🚨 The Cybersecurity Club Weekly Newsletter - Week 22

​​🔥 Weekly Highlight: New ATM Malware threatens European Banking sector, Ticketmaster breach of 560M users, IBM X-Force AI Hacking Tool and more

May 30, 2024

Hello Cybersecuriters! 🍩

Welcome to this week's cybersecurity newsletter! If you would like to be a sponsor, please get in touch with us at [email protected].

This week's highlights include the discovery of new ATM malware posing a significant threat to European banking security and the urgent alert regarding backdoored Justice AV software exploited in a widespread supply chain attack.

Yes, there were some breaches this week. We identified major breaches affecting Ticketmaster, Albany County Government, First American Financial Corporation, and the Cencora cyberattack.

UK government committees ask that social media platforms do more to identify Foreign Election interference and TikTok shares its success in disrupting influence operations created by inauthentic accounts to artificially amplify a political narrative and build audiences.

So, grab a cup of coffee ☕ and have a read of our newsletter.

💻 Malware and Vulnerabilities

  • New ATM Malware Threatens European Banking Security: The developers of this malware claim that it can generate up to $30,000 per ATM, making it a lucrative tool for cybercriminals. The malware is fully automated, simplifying its deployment and operation

  • Urgent Alert: Backdoored Justice AV Software Exploited in Widespread Supply Chain Attack (CVE-2024-4978). JAVS Suite 8 is a portfolio of audio/video recording, viewing, and management software for government organizations and businesses.

📈 Breaches and Incidents

  • Hackers Breach Ticketmaster: Data of 560 Million Users Now for Sale on the Dark Web. This massive 1.3 terabytes of data, is now being offered for sale on Breach Forums for a one-time sale for $500,000. The data includes full names, addresses, email addresses, phone numbers, ticket sales and event details, order information, and partial payment card data.

  • Albany County Government Faces Major Cybersecurity Incident: Sensitive Data at Risk in New York.

  • First American Financial Corporation Cyberattack Compromises Personal Information of 44,000 Customers

  • Cencora Cyberattack: Health Data of Millions of Americans Stolen in Major Breach. Cencora said that the data from its systems includes patient names, postal addresses and date of birth, as well as information about their health diagnoses and medications

🚨 Threat Intel & Info Sharing

  • AI Meets Cybersecurity: X-Force Red's New Penetration Testing Revolutionizes Defense Tactics. In this case, the X-Force crew and its AI tooling found a flaw in the manufacturer's HR portal, exploited this to upload a shell, and then waited to see if they would get caught.

  • The United States National Security Agency (NSA) is now fighting against Ransomware Gangs through a mix of cyber and psychological warfare.

  • TikTok Claims Success: Disrupts 15 Major Influence Operations, including China, in One Year.

  • Christie's Cyberattack: RansomHub Gang Claims Responsibility in Latest High-Profile Breach.

  • Stark Industries Solutions: Unveiling the 'Iron Hammer' – A Game-Changer in Cloud Security.

  • US Takes Down World's Largest 911 S5 Cybercriminal Network. The botnet, which has a global footprint spanning more than 190 countries, functioned as a residential proxy service known as 911 S5. A 35-year-old Chinese national, YunHe Wang, was arrested in Singapore on May 24, 2024, for creating and acting as the primary administrator of the illegal platform from 2014 to July 2022

⚖️ Laws, Policies, and Regulations

😊 Picture of the week

We hope you enjoyed your weekly digest! ☕🥮If you want to sponsor our next edition or advertise on our site, drop us an email [email protected].

Thank you for being a part of our newsletter community and you can be part of the community by joining our Discord Community or our LinkedIn Group.