When investigating the activity of cybercriminals taking advantage of the Black Friday shopping season, the Check Point Research team made a significant discovery increase number of malicious websites and consistent phishing emails.
The report states that about 3 percent of new Black Friday-related websites are malicious, with many impersonating well-known and boutique brands. Compared to 2023, this is an 89 percent increase and from 2022, a threefold increase.
Attackers create messages that mimic reputable companies and distribute offers to potential victims that seem too good to be true. The emails often contain links to fake websites designed to steal personal and financial information. Fraud sites often have similar design elements, suggesting possible coordinated operations.
ATTACKS AND DATA LEAKS
To Congress librarieswhich is part of the U.S. Capitol complex, was hacked by a foreign enemy and exposed email communications between library staff and Congressional offices from January to September 2024. The hackers attempted to obtain information about legislative investigations, but did not compromise the networks of the House of Representatives, the Senate, or the U.S. Copyright Office. rights.
American giant v gambling and lotteriesInternational Game Technology (IGT), confirmed a cyber attack that led to significant disruption of some internal IT systems and applications. The attack affected the company’s operations, knocking out some systems and affecting the ability to provide service to customers around the world. No threat actor has yet claimed responsibility.
Mexican government platform Gob.mx was hit by a RansomHub ransomware attack. The incident led to the theft of 313 GB of data, including government contracts, insurance and financial information. The attackers threatened to publish the stolen data on the dark web if they did not receive the required ransom within 10 days.
The American company Maxar Space Systems, working with space technologieswas the victim of a data breach that led to unauthorized access to a system with sensitive employee data. Their home addresses, social security numbers, contact information, employee numbers and other data were leaked.
The company Finastra, which provides financial servicessuffered a cyberattack. Hackers stole 400GB of data from an internally operated secure file transfer platform (SFTP) used to send files to customers. The stolen data was offered for sale on a criminal forum and allegedly contained sensitive information from the company’s operations with its financial services clients.
iLearningEngines, a company engaged in artificial intelligence training softwaresuffered a cyberattack in which $250,000 was stolen through a misdirected payment and unauthorized access to its network. The attacker deleted email messages and gained access to certain files, although the specific files have not yet been identified.
A threat actor called nears (formerly near2tlg) has claimed responsibility for a cyberattack on France the hospital. Sensitive medical records of 750,000 patients were stolen during the attack. The leaked data includes full names, residential addresses, phone numbers, medical card history, doctor information and prescriptions.
VULNERABILITIES AND PATCHES
Apple released fixes for two 0-day vulnerabilities in the macOS Sequoia JavaScriptCore (CVE-2024-44308) and WebKit (CVE-2024-44309) components. The first flaw allows arbitrary code to be executed via malicious websites, while the second allows cross-site scripting attacks due to a cookie state management issue in WebKit. The vulnerabilities were exploited in attacks on Intel-based Mac systems.
Palo Alto Networks has behind attacks on more than 2000 firewalls through two recently patched vulnerabilities (CVE-2024-0012) and (CVE-2024-9474). The vulnerabilities allow attackers to gain administrative privileges and execute commands with root access, leading to the deployment of malware on affected devices.
In the needrestart component that is installed by default on the server Ubuntudiscovered five critical vulnerabilities with local elevation of privilege. These vulnerabilities (CVE-2024-48990, CVE-2024-48991, CVE-2024-48992, CVE-2024-10224, and CVE-2024-11003) are being actively exploited to allow unprivileged users to gain root access without requiring user interaction.
Regular weekly review THREAT INTELLIGENCE REPORT you can watch via the LinkedIn network
Research team Check Point Research has been tracking security trends, evaluating anomalies, and bringing up-to-date warnings and news about cyber threats to the community for more than three decades. Experts continuously collect and analyze data on global cyber attacks from monitoring the networks they manage, open source platforms, the ThreatCloud network and intelligence from the dark web.
Source: www.nextech.sk
