Lockbit ransomware group keeps attacking businesses amidst the unending cyberwar between the group and government agencies. The group has attacked the companies like the Lifeline Data Centers which is an Indiana IT facility that specializes in Wholesale colocation, Outsourcing data centres, Disaster Recovery, Secure office space, IT services, Server backup, Compliance, Private Cloud, and Colocation. The company has over 50 employees and a revenue of $6.8 million.
Another Victim is the Deeley King Pang & Van Etten – The legal firm, with over 50 employees, specializes in Insurance Bad Faith, Real Estate, Construction, Business, Immigration, Corporate, Employment Litigation, Estate Litigation, International Trade, Condominium and Time Shares, civil litigation, Commercial Litigation, civil trial practice, Administrative, and Criminal Law. The company has a revenue of $5 million.
PCS Civil Inc: PCS is a construction company that specializes in Clearing and Grubbing, Earthwork and Grading, Roadway Subgrade, Stabilization, and Base, Concrete: Retaining Walls, Gravity Walls, Slipform Walls, Curbs, and Sidewalks, Pipe: Water, Sewer, Storm Drainage, and Utility Piping, Asphalt Paving, Concrete Paving, Bridge Construction, Marine Facilities, Bulkhead, and Box Culvert. The company has over 500 employees and a revenue of $7.4 million.
Nampak: Nampak is famous as Africa’s largest packaging manufacturer, offering the most comprehensive product range and manufacturing packaging in metal, glass, paper, and plastic. The company has over 5000 employees and a revenue of $912.9 million.
Hackers Launch a New Phishing Attack Delivering Keylogger Disguised as Bank Payment Notice
Cybersecurity researchers have identified Agent Tesla, a malware that delivers an information stealer and keylogger in a new phishing campaign. A deep dive into the attacker’s mode of operation by Trustwave SpiderLabs revealed the attacker’s phishing email carries a message similar to a bank payment notification, instructing users to open an attachment to get more details about the notification. The attachment, an archive labelled Bank Handlowy w Warszawie – dowód wpłaty_pdf.tar.gz, conceals a malware loader that aids the deployment of Agent Tesla on the victim’s laptop.
A researcher named Bernard Baustista also stated, “This loader then used obfuscation to evade detection and leveraged polymorphic behaviour with complex decryption methods.” It is also worth noting that the loader can bypass antivirus defences, such as Windows Antimalware Scan Interface (AMSI), and retrieve the payload.
Unpatched Anyscale Ray AI Platform Becomes Hackers’ Hotspot for Cryptocurrency Mining.
According to Oligo Security researchers Avi Lumelsky, Guy Kaplan, and Gal Elbaz, “This vulnerability allows attackers to take over the companies’ computing power and leak sensitive data.” Attackers leverage the overlooked vulnerability in open-source AI to target not only the cryptocurrency but also the education and biopharma sectors.
The security vulnerability tagged CVE-2023-48022 with a CVSS score of 9.8 allows attackers to execute arbitrary code remotely via the job submission API. The campaign, which started in September 2023, marked the first involving the target of AI workloads in the wild. Further revelation by Oligo security revealed the possible exploitation of Ray components, dashboard and client by unauthorized threat actors to submit and delete jobs, retrieve sensitive information and gain remote command execution.
Multiple companies have suffered a ransomware attack resulting in sensitive data exposure by the Cactus ransomware group.
Contender Boats Inc: The attack on the company exposed data worth 65GB. The United States company has over 200 employees and a revenue of $51.8 million.
Qosina: The attack on Qosina resulted in the 100% exposure of 375GB of data. Quosina is a global supplier and a one-stop source of over 5000 single-use, off-the-shelf components for medical device and pharmaceutical manufacturers. The company specializes in Check Valves, Clamps, Quick Disconnects, Hemostasis Valves, Kit Components, Luers, Needles, Stopcocks, Syringes, Tuohy Borsts, Medical Adhesives, Bags, Connectors, Containers, Medical Device Components, Single-Use Components, Single-use connection technology, Medical Tubing, Silicone Tubing, Fluid Management Components, Aseptic Connectors, Bag Chambers, Tube-to-Tube Fittings, Bioprocessing Fittings, Medical Devices, and Bioprocess Tubing. Qosina has a revenue of $37.9 million.
Grupa Topex: Cactus’s attack on Grupa Topex resulted in the 100% exposure of data worth 638GB. Grupa Topex offers customers a wide array of tools and power tools. The company has over 500 employees and a revenue of $66.5 million.
