Last week cyber news
TeamViewer’s corporate network was hacked by a Russian attack group.
In the announcement published by the company, it reports that it has identified unusual activity on the corporate network and activated response teams accordingly. The company claims that the corporate network is completely disconnected from the product’s network and the customers’ information. Due to the news, recommendations from the cyber system for securing the use of the product were published:
- Denying access from the Internet: Block direct access to the equipment or use a secure VPN.
- Increasing access security: Change your password to a strong password and activate two-factor authentication (2FA).
- Updates: Install security updates regularly.
- Monitoring: Monitor the software logs.
- The Handala group claims that it hacked into the computer systems of the Chinuch Atzmaai system for the Chareidi public. At this point the group publishes videos from security cameras that look like they were taken from a synagogue/yeshiva, but the group claims that it owns 4.3TB of information.
- An attack group called Brain Cipher, using the Lockbit vulnerability, broke into server rooms in Indonesia used by about 200 government offices. The group is demanding a ransom of $8 million, but the government has announced that it will not pay the attackers. As a result of the attack, there are disruptions in the various government services in the country.
- The Israeli pharmaceutical company Rakach reports a fear of a cyber attack. Following the identification of the attack, Rakach disabled the computer systems that were attacked and established a special team specializing in handling cyber incidents.
The Cyber System Alerts
The Activity of the Ransom Group TellYouThePass and a Change in the Activity of the p0Cl Goup The National Cyber System warns about increased activity by cyber crime groups that exploit known vulnerabilities for ransom attacks and information theft.
Main details:
- TellYouThePass group: widely exploits the CVE-2024-4577 vulnerability in PHP servers on Windows operating system.
- Cl0p Group (Graceful Spider, Lace Tempest, UNC4857, FIN11, TA505): Returned to using encryption in ransomware attacks, in addition to data theft.
Recommendations:
- The cyber system published an identifier file to help identify malicious activity. – It is recommended to monitor the relevant organizational security systems.
- Updated the PHP systems to the latest version.
- Ensure that the appropriate updates for CVE-2024-4577 are installed.
- Back up data regularly and store it on secure sites.
- Be aware of suspicious activity in the corporate systems.