This Week in Cybersecurity: 29th Jan – 2nd Feb: Medusa Ransomware Strikes Again

This Week in Cybersecurity: 29th Jan - 2nd Feb: Medusa Ransomware Strikes Again
Table of Contents
    Add a header to begin generating the table of contents

    Medusa Ransomware Attacks Kansas City Public Transportation Authority

    The Kansas City Area Transportation Authority (KCATA) revealed it was hit by a Medusa ransomware attack on January 23rd that disrupted phone systems. While bus services continued, KCATA’s internal communication networks were impacted. The ransomware group demanded $2 million. KCATA is working with authorities and cybersecurity experts but has yet to disclose any customer information theft. Alternative contact methods were provided during the response and recovery. Read more

    Critical Jenkins RCE Flaw (CVE-2024-23897) Exploited in the Wild

    A critical remote code execution vulnerability (CVE-2024-23897) was found in Jenkins, an open-source automation server. By exploiting how Jenkins parses command arguments through the args4j library, attackers could read arbitrary files on the system even without permissions. POC exploits emerged demonstrating how to compromise unpatched Jenkins servers to execute code remotely by decrypting secrets or deceiving users through cross-site requests. Read more

    Ukrainian Hackers Wiped 2 Petabytes of Data from Russian Research Center

    Ukrainian intelligence reported that pro-Ukrainian hackers wiped 2 petabytes of data from the Russian Center for Space Hydrometeorology, which utilizes satellite data to monitor weather for sectors like the military. Hackers known as the “BO Team” infiltrated the research center’s Far Eastern branch and destroyed 280 servers containing 2 petabytes of meteorological, satellite and years of research data, paralyzing supercomputers. The attack was estimated to cost Russia $10 million and cause major challenges to restore systems limited by sanctions. Read more

    Keenan Warns 1.5 Million People of Data Breach: Personal Information Stolen

    Keenan, a California-based insurance brokerage, warned 1.5 million customers and employees of a data breach. Network intruders accessed Keenan systems from August 21-27, 2023, obtaining personal information including names, addresses, SSNs, health details, driver’s licenses and passport numbers. The breach impacted current and former Keenan clients and staff. Read more

    Johnson Controls Ransomware Attack Cost $27 Million After Data Breach

    Johnson Controls disclosed that it cost them $27 million a September 2023 ransomware attack. Dark Angels hackers stole over 27TB of data after accessing Asia offices. They demanded $51 million to delete stolen files. Johnson Controls later confirmed it was a ransomware incident. The attack impacted customer systems but digital products were not affected. Read more

    Linux glibc Flaw Lets Attackers Exploit Root Access on Major Linux Distros

    A vulnerability in the GNU C library (glibc) called CVE-2023-6246 enables root access exploits on Linux distros like Debian, Ubuntu and Fedora. It stems from a buffer overflow in the syslog logging function. Though requiring specific conditions, impact is high due to widespread glibc use. Other flaws were also found. Security teams are urged to patch after root escalation bugs endanger federal infrastructure and cloud servers. Read more

    DarkGate Malware Pushed in Phishing Attacks via Group Chats of Microsoft Teams

    Recent phishing attacks have exploited Microsoft Teams by sending over 1,000 group chat requests containing DarkGate malware. Attackers abuse compromised accounts to manipulate recipients into downloading files containing the malware. DarkGate establishes C2 communication and Teams’ default external access setting allows this. Disabling external access or using email is advised. Similar campaigns have distributed malware through TeamsPhisher, exploiting a Teams vulnerability. Read more

    Schneider Electric Hit by Cactus Ransomware Attack

    Schneider Electric, an energy management company, was hit by a Cactus ransomware attack targeting its Sustainability Business division. Hackers stole terabytes of corporate data and threatened to release it unless ransom is paid. The stolen information could include customers’ power usage, industrial systems, and regulatory compliance data. Schneider Electric confirmed the incident impacted only one division and is not paying the ransom demand at this time. Read more

    Fulton County Cyberattack: Cyberattack Hits Georgia County Where Trump Faces Charges

    Fulton County, Georgia experienced a cyberattack disrupting desktop phones, intranet and devices. This impacted all departments including the DA’s office prosecuting Trump for election interference. Court and tax systems were affected. The FBI and GBI are investigating. While sensitive data is supposedly unaffected, systems restoration time is unclear. The timing coincides with upcoming deadlines in the Trump case. Read more

    Related Posts