· Meta Fined $102 Million by EU for 2019 Password Security Breach

Meta was fined over $100 million by the European Union’s privacy regulator due to a security lapse involving Facebook users’ passwords.

· Linux Flaw Allows Remote Code Execution, but Impact Proves Less Severe

A researcher has revealed the specifics of an unpatched vulnerability that was initially believed to pose a significant risk to numerous Linux systems. However, it has been determined that the threat is less severe than originally thought.

· UMC Health System Redirects Patients after Ransomware Attack

UMC Health System, a healthcare provider in Texas, has been diverting patients for several days due to a ransomware attack that forced them to take their IT systems offline.

· North Korean Hackers Linked to Breach of German Missile Manufacturer

According to a report by Der Spiegel, a professional hacking group associated with the North Korean government successfully breached Diehl Defence, a German manufacturer of Iris-T air defense systems.

· Third Ivanti Vulnerability Actively Exploited, CISA Issues Warning

Despite the critical vulnerability being patched in August, Ivanti urges customers to update immediately due to the emergence of attacks from unauthenticated threat actors.

· Patelco Credit Union Data Breach Affects More Than 1 Million Individuals

Patelco Credit Union has reported to authorities that a ransomware attack this summer resulted in the theft of information belonging to over 1 million individuals.

· Hawaii Health Center Reveals Data Breach Following Ransomware Attack

The Community Clinic of Maui in Hawaii, notified US authorities last week that a cyberattack earlier this year led to a data breach affecting over 120,000 individuals.

· U.S. Charges Three Iranians in Connection with Presidential Campaign Hacking

The United States Announced Charges, Sanctions, and Rewards in Response to Iranian Hacking Operations Targeting the 2024 Election

· British Citizen Arrested and Charged for Hacking U.S. Companies

The Department of Justice and the SEC announced charges against a British national for hacking into the systems of five U.S. companies.

· Apono Raises $15.5 Million in Funding for Cloud Access Platform

Cloud access startup Apono announced that it has raised $15.5 million in a Series a funding round, bringing the company’s total funding to $20.5 million.

· MoneyGram Services Disrupted by Cyberattack

MoneyGram International is currently experiencing disruptions in its money transfer services due to a cyberattack, which has necessitated taking certain systems offline.

· Ukraine Prohibits Telegram on State Devices Amid Russian Security Concerns

Ukraine has prohibited government officials, military personnel, and other defense and critical infrastructure workers from installing the Telegram messaging app on state-issued devices, citing national security concerns amid the ongoing conflict with Russia.

· U.S. Files Charges and Imposes Sanctions on Russian Administrator of Carding Website

The US government announced rewards of up to $10 million each for information leading to the arrest of two Russian nationals. These individuals are charged with operating and laundering proceeds from carding websites.

Meta Fined $102 Million by EU for 2019 Password Security Breach

Meta has been fined over $100 million by a European Union privacy regulator due to a security lapse involving Facebook passwords. This penalty is the latest in a series of significant fines imposed on Meta and its social media platforms by the Dublin-based watchdog, which serves as the lead regulator for the company under the EU's stringent data privacy regulations. Previous fines include 405 million euros for Instagram's mishandling of teen data, 5.5 million euros for issues related to WhatsApp, and 1.2 billion euros for transatlantic data transfers.

Linux Flaw Allows Remote Code Execution, but Impact Proves Less Severe Than Expected

A researcher has revealed details of an unpatched vulnerability that poses a significant threat to numerous Linux systems. Four vulnerabilities in the Common UNIX Printing System (CUPS) have been identified, assigned the identifiers CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, and CVE-2024-47177. These vulnerabilities involve issues with IPP attribute sanitization, command execution, and packet trust.

A remote, unauthenticated attacker could exploit these vulnerabilities to execute arbitrary code by replacing IPP URLs with malicious ones. If successful, the attacker’s commands would be executed when a print job is initiated from the targeted device.

UMC Health System Redirects Patients after Ransomware Attack

UMC Health System has been compelled to divert patients following a ransomware attack that caused a network outage. The non-profit hospital reported that continuous efforts over the weekend have enabled the restoration of some affected services, with only a limited number of patients being diverted.

To minimize the impact on patients and critical services, downtime procedures and accommodations have been implemented. Services will be fully restored once it is deemed safe to do so.

North Korean Hackers Linked to Breach of German Missile Manufacturer

The targeting of Diehl Defence is particularly noteworthy due to the company’s specialization in missile and ammunition production. The attack, attributed to the Kimsuky APT group, involved the use of malicious PDF files and spear-phishing lures that offered Diehl Defence employees positions with American defense contractors.

Diehl Defence signed an agreement to supply South Korea with its Iris-T short-range air-to-air missiles, further highlighting the significance of the attack. The attackers also hosted authentic-looking, German-language login pages mimicking those of telecommunications provider Telekom and email service GMX, indicating an attempt to harvest login credentials from German users.

Kimsuky APT is known for targeting governments, think tanks, research centers, universities, and news organizations across the United States, Europe, and Asia.

Patelco Credit Union Data Breach Affects More Than 1 Million Individuals

Patelco Credit Union has reported to authorities that data on over 1 million individuals was stolen in a ransomware attack this summer. In late August, Patelco informed the Maine Attorney General’s Office that the personal information of 726,000 customers and employees had been compromised. Recently, the financial institution updated its filing to state that 1,009,472 people were affected.

Patelco notified the impacted individuals that the stolen data included names, dates of birth, driver’s license numbers, Social Security numbers, and email addresses, although the specific information compromised varies by individual. The RansomHub group, which claimed responsibility for the attack, stated that the stolen data also included gender, addresses, phone numbers, passwords, and credit ratings.

Hawaii Health Center Reveals Data Breach Following Ransomware Attack

The Community Clinic of Maui has reported that a LockBit ransomware attack earlier this year led to a data breach affecting over 120,000 individuals. The compromised data includes names, Social Security numbers, dates of birth, driver’s license numbers, passport numbers, bank and payment card information, login credentials, and various sensitive medical details.

While it remains uncertain whether the LockBit ransomware group has published the stolen data on its leak site, it is prudent to assume that cybercriminals may attempt to exploit or monetize this sensitive information, despite the clinic’s assertion that there is no evidence of misuse.

U.S. Charges Three Iranians in Connection with Presidential Campaign Hacking

The U.S. has announced charges, sanctions, and a $10 million reward for Iranian hackers accused of targeting elections.

The three IRGC employees charged are Masoud Jalili, 36, Seyyed Ali Aghamiri, 34, and Yaser Balaghi, 37. Authorities described their attempts to leak information stolen from the Trump campaign to members of the media and the Biden campaign as a “hack-and-leak” operation.

Jalili, Aghamiri, and Balaghi face charges of conspiracy to commit identity theft, aggravated identity theft, unauthorized access to computers, access device fraud, and wire fraud. In addition to the charges from the Justice Department, the State Department is offering a reward of up to $10 million for information on the three alleged hackers and has announced sanctions against them and several others. 

British Citizen Arrested and Charged for Hacking U.S. Companies

UK national Robert Westbrook has been charged in the United States for orchestrating a hack-to-trade scheme targeting five public companies. Westbrook, 39, from London, was arrested in the UK and is currently awaiting extradition to the US to face charges of computer fraud, securities fraud, and wire fraud. According to the SEC’s complaint, Westbrook exploited these hacks on at least 14 occasions, generating approximately $3.75 million by trading on insider information ahead of the companies’ public earnings announcements

Apono Raises $15.5 Million in Funding for Cloud Access Platform

Cloud access provider Apono has successfully raised $15.5 million in a Series A funding round, led by New Era Capital Partners. The convergence of privileged access management and identity governance is creating a demand for comprehensive identity and access security solutions, especially within the dynamic cloud environments that modern businesses operate in. “Apono’s innovative solution addresses critical challenges in the cloud access management space,” said Rom Carmel, CEO and co-founder of Apono.

MoneyGram Services Disrupted by Cyberattack

MoneyGram’s money transfer services are down after the company took systems offline to contain a cyberattack.

MoneyGram recently identified a cybersecurity issue affecting certain of our systems. Upon detection, we immediately launched an investigation and took protective steps to address it, including proactively taking systems offline which impacted network connectivity,” the company said on X (formerly Twitter).

“We recognize the importance and urgency of this matter to our customers and partners. We are working diligently to bring our systems back online and resume normal business operations,” MoneyGram added.

Ukraine Prohibits Telegram on State Devices Amid Russian Security Concerns

Ukraine has issued a ban on the use of Telegram for official devices belonging to government employees, military personnel, security and defense workers, and critical infrastructure employees. The app is widely used in Ukraine not only for messaging but also for reading news, including updates on Russian air attacks. It is also the primary platform for Ukrainian officials, including President Volodymyr Zelenskyy, to engage with the public and relay war developments. Despite the ban, Zelenskyy is expected to continue using Telegram for public communications in his official capacity.

Ukraine’s intelligence chief, Kyrylo Budanov, stated that Russian intelligence services can access the personal messages of app users, including deleted messages, as well as their personal data.

Third Ivanti Vulnerability Actively Exploited, CISA Issues Warning

The Cybersecurity and Infrastructure Security Agency (CISA) has recently added a third Ivanti vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog within the span of a few weeks. The vulnerability, identified as CVE-2024-7593, is an authentication bypass issue in the virtual traffic manager (vTM) that allows remote, unauthenticated attackers to gain access to the admin panel and create their own admin accounts. This flaw arises from an incorrect implementation of the authentication algorithm in older versions of Ivanti vTM.

This is not the first instance of Ivanti vulnerabilities being actively exploited. Previously, two other vulnerabilities affecting Ivanti’s Cloud Service Appliance, CVE-2024-8963 and CVE-2024-8190, have also been targeted by malicious actors.

U.S. Files Charges and Imposes Sanctions on Russian Administrator of Carding Website

The United States is offering a reward of up to $10 million for information leading to the arrest of Timur Shakhmametov, who has been charged with operating the carding website Joker’s Stash. Allegedly involved in cyber money laundering for nearly two decades, Ivanov is accused of creating and/or operating payment and exchange services such as UAPS, PinPays, and PM2BTC. These services have been linked to cybercrime marketplaces, ransomware groups, and hackers targeting major US organizations.

From 2013 to 2024, transactions exceeding $1.15 billion were conducted through cryptocurrency addresses allegedly associated with Ivanov’s operations. Approximately 32% of the bitcoin sent to these addresses originated from cybercriminal activities, including fraud and ransomware payments.

In addition to the $10 million reward for information on Ivanov, the US is offering separate rewards of up to $1 million for information on other key leaders of UAPS, PM2BTC, and PinPays. As part of a coordinated effort, authorities in the Netherlands have seized servers hosting PM2BTC and Cryptex, along with cryptocurrency worth over $7 million.