Cyber Weekly Digest - 2024 Week #22
👋 Welcome to the 22nd edition Cyber Weekly Digest of 2024.
After a gloriously busy few days at DIGIT Expo this week, alongside our friends at Rapid7 and Automox, (and a very long train journey home) we are buzzing it's Friday! DIGIT Expo, we have to say, was a very well attended event and we were blown away with the amount of interesting conversations and new connections made.
Also, how is it June tomorrow?! We are ready for Infosec-mania! Who's going?
New and noteworthy this week:
🟣 From the launch of Device Explorer, to new partnerships and exciting events, the month of May was chock full of awesome updates from Automox. This blog shares a rundown of everything you need to know!
🟣 The Rapid7 2024 Attack Intelligence Report is comprised of 𝒂 𝒍𝒐𝒕 of data, designed to give the clearest picture yet of what practitioners face day-to-day. You can download the entire report here
🟣 It's 2024... Do you know who your employees are? They may be the target of a session hijacking attack, thanks to phishing-as-a-service kits that allow threat actors to compromise active MFA tokens.
Abnormal Security's latest blog explores a recent account takeover likely caused by token theft. Learn how they helped to detect and stop the attack and see how we can do the same for your organisation.
Last but not least...
🟣 The dangers of attack surface expansion are real. Check out this blog, from One Identity covering some lessons learned from 5 major recent breaches
Now, let's take a look at our Cyber Weekly Digest, highlighting our top cyber security news picks of the week.
🚨 This week we heard about incidents at the beeb and a well known ticketing agency, pharma being targeted by a data theft campaign and warned to be on high alert for credential stuffing attacks!
Keep reading to stay up to date on the latest cyber security news.
1. BBC Suffers Data Breach Impacting Current, Former Employees
The BBC has disclosed a data security incident that occurred on May 21, involving unauthorised access to files hosted on a cloud-based service, compromising the personal information of BBC Pension Scheme members. As per the reports, the incident impacted roughly 25,000 people, including current and former employees of Britain's national public service broadcaster. The announcement published on BBC's pension website clarifies that the data security incident did not expose people's telephone numbers, email addresses, bank details, financial information, and 'myPension Online' usernames and passwords.
2. Data of 560 Million Ticketmaster Customers for Sale after Alleged Breach
A threat actor known as ShinyHunters is selling what they claim is the personal and financial information of 560 million Ticketmaster customers on the recently revived BreachForums hacking forum for $500,000. The allegedly stolen databases, which were first put up for sale on the Russian hacking forum Exploit, supposedly contain 1.3TB of data and the customers' full details (i.e., names, home and email addresses, and phone numbers), as well as ticket sales, order, and event information. They also contain customer credit card information, including hashed credit card numbers, the last four digits of the card numbers, credit card and authentication types, and expiration dates, with financial transactions spanning from 2012 to 2024.
3. Cyber Espionage Alert: LilacSquid Targets IT, Energy, and Pharma Sectors
A previously undocumented cyber espionage-focused threat actor named LilacSquid has been linked to targeted attacks spanning various sectors in the United States (U.S.), Europe, and Asia as part of a data theft campaign since at least 2021. "The campaign is geared toward establishing long-term access to compromised victim organizations to enable LilacSquid to siphon data of interest to attacker-controlled servers," Cisco Talos researcher Asheer Malhotra said in a new technical report published today. Targets include information technology organizations building software for the research and industrial sectors in the U.S, energy companies in Europe, and the pharmaceutical sector in Asia, indicating a broad victimology footprint.
4. RedTail Crypto-Mining Malware Exploiting Palo Alto Networks Firewall Vulnerability
The threat actors behind the RedTail cryptocurrency mining malware have added a recently disclosed security flaw impacting Palo Alto Networks firewalls to its exploit arsenal. The addition of the PAN-OS vulnerability to its toolkit has been complemented by updates to the malware, which now incorporates new anti-analysis techniques, according to findings from web infrastructure and security company Akamai. "The attackers have taken a step forward by employing private crypto-mining pools for greater control over mining outcomes despite the increased operational and financial costs," security researchers Ryan Barnett, Stiv Kupchik, and Maxim Zavodchik said in a technical report shared with The Hacker News.
5. Okta Warns of Credential Stuffing Attacks Targeting Customer Identity Cloud
Okta is warning that a cross-origin authentication feature in Customer Identity Cloud (CIC) is susceptible to credential stuffing attacks orchestrated by threat actors. "We observed that the endpoints used to support the cross-origin authentication feature being attacked via credential stuffing for a number of our customers," the Identity and access management (IAM) services provider said. The suspicious activity commenced on April 15, 2024, with the company noting that it "proactively" informed customers that had the feature enabled. It did not disclose how many customers were impacted by the attacks.
©2025 Cyber Vigilance
Powered by Disruptive
Naggs Stable, Old Portsmouth Road, Guildford, Surrey, England, GU3 1LP