Title: Botnet Attacks Target Android Devices and Software Vulnerabilities Expose High-Profile Companies
In recent cybersecurity news, multiple significant threats and vulnerabilities have emerged, impacting both individuals and high-profile organizations. Here are the key highlights:
1. Mobile Devices Threatened by Triada Malware
Bot defense software vendor Human Security has uncovered a disturbing attack involving the distribution of Android devices preloaded with the Triada malware. The campaign, called BADBOX, involved over 200 models of infected devices being sold for under $50. Shockingly, 80% of the devices were found to be infected, putting unsuspecting users at risk.
2. Massive Ad Fraud Network Discovered
During the analysis of the infected devices involved in the BADBOX campaign, experts at Human Security made an alarming discovery. An ad fraud module named PEACHPIT was found to be running on a botnet consisting of 121,000 Android devices and 159,000 Apple devices. This network was responsible for delivering over four billion invisible ads per day to users.
3. Vulnerabilities in Software Target High-Profile Companies
Progress Software’s MOVEit file transfer software was exploited by hackers, enabling unauthorized access to target environments. This security breach affected major customers such as Sony, Shell, and the US Department of Energy.
4. Sony Faces Multiple Cyber Attacks
Sony faced further attacks when Ransomed.vc claimed to have hacked the company and stolen data from its servers. In addition, Sony admitted that 6,791 US employees had their data exposed due to the software vulnerability in Progress Software’s MOVEit.
5. Critical Vulnerability Detected in Widely Used Software
The Curl command line URL fetching tool, deployed on billions of devices, was found to contain a critical vulnerability that impacted several years’ worth of releases. This discovery has raised concerns about the security of countless systems and devices globally.
6. Risk of Attack on Surveillance Camera Software
Qognify NiceVision IP surveillance camera software was found to have hard-coded credentials, exposing it to potential cyberattacks. This issue could compromise the security of individuals and organizations relying on this software for surveillance purposes.
7. Security Concerns Surrounding Hitachi Energy Devices
Multiple vulnerabilities were detected in various models of Hitachi Energy switches, firewalls, and routers. These vulnerabilities pose a threat to the availability, integrity, and confidentiality of these devices, thereby raising concerns about critical infrastructure security.
8. Blackbaud Settles Inadequate Security Claims
Software firm Blackbaud, responsible for building software for nonprofits and donor management, has agreed to pay $49.5 million to settle claims from attorneys general across all 50 US states. The settlement follows allegations of deficient data security practices and a lackluster response to a ransomware attack.
9. Qakbot Malware Resurfaces
Despite an international takedown in August, Qakbot malware operations have resumed. This persistent threat highlights the challenges faced in combating the ever-evolving landscape of cybercrime.
10. Data Breach at Genetic Firm 23andMe
Genetic testing company 23andMe experienced a credential stuffing attack, leading to the theft of personally identifiable information and genetic ancestry results of its customers. Leakers claim to possess data on over 13 million 23andMe customers and have been attempting to sell bulk account data.
This series of cyber threats underscores the pressing need for individuals and organizations to remain vigilant and prioritize robust cybersecurity practices. Regularly updating software, using unique passwords, and educating oneself about potential risks are crucial steps to mitigate these threats.
“Zombie enthusiast. Subtly charming travel practitioner. Webaholic. Internet expert.”