A ransomware onslaught, a massive IRS data leak and cyberattacks on public transit and school systems…. Here are the latest threats and advisories for the week of September 9, 2022.
Threat Advisories and Alerts
Ransomware Group Vice Society Preys on School Systems
The FBI, CISA and the MS-ISAC are now warning educational institutions of an uptick in ransomware attacks by the cybercriminal group Vice Society. Ransomware can wreak havoc on a school, causing canceled school days, delayed exams and theft of personal student information. With children returning to school in many parts of the world at this time after summer breaks, attacks are expected to increase. To mitigate them, educational institutions are advised to maintain offline data backups, review the security of third-party vendors and encrypt all backup data. See the CISA Alert for a full list of mitigations.
Source: https://www.cisa.gov/uscert/ncas/alerts/aa22-249a
High Severity Google Chrome Vulnerability Is Being Actively Exploited
Google has released a security update for its Chrome web browser to address its sixth zero-day vulnerability of the year. The high-severity vulnerability (CVE-2022-3075), which is caused by insufficient data validation in Mojo, is reportedly being actively exploited. Google Chrome users on Mac, Windows and Linux are urged to apply the latest updates and turn on the browser’s auto-update function to always ensure their software is current.
Source: https://www.csa.gov.sg/en/singcert/Alerts/al-2022-045
TikTok Denies Being Compromised by Massive Security Breach
TikTok has denied being hit by a security breach after posts on hacking forums suggested the app's source code, including account details of potentially billions of users were compromised. A database with more than two billion entries concerning TikTok and WeChat accounts had been compromised and in possession of a hacking group, according to one forum post. However, in a statement posted to Twitter, the company said it “found no evidence of a breach,” after investigating the claims. TikTok also stated that the alleged source code made public by the hackers “is completely unrelated to TikTok’s backend source code.”
Emerging Threats and Research
Ransomware Infects Second Largest U.S. School District
Over Labor Day weekend in the U.S., the Los Angeles Unified School District (LAUSD) was hit with a ransomware attack, temporarily shutting down its computer systems, applications and email. LAUSD is the second largest school district in the U.S. and enrolls more than 640,000 students. The FBI and CISA are assisting LAUSD, and though they didn’t directly blame Vice Society for the attack, their recent joint security advisory may be in response to the incident.
Source: https://www.theregister.com/2022/09/06/lausd_ransomware_fbi_cisa_los_angeles/
Personal Info of 120,000 U.S. Taxpayers Exposed in IRS Data Leak
A U.S. Internal Revenue Service (IRS) data leak has exposed confidential information of roughly 120,000 taxpayers. The leak affects those who filed a form 990-T with their tax returns. While the exposed information included contact information, names and reported income from IRAs, it didn’t include social security numbers or individual tax returns. Affected taxpayers will be notified by the IRS in the coming weeks.
BlackCat Ransomware Attack Hits Italian Energy Agency
The notorious BlackCat ransomware gang has struck again. Its latest victim is Italy’s state-owned energy agency Gestore dei Servizi Energetici SpA (GSE). BlackCat claimed to have downloaded 700GB of GSE’s data (which includes information on contracts, projects and accounting) and has threatened to publish the confidential information if the ransom demand isn’t met.
Source: https://www.infosecurity-magazine.com/news/blackcat-italys-energy-services/
Hive Ransomware Gang Demands U.S. $2 million from Damart Clothing Company
The French clothing company Damart was hit with a cyberattack by the Hive ransomware gang. The cybercriminals have demanded $2 million and have reportedly refused to negotiate. Out of Damart’s 130 stores, 92 have been disrupted and some of its systems have been encrypted, causing a decrease in orders. Damart has denied that any data was stolen during the attack.
Go-Ahead Cyberattack Could Disrupt London’s Bus Services
London’s largest bus operator, Go-Ahead, has confirmed they suffered a “cybersecurity incident.” Unauthorized activity was discovered on its network earlier this week, yet the full extent of the cyberattack is still unknown. Go-Ahead has stated that U.K. and international rail services haven’t been affected and are operating normally. However, the bus services—Go-Ahead operates more than 2,400 buses in London—could be disrupted as the attack may have impacted bus and driver rosters.
Source: https://www.infosecurity-magazine.com/news/londons-biggest-bus-operator-hit/
To stay updated on the latest cybersecurity threats and advisories, look for weekly updates on the (ISC)² blog. Please share other alerts and threat discoveries you’ve encountered and join the conversation on the (ISC)² Community Industry News board.
The post Latest Cyberthreats and Advisories – September 9, 2022 appeared first on Cybersecurity Insiders.
September 17, 2022 at 09:27PM
0 comments:
Post a Comment