Cywareness.io

Free, a major internet service provider (ISP) in France, confirmed over the weekend that hackers breached its systems and stole customer personal information. The company, which says it had over 22.9 million mobile and fixed subscribers at the end of June, is the second-largest telecommunications company in France and a subsidiary of the Iliad Group, Europe's sixth-largest mobile operator by number of subscribers. Free has since filed a criminal complaint with the public prosecutor and notified the French National Commission for Information Technology and Civil Liberties (CNIL) and the National Agency for the Security of Information Systems (ANSSI) of the incident. Interested in becoming a Cywareness partner? Reach out to us at sales@cywareness.io CYBERPRO.AI https://lnkd.in/dK3emjtS

Fog and Akira ransomware operators are increasingly breaching corporate networks through SonicWall VPN accounts, with the threat actors believed to be exploiting CVE-2024-40766, a critical SSL VPN access control flaw. SonicWall fixed the SonicOS flaw in late August 2024, and roughly a week later, it warned that it was already under active exploitation. At the same time, Arctic Wolf security researchers reported seeing Akira ransomware affiliates leveraging the flaw to gain initial access to victim networks. Interested in becoming a Cywareness partner? Reach out to us at sales@cywareness.io CYBERPRO.AI https://lnkd.in/d4_iWNxJ

The BlackBasta ransomware operation has moved its social engineering attacks to Microsoft Teams, posing as corporate help desks contacting employees to assist them with an ongoing spam attack. Black Basta is a ransomware operation active since April 2022 and responsible for hundreds of attacks against corporations worldwide. After the Conti cybercrime syndicate shut down in June 2022 following a series of embarrassing data breaches, the operation split into multiple groups, with one of these factions believed to be Black Basta. Interested in becoming a Cywareness partner? Reach out to us at sales@cywareness.io CYBERPRO.AI https://lnkd.in/d-tH_U8w

UnitedHealth has confirmed for the first time that over 100 million people had their personal information and healthcare data stolen in the Change Healthcare ransomware attack, marking this as the largest healthcare data breach in recent years. In May, UnitedHealth CEO Andrew Witty warned during a congressional hearing that "maybe a third" of all American's health data was exposed in the attack. A month later, Change Healthcare published a data breach notification warning that the February ransomware attack on Change Healthcare exposed a "substantial quantity of data" for a "substantial proportion of people in America." Interested in becoming a Cywareness partner? Reach out to us at sales@cywareness.io CYBERPRO.AI https://lnkd.in/gRy3i7q3

Cisco has confirmed that it is investigating recent claims that it suffered a breach after a threat actor began selling allegedly stolen data on a hacking forum. "Cisco is aware of reports that an actor is alleging to have gained access to certain Cisco-related files," a Cisco spokesperson said. "We have launched an investigation to assess this claim, and our investigation is ongoing." Interested in becoming a Cywareness partner? Reach out to us at sales@cywareness.io CYBERPRO.AI https://lnkd.in/ecJ7QK4q

Japanese video game developer Game Freak has confirmed it suffered a cyberattack in August after source code and game designs for unpublished games were leaked online. Game Freak is best known for being the co-owner and the primary developing studio of the Pokémon series video game, which started in 1996 with the Pokémon Red and Blue for Nintendo Game Boy. The gaming studio has since released multiple titles in the Pokémon series for various Nintendo platforms like the 3DS, Switch, and iOS and Android (Pokémon Quest). Interested in becoming a Cywareness partner? Reach out to us at sales@cywareness.io CYBERPRO.AI https://lnkd.in/g-5446SZ

OpenAI has disrupted over 20 malicious cyber operations abusing its AI-powered chatbot, ChatGPT, for debugging and developing malware, spreading misinformation, evading detection, and conducting spear-phishing attacks. The report, which focuses on operations since the beginning of the year, constitutes the first official confirmation that generative mainstream AI tools are used to enhance offensive cyber operations. The first signs of such activity were reported by Proofpoint in April, who suspected TA547 (aka "Scully Spider") of deploying an AI-written PowerShell loader for their final payload, Rhadamanthys info-stealer. Interested in becoming a Cywareness partner? Reach out to us at sales@cywareness.io CYBERPRO.AI https://lnkd.in/gRnVkVci

Casio now confirms it suffered a ransomware attack earlier this month, warning that the personal and confidential data of employees, job candidates, and some customers was also stolen. The attack was disclosed Monday when Casio warned that it was facing system disruption and service outages due to unauthorized access to its networks during the weekend. Yesterday, the Underground ransomware group claimed responsibility for the attack, leaking various documents allegedly stolen from the Japanese tech giant's systems. Interested in becoming a Cywareness partner? Reach out to us at sales@cywareness.io CYBERPRO.AI https://lnkd.in/eMpdfH77

Internet Archive's "The Wayback Machine" has suffered a data breach after a threat actor compromised the website and stole a user authentication database containing 31 million unique records. News of the breach began circulating Wednesday afternoon after visitors to archive.org began seeing a JavaScript alert created by the hacker, stating that the Internet Archive was breached. "Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!," reads a JavaScript alert shown on the compromised archive.org site. Interested in becoming a Cywareness partner? Reach out to us at sales@cywareness.io CYBERPRO.AI https://lnkd.in/ghCgRJcJ

Today, CISA revealed that attackers actively exploit a critical FortiOS remote code execution (RCE) vulnerability in the wild. The flaw (CVE-2024-23113) is caused by the fgfmd daemon accepting an externally controlled format string as an argument, which can let unauthenticated threat actors execute commands or arbitrary code on unpatched devices in low-complexity attacks that don't require user interaction. As Fortinet explains, the vulnerable fgfmd daemon runs on FortiGate and FortiManager, handling all authentication requests and managing keep-alive messages between them (as well as all resulting actions like instructing other processes to update files or databases). CVE-2024-23113 impacts FortiOS 7.0 and later, FortiPAM 1.0 and higher, FortiProxy 7.0 and above, and FortiWeb 7.4. Interested in becoming a Cywareness partner? Reach out to us at sales@cywareness.io CYBERPRO.AI https://lnkd.in/dygKrnb2