Vodafone Italy suffers a data breach after a reseller hacked

Vodafone Italia has informed customers of a data breach after its business partner and a local reseller of the telecommunications services FourB S.p.A was hit with a cyberattack in the first week of September.

The exposed data includes subscription details, identity documents with sensitive data, and contact details. According to the company, no account passwords or network traffic data have been compromised as a result of this incident.

The disclosure comes after a hacker group called “KelvinSecurity” put up for sale 310 GB of data allegedly stolen from the telecom provider on a dark web forum.

Microsoft pledges further $100 million tech assistance to Ukraine

Microsoft announced it will provide Ukraine with further technological assistance worth $100 million during 2023. The additional tech support will ensure that government agencies, critical infrastructure and other sectors in Ukraine will be able to use Microsoft cloud technology free of charge until the end of next year, Microsoft President Brad Smith said.

Microsoft has provided Ukraine with over $400 million in support since Russia’s terrorist regime started its invasion of the country in February.

Ukraine war, geopolitics fueling cybersecurity attacks, ENISA says

Geopolitics such as the Russo-Ukrainian war has been a game changer, which led to more damaging and widespread cybersecurity attacks, EU cybersecurity agency ENISA said in its annual threat landscape report. As per the agency, state sponsored, cybercrime, hacker-for-hire actors and hacktivists remained the prominent threat actors during the period of July 2021 to July 2022.

The report notes that the DDoS landscape reached its all-time activity peak in July 2022; third-party incidents, such as supply chain attacks, accounted for 17% of all reported intrusions in 2021, up from only 1% in 2020; 66 zero-day vulnerabilities were disclosed in the reporting period; more than 10 TBs of data are stolen monthly in ransomware attacks; more than 60% of affected organizations appear to have paid the ransom demand.

TikTok confirms Chinese staff can access European users’ data

The popular video-sharing service TikTok has updated its privacy policy for European users, which is now says that some its employees from across the world, including Brazil, Canada, China, Israel, Japan, Malaysia, Philippines, Singapore, South Korea, and the US, now have “limited remote access” to user data.

Data could be used to conduct checks on aspects of the platform, including the performance of its algorithms, which recommend content to users, and detect vexatious automated accounts. The privacy policy update applies to users located in the UK, the European Economic Area (EEA), and Switzerland, and goes into effect on December 2, 2022.

Black Basta ransomware linked to FIN7 hackers

Cybersecurity firm SentinelOne found a possible connection between the Black Basta ransomware operation and the financially motivated hacking group FIN7 (Carbanak). The discovery was made during the analysis of tools used by Black Basta, which showed that a developer for FIN7 was also the creator of the EDR (Endpoint Detection and Response) evasion tools used exclusively by Black Basta since June 2022.

Black Basta ransomware emerged in April 2022 and went on a spree breaching over 90 organizations by September 2022. More details about Black Basta’s operational TTPs are available in SentinelOne’s report.

Boeing subsidiary Jeppesen's services impacted by cyberattack

Boeing unit Jeppesen, which provides analytical services to air carriers, experienced a cyber incident that affected access to its flight planning software used by airlines worldwide. Boeing said that it doesn’t believe that the incident poses a threat to aircraft or flight safety. According to a notice on Jeppesen’s website, the incident impacted the receipt and processing of current and new Notice to Air Missions (NOTAMs), an industry term for notifications from authorities alerting airspace users to hazards along their route, both in the air and on the ground.

Boeing did not provide further details on the nature of the incident, but some reports suggest that it was a ransomware attack.

Astronomical observatory in Chile hit with a cyberattack

The Atacama Large Millimeter Array (ALMA) Observatory in Chile, which is hosting some of the most powerful radio telescopes in the world, has halted all astronomical observation operations and taken its public website offline due to a cyberattack. The incident impacted email services at the observatory, but the threat has been contained, and the attack has not affected the ALMA antennas or any scientific data, ALMA said on Twitter.

Hundreds of US news websites spread malware

Over 250 regional and national US newspaper sites have been observed spreading the FakeUpdates malware after the threat threat actor known as TA569, or SocGholish, has compromised JavaScript code used by an unnamed media content provider.

Dozens malicious PyPI packages caught installing W4SP' info-stealer

A report from DevOps security firm Phylum describes a new supply chain attack that involves over two dozen of malicious PyPI packages masqueraded as popular libraries that attempt to deliver the W4SP Stealer on infected machines.

Urlscan.io API leaked sensitive URLs, data

Urlscan.io, a website scan and analysis engine, was found to be inadvertently leaking sensitive records that should not to be available to the public. Urlscan.io accepts URL submissions and generates a wealth of data, including domains, IPs, DOM information, and cookies, alongside screenshots. It should be noted that Urlscan.io released a new, improved, engine version, which includes an enhanced scan visibility interface and team-wide visibility settings.

Europe’s biggest copper producer Aurubis targeted in a cyberattack

Aurubis, Europe’s biggest copper producer, has been targeted in a cyberattack, which appears to be part of a larger attack aimed at the metals and mining industry. Due to the incident the company shut down a number of various systems at its sites as a precaution measure. The extent of the attack is unclear at this point, but the producer said the operations at its sites were not affected.

Cybersecurity agencies release guidance on how to respond to DDoS attacks, secure supply chains

US cybersecurity and intelligence agencies released the separate guides to help organizations strengthen their defenses against distributed denial of service (DDoS) attacks, the supply chain compromise, phishing and other cyber threats.

Cranefly cyber spies use the logs of IIS servers to send commands to infected systems

A never-before-seen dropper was discovered that installs backdoors and other malicious tools using a novel technique that involves reading commands from seemingly harmless Internet Information Services (IIS) logs.

Dubbed “Geppei,” the dropper is being used by a threat actor known as Cranfly or UNC3524 to install another piece of hitherto undocumented malware (Trojan.Danfuan). Symantec notes that it was the first time it encountered the technique in a real-world attack.

Dropbox suffers data breach after threat actors accessed 130 of its source code repos on GitHub

File hosting service Dropbox said it has been a victim to a phishing attack that allowed an unauthorized party to access 130 of its source code repositories hosted on GitHub. The repositories included copies of third-party libraries slightly modified for use by Dropbox, internal prototypes, and some tools and configuration files used by the security team. The company said it found no evidence that its core infrastructure or customer data were compromised.

Hackers take advantage of KeePass and SolarWinds software to distribute RomCom RAT

A threat actor known as RomCom is using rogue versions of the popular software like SolarWinds Network Performance Monitor (NPM), KeePass Open-Source Password Manager, and PDF Reader Pro in attacks targeting Ukraine and some English-speaking countries such as the UK. The researchers believe that the RomCom RAT, Cuba Ransomware, and Industrial Spy, a relatively new ransomware actor first seen in April 2022, have an apparent connection.