Avis Data Breach: Customer Data Stolen in Attack on Business Application
Avis has reported a data breach involving unauthorized access to its business application, exposing customer names and potentially sensitive information. The breach occurred between August 3rd and 6th, 2024, with attackers likely exploiting a vulnerability such as SQL Injection. Avis is offering affected customers a free year of credit monitoring and has engaged cybersecurity experts to enhance security measures. Read more here.
1.7 Million People Hit in Massive Credit Card Data Breach: What to Do Now?
The Tracelo data breach at Slim CD has compromised the credit card information of approximately 1.7 million individuals, including names and addresses, between June 14 and 15, 2024. The lack of compromised CVVs reduces immediate fraud risk, but identity theft and phishing remain threats. Affected individuals are urged to contact banks, monitor accounts, and consider identity theft protection. Read more here.
Indodax Hack: A Major Blow to Indonesian Crypto Security
Indodax, Indonesia’s leading crypto exchange, suffered a significant breach, with approximately $22 million stolen from its hot wallets. Hackers exploited weaknesses in the withdrawal system, leading to theft of Bitcoin and ERC-20 tokens. The exchange temporarily suspended operations for maintenance and is enhancing security protocols while urging customers to remain vigilant against identity theft. Read more here.
PIXHELL Acoustic Attack: Leaking Secrets from LCD Screen Noise
A new acoustic attack, PIXHELL, targets audio-gapped systems through unintended emissions from LCD screens. Developed by Dr. Mordechai Guri, the attack uses malware to modulate pixel patterns, allowing data exfiltration over a distance of 2 meters at 20 bps. Organizations are advised to ban microphone devices in sensitive areas and employ noise jamming techniques to mitigate risks from such stealthy attacks. Read more here.
Cicada3301 Ransomware with New Linux Encryptor: A New Threat To VMware ESXi Systems
Cicada3301, a new Ransomware-as-a-Service operation, is targeting VMware ESXi systems with a sophisticated Linux encryptor. Utilizing Rust and ChaCha20 encryption, it disrupts VM operations and wipes snapshots. The group has claimed 19 victims and shows similarities to ALPHV ransomware. Organizations are urged to update systems, implement multi-factor authentication, and develop incident response plans to defend against this evolving threat. Stay proactive in your cybersecurity efforts! Read more here.
Critical Remote Code Execution Flaw in Progress LoadMaster: A 10/10 Severity Vulnerability
A critical RCE vulnerability (CVE-2024-7591) was discovered in Progress LoadMaster, allowing attackers to execute arbitrary commands via crafted HTTP requests. This flaw affects versions 7.2.60.0 and earlier, posing significant risk to organizations. Progress Software has released an add-on patch for vulnerable versions, urging immediate installation to secure environments. Organizations should implement security hardening measures to protect against potential exploitation. Read more here.
