Tuesday, May 21, 2024
HomeCyberworldTODAY, ON THE BENCH 6 February 2024

TODAY, ON THE BENCH 6 February 2024

SPB Global, a prominent Spanish company, has been hit by the cactus ransomware attack, leading to the theft of 706GB of data. The company specializes in manufacturing a wide range of products including household care, domestic cleaning, pool maintenance, R&D for product improvement, laundry care, personal care, and chemical products. With a workforce of over 1000 employees and an annual revenue of $81.4 million, SPB Global faces significant risks of financial loss if the situation worsens.

Spyware surveillance operators in the United States will now face visa restrictions, as announced by Secretary of State Antony Blinken. He emphasized the serious threat posed by the misuse of commercial spyware, which not only undermines privacy but also jeopardizes fundamental freedoms such as expression, assembly, and association. Blinken’s statement further highlights the extreme consequences of such misuse, including arbitrary detentions, forced disappearances, and even extrajudicial killings in severe cases.

Gocco, a prominent fashion brand headquartered in Madrid and specializing in children and youth apparel, has fallen victim to the Cactus ransomware group. The attack resulted in the theft of 136GB of data. With over 500 employees and a revenue of $937.9 million, Gocco’s stature as a significant target for cybercriminals is evident.

Job boards have become a prime target for cyberattacks, particularly aimed at stealing personal data from resumes posted on these platforms. This trend follows reports of active targeting of employment agencies and retail companies in the Asia-Pacific region by a group known as ResumeLooters since early 2023. The attackers employ SQL Injection techniques to successfully pilfer files containing approximately 510,259 data entries, including over two million unique email addresses.

Additionally, cybercriminals are exploiting Facebook job ads to disseminate ‘Ov3r_Stealer’ malware, which is designed to steal cryptocurrency and credentials. According to Trustwave SpiderLabs, this malware is capable of extracting a wide range of sensitive information, including IP addresses, hardware details, passwords, credit card data, browser extensions, crypto wallets, and more. The stolen information is then transmitted to a Telegram channel monitored by threat actors.

In another concerning development, security researchers have identified three new vulnerabilities in Azure HDInsight’s Apache Hadoop, Kafka, and Spark services. These vulnerabilities could enable attackers to gain elevated privileges and exploit denial-of-service conditions. Given that these flaws affect authenticated users of Azure HDInsight services, including Apache Ambari and Apache Oozie, organizations utilizing these services are urged to take immediate action to mitigate these security risks.

  • CVE-2023-36419(CVSS score: 8.8) – Azure HDInsight Apache Oozie Workflow Scheduler XML External Entity (XXE) Injection Elevation of Privilege Vulnerability.
  • CVE-2023-38156(CVSS score: 7.2) – Azure HDInsight Apache Ambari Java Database Connectivity (JDBC) Injection Elevation of Privilege Vulnerability.
  • Azure HDInsight Apache Oozie Regular Expression Denial-of-Service (ReDoS) Vulnerability (no CVE).


Please enter your comment!
Please enter your name here

Most Popular