Descriptive Alt Text

This Week in Cybersecurity: Looking Back at Week 42

October 18, 2024 Reading Time: 6 minutes

Data Breach at Cabot Financial Exposes Sensitive Consumer Information

A significant data breach at Cabot Financial, one of Ireland’s largest debt-collection agencies, has potentially compromised the personal and financial details of thousands of consumers.

The agency, which manages accounts for approximately 80 credit unions and other lenders, has disabled its website and several phone lines in response to the attack.

Cabot Financial has confirmed it is actively addressing a suspected cyber attack and is collaborating with IT experts to protect customer data.

The firm has notified the Central Bank of Ireland, the Data Protection Commissioner, and the National Cyber Security Centre about the situation and is prioritising measures to minimise any potential harm to customers. The breach raises serious concerns as sensitive information, including names, addresses, and payment details, may now be in the hands of hackers.

As the company works to restore services and deploy additional security measures, affected customers are urged to remain vigilant and report any suspicious activity.

View Source

Ballincollig Credit Union Issues Security Warning Amid Potential Third-Party Breach

Ballincollig Credit Union (BCU) has alerted members to a potential security breach linked to Cabot Financial Ireland Limited, which manages credit control services for BCU and around 80 other credit unions in Ireland.

Though no personal data has been confirmed compromised, BCU advises members to stay vigilant against phishing attempts. PINs remain unaffected, but members should be cautious with unsolicited requests for information.

Authorities, including An Garda Síochána, are investigating the incident.

View Source

Hybrid Work Exposes Print Infrastructure Vulnerabilities

The shift to hybrid work models has revealed critical security weaknesses in corporate print infrastructure, leading to increased risks.

Remote employees often use insecure, unmanaged printers and send print jobs over public networks, while organisations struggle with inadequate authentication, exposed local spools, and inconsistent patching.

Recent vulnerabilities like CVE-2024-38199 (RCE in Windows LPD) and CVE-2024-43529 (Windows Print Spooler flaw) highlight the ongoing threat. A Quocirca study found that 67% of organisations experienced print-related security incidents in 2024.

Many firms overlook printer security, despite the risks posed by legacy systems and cloud integration challenges.

View Source

Hackers Breach Pokémon Source Code, Leaking Sensitive Information

Hackers have breached Pokémon’s source code, compromising sensitive data, including personal information from an internal game development environment.

The breach involved theft of game code and additional internal assets related to Pokémon titles. Sensitive personal information of employees and collaborators may have also been exposed.

While there is no evidence of user data leaks, the breach raises concerns about potential future attacks.

View Source

Emergence of Cicada3301: A New Threat in Ransomware-as-a-Service

Cybersecurity researchers have uncovered critical insights into Cicada3301, a new ransomware-as-a-service (RaaS) operation, after accessing the group’s affiliate panel on the dark web.

Singapore-based Group-IB reported that they contacted the threat actor behind Cicada3301 via the RAMP cybercrime forum, where the group sought new partners for its affiliate program. The dashboard of the affiliate panel revealed features such as a login overview, news updates, and communication interfaces for negotiating with victims.

First identified in June 2024, Cicada3301 shows notable code similarities to the now-defunct BlackCat ransomware group and has already compromised at least 30 organisations, primarily in critical sectors across the U.S. and the U.K.

This Rust-based ransomware is cross-platform, targeting various operating systems, including Windows and multiple Linux distributions. Notably, Cicada3301 can fully or partially encrypt files, disrupt virtual machines, and delete shadow copies, enhancing the impact of its attacks.

View Source

Fidelity Investments Data Breach Exposes Personal Information of 77,000 Customers

Fidelity Investments has disclosed a data breach affecting over 77,000 customers, exposing sensitive personal information.

The breach occurred via an attack on a third-party service provider, exposing data such as names, Social Security numbers, and financial details.

While Fidelity has taken steps to secure its systems, affected customers are advised to monitor their accounts for suspicious activity and take precautionary measures to protect their personal information.

View Source

Cybercriminals Exploit Red Team Tools to Evade Detection

Cybercriminals have increasingly co-opted legitimate red team tools to bypass detection systems and evade endpoint security measures. These malicious actors modify tools like Cobalt Strike, Metasploit, and Sliver to launch sophisticated attacks, blending with normal system behaviour.

Security experts warn that this tactic has been successful in breaching defences, as attackers leverage the same strategies used for penetration testing to gain persistence and avoid detection in networks. The trend emphasises the need for stronger defences against dual-use tools.

View Source

SideWinder APT Expands Its Global Attack Campaign

The India-based APT group SideWinder has launched a widespread cyberattack campaign, targeting high-profile entities across Asia, the Middle East, Africa, and Europe.

Known for its cyber-espionage activities, the group has expanded its operations geographically, focusing on sectors like government, military, telecommunications, and financial institutions.

The attacks utilise spear-phishing techniques and the advanced post-exploitation toolkit “StealerBot,” designed for espionage. StealerBot operates through modular components to steal sensitive data, bypass detection, and maintain persistence on compromised systems.

Despite being underestimated in the past, SideWinder’s growing capabilities and global reach pose significant risks.

View Source

Brazilian Hacker Behind Major Data Breaches Arrested

Brazil’s Polícia Federal has arrested USDoD, the notorious hacker responsible for high-profile breaches, including attacks on the National Public Data and the FBI’s InfraGard portal.

Identified as 33-year-old Luan BG from Minas Gerais, USDoD had been active in hacktivism since 2017 but shifted to more serious cybercriminal activities by 2022.

A CrowdStrike investigation, confirmed by independent researchers, traced Luan through poor operational security practices, linking his personal email and social media activity to cybercrimes. Luan was arrested during “Operation Data Breach” for selling stolen data from multiple organisations, including 80,000 InfraGard members. The investigation is ongoing.

View Source

New Linux Variant of FastCash Malware Targets ATMs for Financial Theft

A new Linux variant of the notorious FastCash malware has been discovered, targeting ATMs and banking systems.

This variant exploits financial transaction processes by manipulating ISO 8583 messages, enabling attackers to fraudulently approve cash withdrawal requests. The malware, which has been previously linked to the North Korean Lazarus Group, is now more sophisticated, focusing on Linux-based systems.

Financial institutions are urged to review their security protocols and update defences to prevent potential attacks.

View Source

GitHub Patches Critical RCE Vulnerability in GitHub Actions

GitHub has patched a critical remote code execution (RCE) vulnerability affecting GitHub Actions, its CI/CD automation tool. The flaw, discovered by security researcher Felix Wilhelm of Google Project Zero, allowed attackers to inject malicious code through a repository’s workflow configuration.

If exploited, this could lead to full control over repositories or environments running vulnerable workflows. GitHub urges all users to review and update workflows to mitigate potential risks.

View Source

Mozilla Patches Actively Exploited Critical Vulnerability in Firefox

Mozilla has patched a critical use-after-free vulnerability in Firefox and Firefox ESR (CVE-2024-9680) that has been actively exploited.

This flaw, rated 9.8 in severity, allowed attackers to execute arbitrary code via the Animation timeline component.

Mozilla advises users to update to versions 131.0.2, ESR 128.3.1, or ESR 115.16.1 to mitigate the risk.

The vulnerability has been reported in live attacks, though specifics remain scarce. An emergency update for the Tor Browser has also been released to address this flaw.

View Source

If you would like to discover how Secora Consulting can assist you in keeping your business secure, please get in touch by filling out the form below 👇

Let's Talk About Your Project

Leave us your details and one of our team will reach out to explore how we can assist with your cybersecurity requirements.

Postal address

The BASE Enterprise Centre

Railway Road

Stranorlar

Co. Donegal

Ireland

F93 VAK6

Phone number
IE: +353 74 970 7876 | UK: +44 20 4538 2818

To learn more about your data and privacy rights, visit our Privacy Statement.