apps against 15 indicators spanning five broad categories: Personal data collection, excessive permission usage, data transmission and sharing, system information extraction, and biometric data access.” RedNote violated all 15 indicators, followed by Weibo and TikTok that were found to breach 13 indicators. WeChat and Baidu Cloud violated 10 and 9 of the 15 indicators, respectively. These issues encompassed extensive collection of personal data, including facial recognition information, screenshots, clipboard contents, contact lists, and location information. All the apps have also been flagged for harvesting the list of installed apps and device parameters.”