Headlines
- Critical Cobbler Server Vulnerability Enables Unauthorised Contro
- Blue Yonder Ransomware Attack Disrupts UK Supermarkets’ Supply Chains
- Massive Retail Data Breach Exposes 57 Million Customers’ Information
- Matrix Botnet Exploits IoT Devices for Global DDoS Campaign
- UK Businesses Lose £44 Billion to Cybercrime Over Five Years
- U.S. Soldier Suspected in Snowflake Extortion Scheme
- Global Police Takedown Dismantles €250M/month Pirate Streaming Service
- Critical Flaw in WordPress Plugin Risks 4 Million Websites
- Russian RomCom Hackers Exploit Firefox and Windows Zero-Day Vulnerabilities
- Major Incident Declared at Merseyside’s Arrowe Park Hospital Over Cybersecurity Breach
Critical Cobbler Server Vulnerability Enables Unauthorised Contro
A critical vulnerability (CVE-2024-47533) in Cobbler Server versions 3.0.0 to 3.2.2 and 3.3.0 to 3.3.6 allows unauthorised network users to take full control via improper authentication.
Users are advised to update to patched versions (3.2.3 or 3.3.7) immediately. The NCSC recommends prioritising updates and reviewing the latest release notes to safeguard against potential exploitation.
View SourceBlue Yonder Ransomware Attack Disrupts UK Supermarkets’ Supply Chains
A ransomware attack on Blue Yonder, a major supply chain software provider, has caused significant disruptions to operations across multiple UK supermarkets, including Morrisons and Sainsbury’s.
The attack targeted Blue Yonder’s private cloud, impacting services such as demand forecasting and warehouse management. Morrisons faced notable challenges, resorting to manual systems for fresh produce and chilled goods, while Sainsbury’s activated contingency plans to minimise customer impact.
Blue Yonder is collaborating with cybersecurity experts to address the breach but has yet to provide a timeline for resolution.
View SourceMassive Retail Data Breach Exposes 57 Million Customers’ Information
A recent data breach has compromised the personal information of nearly 57 million retail customers from brands such as Hot Topic, BoxLunch, and Torrid. The stolen data includes sensitive details like names, addresses, phone numbers, email addresses, dates of birth, partial credit card numbers, and loyalty program information.
Weak encryption of credit card data and the absence of multi-factor authentication (MFA) in a cloud account were key vulnerabilities exploited during the attack.
The breach reportedly stems from an infostealer malware infection on a third-party employee’s system, allowing attackers to gain access to customer data stored in a Snowflake cloud account. Experts warn that the exposed data is a treasure trove for cybercriminals, enabling phishing attacks and identity theft.
View SourceMatrix Botnet Exploits IoT Devices for Global DDoS Campaign
The Matrix botnet has been linked to a widespread DDoS campaign, exploiting vulnerabilities in IoT devices like cameras, routers, and telecom equipment. Using publicly available tools and weak credentials, the botnet has targeted regions including China, Japan, and the U.S. Its operator, believed to be a lone actor, also markets DDoS-for-hire services via a Telegram bot.
View SourceUK Businesses Lose £44 Billion to Cybercrime Over Five Years
Over the past five years, UK businesses have suffered £44 billion ($55 billion) in losses due to cyberattacks, according to a report by Howden.
The analysis reveals that 52% of UK businesses experienced at least one attack during this period, with compromised emails (20%) and data theft (18%) among the most common attack methods.
Despite the rising threats, many firms still lack robust cybersecurity measures; only 61% use antivirus software, and 55% have firewalls.
The study underscores the need for businesses to prioritise cybersecurity investments, such as staff training, advanced tools, and periodic system audits, to combat these growing threats effectively.
View SourceU.S. Soldier Suspected in Snowflake Extortion Scheme
A U.S. soldier is under investigation for alleged involvement in extortion campaigns targeting Snowflake Inc. The suspect reportedly used stolen employee credentials to access sensitive systems and demanded payment to prevent data leaks. This case highlights the growing insider threat risk in cybersecurity, particularly from individuals with system access.
Authorities are working with Snowflake to assess the breach’s full scope and implement stronger safeguards against similar exploits.
View SourceGlobal Police Takedown Dismantles €250M/month Pirate Streaming Service
An international law enforcement operation, “Taken Down,” dismantled a massive pirate streaming service generating €250M monthly from 22 million users.
Authorities in Italy, with Europol and other agencies, conducted 89 searches and arrested key suspects across Europe and China. Over 2,500 illegal IPTV channels and servers were seized, along with €1.65M in cryptocurrencies.
The service pirated content from platforms like Netflix and Disney+, causing estimated annual damages of €10B. Arrested individuals face charges including fraud and money laundering.
View SourceCritical Flaw in WordPress Plugin Risks 4 Million Websites
The WordPress plugin Really Simple Security, installed on over 4 million websites, recently faced a critical vulnerability (CVE-2024-10924) with a CVSS score of 9.8.
This flaw allowed attackers to bypass authentication in sites with two-factor authentication enabled, potentially gaining admin-level access. The issue stemmed from improper error handling in the plugin’s REST API function.
Developers promptly patched the issue in version 9.1.2, and affected users are urged to update immediately to mitigate the threat.
View SourceRussian RomCom Hackers Exploit Firefox and Windows Zero-Day Vulnerabilities
The RomCom cybercrime group leveraged two zero-day vulnerabilities in Firefox and Windows to deploy malware on targeted systems in Europe and North America.
Exploiting a Firefox use-after-free bug (CVE-2024-9680) and a Windows Task Scheduler flaw (CVE-2024-49039), attackers achieved remote code execution without user interaction.
Victims visiting crafted websites had the RomCom backdoor installed, allowing further attacks. The campaign primarily targeted government, defense, and critical industries, highlighting RomCom’s advanced tactics and persistent threats.
View SourceMajor Incident Declared at Merseyside’s Arrowe Park Hospital Over Cybersecurity Breach
Arrowe Park Hospital in Merseyside has declared a “major incident” due to a cybersecurity breach affecting operations.
Patients are urged to visit the emergency department only for urgent needs. Outpatient appointments for November 26-27 have been cancelled, with maternity services continuing unaffected.
The hospital is working on resolving the issue, prioritising patient safety. The public is advised to use alternative healthcare resources like NHS 111 or walk-in centers for non-emergency concerns.
View SourceIf you would like to discover how Secora Consulting can assist you in keeping your business secure, please get in touch by filling out the form below 👇
