Each week, the ISMG tracks cybersecurity incidents and breaches around the world. This week, a foreign law enforcement operation took down phishing-as-a-service site LabHost, visitors’ knowledge was compromised in the Omni Hotels hack, Ivanti patches two critical vulnerabilities, a Moldovan national accused in the United States of running a botnet; Cisco Warns of Knowledge Breach in Duo; The Spanish contractor of the Guardia Civil suffers a ransomware attack, exposing private data.
See also: Critical Response to Ransomware: Remediating the Initial Access Vector
The U. S. federal government has seized four domain names connected to Russian infrastructure used by cybercriminals to spoof the websites of major banks and online providers, Justice Department officials said.
The seizure component of a foreign law enforcement operation that resulted in 37 arrests, adding one in the U. K. from the alleged initial developer of the phishing-as-a-service operation. Known as LabHost, its service had more than 100,000 foreign users and created more than 40,000 phishing websites, the government said. It operated on the open Internet through LabHost. ru and the Arrayru top-level domain assigned to the Russian Internet infrastructure company DDoS-Guard.
Prosecutors received an order authorizing the seizure of the properties. A parallel investigation through the UK’s Metropolitan Police revealed more than one million user IDs and approximately 500,000 payment cards stolen from LabHost’s infrastructure.
The Australian Federal Police reported the seizure of 207 servers used to host the fraudulent phishing created through LabHost.
Fortra reported in February that LabHost started operations in the last 3 months of 2021 and overtook competitor Frappo as the preferred provider of phishing websites for much of 2023. LabHost suffered a mysterious outage in October, but restored service in early December.
The luxury chain Omni Hotels
The hackers did not compromise monetary data or Social Security numbers. The attack forced Omni to shut down its formulas on March 29, leading to formula outages at all of its properties, as well as phone and Wi-Fi issues and access card malfunctions.
It could be? Why yes: More security vulnerabilities in Ivanti products, though the company said Wednesday that none of the 27 vulnerabilities in its Avalanche mobile device control solution are being actively exploited. The Utah-based manufacturer pledged earlier this month to make comprehensive changes to the company’s strategy toward cybersecurity after malicious actors, including suspected Chinese state hackers, turned its gateways into elements of a hacking wave that lasted for months. Ivanti’s Endpoint Manager Mobile product also played a starring role in a July 2023 incident involving a zero-day used to hack the Norwegian government (see: Ivanti Zero-Day used in a Norwegian government breach).
Of the Avalanche patches, two are critical heap overflow flaws, known as CVE-2024-24996 and CVE-2024-29204. The vulnerabilities pose serious risks, allowing remote attackers to execute arbitrary commands without user interaction. Ivanti also has 25 other constant means – and high-severity bugs, adding those that facilitate denial-of-service attacks, arbitrary command execution, and knowledge theft.
U. S. federal prosecutors have been working to prevent the U. S. from U. S. officials have charged Moldovan national Alexander Lefterov, also known as Alipako, Uptime, and Alipatime, with nuisance identity theft, computer fraud, and wire fraud. The nine-count indictment recently unsealed in 2021 accuses Lefterov of infecting computers to collect user credentials. and negotiating the sale of those credentials, as well as the PCs themselves, on rogue black markets.
Lefterov is also said to have facilitated the distribution of malware and ransomware attacks. He is a fugitive from the American justice formula and wanted through the FBI.
Cisco-owned Duo Security has revealed a flaw in an anonymous network provider used to send multi-factor SMS messages. The breach, which occurred on April 1, was the result of a phishing attack on the credentials of an employee of the seller. The hackers accessed and downloaded SMS MFA message logs from the entire month of March, exposing the phone numbers, carriers, and metadata of the affected Duo accounts.
Cisco acquired Duo Security in 2018 in a $2. 35 billion deal.
The company said the hackers did not have access to the content of the messages or send unauthorized messages to the stolen data. Owners of affected Duo accounts can request copies of compromised message logs from Cisco. In an emailed statement, a Cisco spokesperson said the attack affected “approximately 1% of Duo consumers. Our investigation is ongoing and we are notifying affected consumers through our established channels, as appropriate. “
A ransomware attack in March against a medical company that provides services to Spain’s Guardia Civil, the National Gendarmerie and the Ministry of Defense almost failed to capture sensitive medical data, online newspaper The Objective reported on Wednesday, citing “sources close to the investigation. “
The hackers, a leaked edition of the LockBit ransomware malware, targeted Medios de Prevención Externos Sur SL on March 22 in an incident that was revealed this week (see: Free Ransomware: LockBit Fakes and Imposters Proliferate).
El Independiente reported that Guardia Civil agents have reported an accumulation of phishing emails.
David Perera of the Information Security Media Group in Washington, D. C.
Read more »
Log in now
Complete your profile and stay informed
Contact Support
Log in now
Log in now
Our website uses cookies. Cookies allow us to provide the most productive experience imaginable and help us understand how visitors use our online site. By browsing govinfosecurity. com, you agree to our use of cookies.