Last week cyber news
- The Golden Corral restaurant chain reports that the information of about 188,000 customers was leaked.
- Houser LLP law firm in the USA reports that information of about 335,000 users/customers was leaked following a ransomware attack.
- Pharmaceutical giant Cencora reports that an attacker managed to penetrate the corporate network and steal information.
- The municipality of Oakley in the USA declared a state of emergency following a ransomware attack.
- The municipality of Hamilton in Canada reports extensive disruptions to the municipal telephone lines and email services due to a cyber attack.
Iranian Cyber Unit Attacked Israel’s Defense and Aviation Sectors
A cyber group, apparently Iranian, has launched a campaign for the purposes of espionage and attack on defense and aviation industries in Israel, the United Arab Emirates, and also apparently India, Turkey and Albania. According to researchers at the Google-owned cyber company Mandiant, the group is identified with another group that has direct ties to the Revolutionary Guards in Iran. According to the researchers, the potential link of the activity to the Iranian Revolutionary Guards is significant against the background of the “Iron Swords” war and in light of the recent tensions with Iran.
As part of the attack, content directly linked to the war in Gaza was used, including an impersonation of the “Bring Them Home Now” movement, which calls for the return of the Israeli abductees from Hamas captivity.
The camouflage methods used by the Iranian hackers included: social engineering including sending messages and phishing emails and spreading fake sites to download malware; Using Microsoft’s cloud infrastructure (Azure) – communication with which looks like a legitimate activity; Using infrastructure located in Israel and the United Arab Emirates (in the same countries as the organizations the group attacks), which may make it difficult to identify the group’s malicious activity against those entities.
The goals of the hackers are not entirely clear, but the information collected “may be used for espionage purposes as well as for offensive operations”.
Phishing Event Published this Week
The Seminole school district reports that it transferred $1.3 million to attackers after they posed as one of the school’s suppliers and asked to change bank account information for the next payment.
Glitch at Security Camera Startup Allowed Customers to See Into Other People’s Homes
Security device company Wyze has apologized to customers after a camera hack allowed 13,000 users to look into other people’s homes. The Seattle-based company, which specializes in smart home products and wireless cameras, blamed the incident on a “third-party mechanism” that was recently integrated into its system. In a post on its forum, the company said: “On Friday morning we had a service outage that led to a security incident”.
“We can now confirm that when the cameras came back online, approximately 13,000 Wyze users received thumbnails from cameras that were not theirs and 1,504 users clicked on them. Most clicks enlarged the thumbnail, but in some cases the video was viewable. All affected users have been notified”.
Security updates
- It was recently announced that there is a SQL Injection vulnerability in the Ultimate Member plugin for WordPress software. It is recommended to test and install the latest plugin version.
- Recently, the ConnectWise company reported 2 critical vulnerabilities in the management and remote control software produced by it – ScreenConnect. The more serious vulnerability is actually being exploited by attackers around the world. Any organizational workstation that runs this software must be immediately disconnected, or the software must be deactivated as soon as possible. Use of the software should only be resumed after updating to the latest version, and an examination by a qualified party has been carried out to ensure that the vulnerability has not actually been used against the organisation.
