Massive Data Leak Allegedly Exposes 3 Billion Records from National Public Data

A proposed class action lawsuit has been filed against National Public Data (NPD), accusing the company of being the source of a massive data breach affecting up to 3 billion individuals.

The data, reportedly leaked and offered for sale on the dark web by the hacker group USDoD for $3.5 million, includes sensitive information such as Social Security numbers and personal details. The database, containing approximately 2.9 billion rows, features names, mailing addresses, Social Security numbers, and possibly aliases for people in the US, Canada, and the UK.

Experts, including Troy Hunt of Have I Been Pwned, have noted inconsistencies in the data, such as records with Social Security numbers but lacking email addresses, and potential inaccuracies. While NPD has yet to comment on the breach, affected individuals are advised to monitor their credit reports and be cautious of potential scams and phishing attempts.

Critical Vulnerability in Palo Alto Networks’ Cortex XSOAR CommonScripts Pack (CVE-2024-5914)

A recently identified command injection vulnerability (CVE-2024-5914) in Palo Alto Networks’ Cortex XSOAR CommonScripts Pack affects all versions prior to 1.12.33. This vulnerability allows unauthenticated attackers to execute arbitrary commands within an integration container, potentially giving them control over critical parts of the system.

If you’re using Cortex XSOAR, it’s crucial to update to the latest version immediately to protect your systems from this serious threat.

GitHub Actions Artifacts Expose Sensitive Access Tokens

Recent research has uncovered a significant security vulnerability in GitHub Actions, where build artifacts generated by workflows in open-source repositories contain sensitive access tokens. These tokens, found in projects maintained by major companies like Google, Microsoft, Amazon AWS, and others, could allow attackers to push malicious code into projects or compromise cloud infrastructure.

The investigation, led by Yaron Avital of Palo Alto Networks, revealed that GitHub tokens were the most frequently leaked, posing a serious risk of unauthorised access to repositories. Additionally, a recent change in GitHub’s artifacts feature introduced a race condition that attackers can exploit, further amplifying the threat. This vulnerability underscores the importance of securing CI/CD pipelines to prevent potential breaches and protect critical services.

A Sophisticated Cybercrime Campaign Targets Users with Fake Websites

Cybersecurity researchers have uncovered a sophisticated cybercrime campaign, codenamed Tusk. This campaign involves the impersonation of legitimate brands to distribute malware like DanaBot and StealC through fake websites and social media accounts.

The attackers host an initial downloader on Dropbox, which delivers additional malware, primarily info-stealers and clippers.

Tusk comprises several sub-campaigns, with three currently active: TidyMe, RuneOnlineWorld, and Voico. These sub-campaigns use phishing tactics to trick users into downloading malware, stealing personal and financial information, and compromising systems.

The malicious software, including Hijack Loader and Go-based clippers, ultimately enables financial fraud and unauthorised access to cryptocurrency wallets. The Tusk campaign underscores the growing threat posed by cybercriminals adept at mimicking trusted platforms to deceive users and achieve financial gain.

FlightAware Security Incident Exposes User Data

Flight tracking platform FlightAware has disclosed a data security incident that may have exposed user information due to a configuration error.

The error, which occurred on January 1, 2021, was discovered on July 25, 2024, potentially leaving sensitive data exposed for over three years. The compromised information includes user IDs, passwords, and email addresses, with additional personal details such as billing addresses, social media accounts, and the last four digits of credit card numbers possibly affected. In response, FlightAware has fixed the issue and is requiring all potentially impacted users to reset their passwords.

To mitigate further risk, affected users are also being offered a 24-month identity protection package through Equifax. Users who have reused their FlightAware credentials on other platforms are strongly advised to update their passwords to prevent account hijacking.

Google Patches Critical Chrome Vulnerability CVE-2024-7971 Amid Ongoing Exploitation

Google has released critical security updates to address a high-severity flaw in Chrome, tracked as CVE-2024-7971, which has been actively exploited. This vulnerability, identified as a type confusion bug in the V8 JavaScript and WebAssembly engine, allows attackers to exploit heap corruption via malicious HTML pages.

Discovered and reported by the Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC) on August 19, 2024, the flaw affects Chrome versions prior to 128.0.6613.84. This is the third type confusion issue patched in V8 this year, following CVE-2024-4947 and CVE-2024-5274.

Google has addressed nine zero-day vulnerabilities in Chrome since the start of 2024, including those demonstrated at Pwn2Own 2024.

Users are urged to upgrade to Chrome 128.0.6613.84/.85 for Windows and macOS, and 128.0.6613.84 for Linux. Chromium-based browsers like Microsoft Edge, Brave, Opera, and Vivaldi should also be updated as fixes become available.

Surge in Malware Infections from Malvertising Campaigns Distributing FakeBat Loader

Cybersecurity researchers have identified a significant increase in malware infections linked to malvertising campaigns distributing a loader called FakeBat. This malware, also known as EugenLoader and PaykLoader, is associated with the threat actor Eugenfest and tracked under the name NUMOZYLOD by Google’s threat intelligence team.

The attacks, orchestrated by the group UNC4536, utilise trojanised MSIX installers disguised as popular software like Brave, KeePass, Notion, Steam, and Zoom. These malicious installers exploit drive-by download techniques to lure users into downloading secondary payloads, including malware like IcedID, RedLine Stealer, and Carbanak—a notorious tool of the FIN7 cybercrime group.

Once installed, NUMOZYLOD collects system information and establishes persistence on the infected system.

Critical Vulnerability Disclosed in LiteSpeed Cache Plugin for WordPress

Cybersecurity researchers have uncovered a severe security flaw in the LiteSpeed Cache plugin for WordPress, tracked as CVE-2024-28000, which allows unauthenticated users to gain administrator privileges.

This critical vulnerability, with a CVSS score of 9.8, affects all versions up to and including 6.3.0.1. Disclosed by Patchstack’s Rafie Muhammad, the issue involves a weak security hash used in the plugin’s user simulation feature. Due to a trivially guessable random number generator and a non-cryptographically secure hash, attackers can spoof their user ID and register as an administrator. This flaw could enable them to upload and install malicious plugins.

The vulnerability, patched in version 6.4 released on August 13, 2024, does not affect Windows-based WordPress installations due to the hash generation function’s reliance on a PHP method unavailable on Windows.

Users are urged to update to the latest version immediately to mitigate risks. This follows a previously disclosed vulnerability (CVE-2023-40000), underscoring the importance of robust security practices for WordPress plugins.

If you would like to discover how Secora Consulting can assist you in keeping your business secure, please get in touch by filling out the form below 👇.