From gbhackers.com
Roblox, the globally renowned online gaming platform, has suffered a data breach.
According to a tweet from cybersecurity expert H4ckManac, the breach has exposed sensitive information, including email addresses and IP addresses of millions of users.
From thehackernews.com
Apple removed a number of virtual private network (VPN) apps in Russia from its App Store on July 4, 2024, following a request by Russia’s state communications watchdog Roskomnadzor, Russian news media reported.
This includes the mobile apps of 25 VPN service providers, including ProtonVPN, Red Shield VPN, NordVPN and Le VPN, according to MediaZona. It’s worth noting that NordVPN previously shut down all its Russian servers in March 2019.
“Apple’s actions, motivated by a desire to retain revenue from the Russian market, actively support an authoritarian regime,” Red Shield VPN said in a statement. “This is not just reckless but a crime against civil society.”
From securelist.com
In May 2024, we discovered a new advanced persistent threat (APT) targeting Russian government entities that we dubbed CloudSorcerer. It’s a sophisticated cyberespionage tool used for stealth monitoring, data collection, and exfiltration via Microsoft Graph, Yandex Cloud, and Dropbox cloud infrastructure. The malware leverages cloud resources as its command and control (C2) servers, accessing them through APIs using authentication tokens. Additionally, CloudSorcerer uses GitHub as its initial C2 server.
CloudSorcerer’s modus operandi is reminiscent of the CloudWizard APT that we reported on in 2023. However, the malware code is completely different. We presume that CloudSorcerer is a new actor that has adopted a similar method of interacting with public cloud services.
From pandasecurity.com
There are always risks when connecting to unknown public WiFi networks. Scammers will sometimes create ‘fake’ hotspots that capture and steal sensitive data from their unsuspecting victims. However, these scams only work when the hackers have complete control of the WiFi network.
Microsoft recently identified a new vulnerability that could be exploited to compromise machines on any public WiFi network. The vulnerability (CVE-2024-30078) allows hackers to send a malicious packet to devices on the same Wi-Fi networks in locations such as airports, coffee shops, hotels, or workplaces.
Once the magic packet has been received by an unprotected computer, the hacker can remotely execute commands and access the system. Worse still, the whole process is invisible – there are no prompts or alerts that show something is wrong.
Fortunately, Microsoft has developed a fix. The patch for CVE-2024-30078 was included in the monthly update for June. Although Microsoft classifies this vulnerability as “Important” (the second highest rating), it still presents a significant risk to anyone who uses public WiFi networks.
From decoded.avast.io
The DoNex ransomware has been rebranded several times. The first brand, called Muse, appeared in April 2022. Multiple evolutions followed, resulting in the final version of the ransomware, called DoNex. Since April 2024, DoNex seems to have stopped its evolution, as we have not detected any new samples since. Additionally, the TOR site of the ransomware has been down since that point. The following is a brief history of DoNex.
| Apr 2022 | The first sample of Muse ransomware |
| Nov 2022 | Rebrand to fake LockBit 3.0 |
| May 2023 | Rebrand to DarkRace |
| Mar 2024 | Rebrand to DoNex |
All brands of the DoNex ransomware are supported by the decryptor.
DoNex uses targeted attacks on its victims and it was most active in the US, Italy, and Belgium based on our telemetry.
From securityaffairs.com
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Cisco NX-OS Command Injection Vulnerability, tracked as CVE-2024-20399, to its Known Exploited Vulnerabilities (KEV) catalog.
This week, Cisco addressed an NX-OS zero-day, tracked as CVE-2024-20399 (CVSS score of 6.0), that the China-linked group Velvet Ant exploited to deploy previously unknown malware as root on vulnerable switches.
The flaw resides in the CLI of Cisco NX-OS Software, an authenticated, local attacker can exploit the flaw to execute arbitrary commands as root on the underlying operating system of an affected device.
“This vulnerability is due to insufficient validation of arguments that are passed to specific configuration CLI commands. An attacker could exploit this vulnerability by including crafted input as the argument of an affected configuration CLI command.” reads the advisory published by Cisco. “A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of root.”
From theregister.com
The use of selfies to verify identity online is an emerging trend in some parts of the world since the pandemic forced more business to go digital. Some banks – and even governments – have begun requiring live images over Zoom or similar in order to participate in the modern economy. The question must be asked, though: is it cyber smart?
Just last Monday the Southeast Asian nation of Vietnam began requiring face scans on phone banking apps as proof of identity for all digital transactions of around $400 and above.
The nation’s residents are not able to opt out of the banking rules, despite Vietnam regularly finding itself ranked poorly when it comes to internet privacy or cyber security.
Local media has weighed in to suggest that selfies will not improve security. And just days into the new regime, some apps have already been called out for accepting still photos instead of a live image of the individual.