alt=Weekly intelligence report titled "CPRI," summarizing key insights and data for strategic decision-making.
Cyber security
2025-02-11 Post a Comment

10th February – Threat Intelligence Report

TOP ATTACKS AND BREACHES

  • Grubhub, the US-based online food ordering and delivery platform, suffered a data breach due to unauthorized access through a compromised third-party service provider’s account. The incident exposed personal details of customers, drivers, and merchants, including names, email addresses, phone numbers, payment card types, last four digits of card numbers, and hashed passwords for certain legacy systems. Grubhub has since revoked the service provider’s access and launched an investigation into the incident.
  • The city of McKinney, Texas, notified about a cyber-attack it experienced on October 31, 2024, which was detected on November 14. The breach exposed sensitive information, including names, addresses, Social Security numbers, driver’s license numbers, credit card details, financial account data, and medical insurance information of approximately 17,751 residents. The city has notified affected individuals and is offering one year of identity protection services.
  • Bohemia Interactive has reported severe disruptions to its online gaming services, affecting DayZ and Arma Reforger, due to a sustained DDoS attack. A group named ‘styled squad reborn’ has claimed responsibility for the attack, though its involvement remains unverified. Some reports suggest the attackers initially demanded a Bitcoin ransom to halt the attacks but later dismissed it as a joke.
  • Yazoo Valley Electric Power Association, serving multiple counties in Mississippi, experienced a cyberattack in August 2024 that compromised the personal information of more than 20,000 residents. The breach was linked to the Akira ransomware group, which claimed to have stolen documents containing Social Security numbers and company financial records.

Check Point Harmony Endpoint and Threat Emulation provide protection against this threat (Ransomware_Linux_Akira_C/D, Ransomware.Wins.Akira.G/H)

  • The University of The Bahamas suffered a ransomware attack on February 2nd, which disrupted internet and telephone systems, affecting administrators, professors, and students. The incident impacted all online applications, including email platforms and systems used for classwork, leading to the cancellation of online classes. The university is collaborating with law enforcement to contain the incident and has urged students to change their passwords.
  • British engineering company IMI has fallen victim to a cyber-attack which resulted in unauthorized access to its systems. Upon detection, the company engaged external cybersecurity experts to investigate and contain the incident. This event follows a similar cyber-attack reported by another UK-based engineering firm, Smiths Group, nine days earlier.

VULNERABILITIES AND PATCHES

  • Trimble has disclosed that a deserialization vulnerability in its Cityworks software, identified as CVE-2025-0994 with a CVSS v4.0 score of 8.6, is being actively exploited. This flaw allows authenticated users to execute remote code on Microsoft Internet Information Services (IIS) servers, leading to unauthorized access and deployment of Cobalt Strike beacons. Cityworks is widely used by local governments and utilities for asset and work order management. Trimble advises users to update to version 15.8.9 or later to mitigate this risk.
  • Cisco has published an advisory addressing two critical vulnerabilities in Cisco Identity Services Engine (ISE). The vulnerabilities, CVE-2025-20124 (CVSS 9.9) and CVE-2025-20125 (CVSS 9.1), allow remote attackers to gain escalation privilege and execute arbitrary commands on affected devices.
  • A high-severity kernel flaw actively exploited in Android devices was patched by Google in its latest security update. This Linux kernel vulnerability, identified as CVE-2024-53104 (USB video-class driver code), potentially allows several types of attacks through a buffer overflow, triggered by parsing undefined video frames. The latest patch aims to mitigate this by skipping parsing of problematic frames.

THREAT INTELLIGENCE REPORTS

  • Check Point Research has identified that threat actors are leveraging AI models like DeepSeek and Qwen to generate malicious content. These models have been manipulated to assist in developing infostealer malware, bypassing anti-fraud protections, and optimizing spam distribution techniques. Researchers observed cybercriminals using “jailbreaking” methods to override built-in security restrictions, allowing the creation of harmful tools.
  • Check Point has reported a phishing campaign impersonating Facebook, falsely notifying recipients of copyright infringement. The emails, sent from Salesforce’s automated mailing service, direct users to a fake Facebook support page to harvest credentials. The campaign began around December 20, 2024, primarily affecting enterprises across the EU (45.5%), US (45.0%), and Australia (9.5%), with versions in Chinese and Arabic, indicating a broad geographic target.
  • Researchers have uncovered an ongoing cyber campaign where Russian threat actors are deploying SmokeLoader malware against Ukrainian government and private sector organizations. The attackers use phishing emails impersonating Ukrainian agencies and businesses, embedding malicious attachments that exploit vulnerabilities to deliver SmokeLoader. This malware, traditionally used for financially motivated attacks, is now being leveraged in cyber-espionage operations against Ukrainian critical infrastructure.
read more
alt=1. A visual representation of the Wayback Machine, showcasing its role as an archive of the internet's history.
Cyber security
2024-10-23 Post a Comment

Hackers Disable Internet Archive’s Wayback Machine Once Again

4
By Matt L. Hall

Hackers have again created havoc with the Internet Archive and its Wayback Machine, just one day after the site reported it had been restored. While Archive-It and the Internet Archive blog are still up, currently, the rest of IA’s services are seemingly unavailable.

That means if you’re an avid user of the digital library, expect the platform to be down until further notice. It’s frustrating, and unfortunately, we don’t have any details about when the website will be back up.

The Fourth Outage This Month

A hacker in front of a laptop with a login window and some warning signs around.
Brian A Jackson/Shutterstock

Many consider the Internet Archive’s Wayback Machine to be an important historical resource. Its libraries contain valuable data regarding the internet’s past, including previous versions of websites.

This is the fourth time since the start of the month that cyberattacks have disabled the site. But the trouble initially started a bit earlier. On October 11th, we reported a data breach in late September that had compromised personal details for over 31 million accounts. The breach allowed hackers to gain access to screen names, emails, and encrypted passwords

Additionally, a DDoS attack on October 9th brought archive.org offline. Beginning that evening, users who logged into the site received a strange pop-up that stated:

“Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP.” The acronym referencing “Have I Been Pwned,” a site that informs users when data breaches occur.

The group responsible for the October 9th attack claimed political motives. However, social media comments were quick to note that the Internet Archive is a 503c non-profit that has no governmental affiliation.

A second and third breach over the last two weeks allowed a cybercriminal to break into Archive’s Zendesk support system. In a bold move, the malcontent even fielded requests from folks attempting to get support from the Internet Archive

One of those requests was an email from Mashable staff. On Sunday, Mashable received a response written by the previous hacker, to an email sent through IA’s Zendesk support system. The reply implied the motivation for the attack was due to a failure of the Internet Archive to rotate certain API keys. Mashable also reported the attacker claimed to have access to over 800,000 support tickets going back as far as 2018.

Today’s attack has again brought archive.org to its knees. Yet, it’s unclear who is responsible, or the nature of their motives. Still, the shutdown is another blow to a site recently pummeled by a slew of keyboard criminals.

Should I Be Concerned?

a man looking at his phone and seeming frustrated
Prostock-studio / ShutterstockAs we stated in our first report, there’s no sign that this attack will create individual issues. But, if you maintain an account on archive.org, you might want to take appropriate security measures just to be safe. Especially if you’re a person who is particularly anxious about your data. There’s no indication, however, that this attack was performed with the intent of stealing additional data from users. At this point, it seems the main goal was only to bring archive.org offline.
read more
alt=A man wearing a police vest stands confidently in front of a building, ready for duty.
Cyber security
2024-10-18 Post a Comment

Hacker allegedly behind attacks on FBI, Airbus, National Public Data arrested in Brazil

Jonathan Greig

Federal law enforcement in Brazil arrested a hacker allegedly behind several brazen, high-profile cyberattacks.

In a statement on Wednesday, Brazil’s Department of Federal Police (DFP)said they launched “Operation Data Breach” to investigate several intrusions on their own systems as well as others internationally.

“A search and seizure warrant and a preventive arrest warrant was served in the city of Belo Horizonte/MG against an investigated person suspected of being responsible for two publications and sales of Federal Police data, on May 22, 2020 and on February 22, 2022,” DFP said.

“The prisoner boasted of being responsible for several cyber intrusions carried out in some countries, claiming, on websites, to have disclosed sensitive data of 80,000 members of InfraGard, a partnership between the FBI and private critical infrastructure entities in the United States of America.”

DFP did not name the suspect, but a threat actor known as USDoD has long boasted of being behind the December 2022 breach of the FBI’s InfraGard platform that is used by law enforcement to coordinate with companies.

The hacker — who has been linked to Brazil by several cybersecurity researchers — also claimed breaches of European aerospace giant Airbus, the U.S. Environmental Protection Agency and several other organizations that often could not be verified.

The same threat actor caused widespread alarm in April when they posted a database on the criminal marketplace Breached claiming it came from U.S. background check giant National Public Data. The database included about 899 million unique Social Security numbers, likely of both living and deceased people.

A bankruptcy filing by National Public Data explicitly names USDoD, noting that the hacker “has had a great deal of success breaching other institutions including the FBI, Airbus, and TransUnion.”

DFP confirmed that the person they arrested is “responsible for leaking large databases of personal information, including those of companies such as Airbus and the United States Environmental Protection Agency.”

“The person under investigation must answer for the crime of hacking into a computer device, qualified by obtaining information, with an increase in the sentence for the commercialization of the data obtained,” they said.

“The investigation will continue to identify any other cyber intrusions that were committed by the person under investigation.”

A person claiming to be USDoD came forward in August and spoke to a news outlet, admitting to being a 33-year-old man named Luan G. from the state of Minas Gerais in Brazil.

“I want to say thank you, it is time to admit I got defeated and I will retire my Jersey. Yes, this is Luan speaking. I won’t run, I’m in Brazil, the same city where I was born,” he told HackRead.

“I am a huge valuable target and maybe I will talk soon to whoever is in charge but everyone will know that behind USDoD I’m a human like everyone else, to be honest, I wanted this to happen, I can’t live with multiple lives and it is time to take responsibility for every action of mine and pay the price doesn’t matter how much it may cost me.”

The person claimed they had already been identified by cybersecurity experts working for Crowdstrike and other companies like Intel471. Local news outlets reported at the time that Crowdstrike shared its findings with the Brazilian government.

Other researchers have used social media accounts and more to trace the identity back to Luan.

The arrest is just the latest attempt by Brazilian law enforcement to limit the operations of hackers in their country. In January, Brazilian police disrupted the operation of a criminal group responsible for the banking malware called Grandoreiro that was used to steal €3.6 million ($3.9 million) since 2019.

In 2022, they carried out eight search and seizure warrants as part of an investigation into attacks claimed by the Lapsus$ Group.

read more
Trustpilot
The rating of livingsafeonline.com at Trustprofile Reviews is 9.1/10 based on 13 reviews.
Verified by MonsterInsights