Life360 faces extortion attempt after Tile data breach
Life360, the parent company of Tile, a bluetooth tracking device reported an extortion attempt following a data breach in Tile’s customer support platform. The breach reportedly exposed personal information including names, addresses, email addresses, and phone numbers but did not compromise sensitive information like credit card numbers or location data primarily because that data is not stored on the customer support platform. 404 Media reports the hacker used stolen credentials of a former Tile employee to gain access to the systems. Life360 confirms the hackers have tried to extort the company to get their data back but has not released how many customers are impacted.
(404 Media), (Bleeping Computer)
White House report highlights increase in federal attacks
A new White House report reveals that 11 US federal agencies reported a 9.9% increase in cybersecurity incidents in 2023, totaling 32,211 cases. The most common incident was “improper usage,” while phishing and malicious emails saw the largest year-on-year increase. Significant breaches included ransomware attacks on the Department of Health and Human Services, repeated data exposures at the Treasury Department, and successful phishing of an employee at the Office for the Inspector General. According to the official White House release, the report is to be used as an outline for the administration’s cyber investment priorities.
(The Register), (White House Report)
Russian hacker with ties to LockBit and Conti gangs arrested
I’m not sure who’s keeping score, but the LockBit ransomware gang takes another hit as Ukrainian cyber police announce the arrest of a 28-year-old Russian man in Kyiv. The suspect, affiliated with both the Conti and LockBit ransomware gangs, allegedly developed malware that was difficult for antivirus software to detect. You could say the man was a “hacker for hire,” selling his services for cryptocurrency to the two notorious gangs. According to a Dutch police report, the suspect was arrested as part of “Operation Endgame”—one of the largest international law enforcement actions against botnets. This operation led to the takedown or disruption of 100 servers used by criminals and the seizure of over 2,000 malicious domains.
(The Record), (Bleeping Computer)
Black Basta exploits zero-day flaw in windows
Symantec has found that the Black Basta ransomware group exploited a privilege escalation flaw (CVE-2024-26169) in the Windows Error Reporting Service as a zero-day before it was patched in March 2024. This vulnerability allows attackers to gain SYSTEM privileges, which attributes to the CVSS score of 7.8. The attackers, linked to the Cardinal group, used an exploit tool compiled before the patch release, leveraging the flaw to create registry keys and start a shell with administrative privileges.
(The Hacker News), (Bleeping Computer)
And now a word from our sponsor, Vanta
Google wants you to patch that
Google has released patches for 50 security vulnerabilities affecting Pixel devices, including a high-severity zero-day flaw (CVE-2024-32896) that has been exploited in targeted attacks. The company urges users to update their devices to the 2024-06-05 patch level. Additionally, the update addresses 44 other security bugs, including seven critical privilege escalation vulnerabilities.
Ransomware gang exploits newly disclosed PHP vulnerability
Just days after being publicly disclosed, a recent PHP vulnerability (CVE-2024-4577) leading to remote code execution was exploited by the TellYouThePass ransomware group. Imperva reports that the ransomware was deployed via WebShell uploads and other methods, exploiting the vulnerability that left both Windows and Linux systems exposed. Active since 2019, this group has a history of leveraging known vulnerabilities like Apache Log4j and Apache ActiveMQ Server.
(Dark Reading), (Security Week)
Hackers target Toronto school board
In a letter to parents, the Toronto School Board (TDSB) announced they discovered an attack on their technology testing environment. It should be noted that these test environments are separate from the board’s official networks. TDSB is the largest in Canada, managing 582 schools and more than 230,000 students. A representative from the school board says systems are operational and they are currently investigating if there was any impact on the network or if any personal information was taken.
(The Record), (School Board Letter)
Scattered Spider finds new home
The Scattered Spider cybercrime group has joined forces with the RansomHub ransomware-as-a-service (RaaS) operator, according to GuidePoint Security. This transition occurred after ALPHV/BlackCat disbanded following a ransom payment from Change Healthcare in March 2024. GuidePoint’s analysts connected Scattered Spider to RansomHub through their shared tactics, techniques, and procedures, including social engineering and attacks on ESXi environments.