This Week in Cybersecurity: 29th Jan – 02nd Feb: Medusa Ransomware Strikes Again

Written by Mitchell Langley

February 2, 2024

This Week in Cybersecurity: 22nd Jan - 02nd Feb: Medusa Ransomware Strikes Again

Medusa Ransomware Attacks Kansas City Public Transportation Authority

The Kansas City Area Transportation Authority (KCATA) revealed it was hit by a Medusa ransomware attack on January 23rd that disrupted phone systems. While bus services continued, KCATA’s internal communication networks were impacted. The ransomware group demanded $2 million. KCATA is working with authorities and cybersecurity experts but has yet to disclose any customer information theft. Alternative contact methods were provided during the response and recovery. Read more

Critical Jenkins RCE Flaw (CVE-2024-23897) Exploited in the Wild

A critical remote code execution vulnerability (CVE-2024-23897) was found in Jenkins, an open-source automation server. By exploiting how Jenkins parses command arguments through the args4j library, attackers could read arbitrary files on the system even without permissions. POC exploits emerged demonstrating how to compromise unpatched Jenkins servers to execute code remotely by decrypting secrets or deceiving users through cross-site requests. Read more

Ukrainian Hackers Wiped 2 Petabytes of Data from Russian Research Center

Ukrainian intelligence reported that pro-Ukrainian hackers wiped 2 petabytes of data from the Russian Center for Space Hydrometeorology, which utilizes satellite data to monitor weather for sectors like the military. Hackers known as the “BO Team” infiltrated the research center’s Far Eastern branch and destroyed 280 servers containing 2 petabytes of meteorological, satellite and years of research data, paralyzing supercomputers. The attack was estimated to cost Russia $10 million and cause major challenges to restore systems limited by sanctions. Read more

Keenan Warns 1.5 Million People of Data Breach: Personal Information Stolen

Keenan, a California-based insurance brokerage, warned 1.5 million customers and employees of a data breach. Network intruders accessed Keenan systems from August 21-27, 2023, obtaining personal information including names, addresses, SSNs, health details, driver’s licenses and passport numbers. The breach impacted current and former Keenan clients and staff. Read more

Johnson Controls Ransomware Attack Cost $27 Million After Data Breach

Johnson Controls disclosed that it cost them $27 million a September 2023 ransomware attack. Dark Angels hackers stole over 27TB of data after accessing Asia offices. They demanded $51 million to delete stolen files. Johnson Controls later confirmed it was a ransomware incident. The attack impacted customer systems but digital products were not affected. Read more

Linux glibc Flaw Lets Attackers Exploit Root Access on Major Linux Distros

A vulnerability in the GNU C library (glibc) called CVE-2023-6246 enables root access exploits on Linux distros like Debian, Ubuntu and Fedora. It stems from a buffer overflow in the syslog logging function. Though requiring specific conditions, impact is high due to widespread glibc use. Other flaws were also found. Security teams are urged to patch after root escalation bugs endanger federal infrastructure and cloud servers. Read more

DarkGate Malware Pushed in Phishing Attacks via Group Chats of Microsoft Teams

Recent phishing attacks have exploited Microsoft Teams by sending over 1,000 group chat requests containing DarkGate malware. Attackers abuse compromised accounts to manipulate recipients into downloading files containing the malware. DarkGate establishes C2 communication and Teams’ default external access setting allows this. Disabling external access or using email is advised. Similar campaigns have distributed malware through TeamsPhisher, exploiting a Teams vulnerability. Read more

Schneider Electric Hit by Cactus Ransomware Attack

Schneider Electric, an energy management company, was hit by a Cactus ransomware attack targeting its Sustainability Business division. Hackers stole terabytes of corporate data and threatened to release it unless ransom is paid. The stolen information could include customers’ power usage, industrial systems, and regulatory compliance data. Schneider Electric confirmed the incident impacted only one division and is not paying the ransom demand at this time. Read more

Fulton County Cyberattack: Cyberattack Hits Georgia County Where Trump Faces Charges

Fulton County, Georgia experienced a cyberattack disrupting desktop phones, intranet and devices. This impacted all departments including the DA’s office prosecuting Trump for election interference. Court and tax systems were affected. The FBI and GBI are investigating. While sensitive data is supposedly unaffected, systems restoration time is unclear. The timing coincides with upcoming deadlines in the Trump case. Read more

Related Articles

Daixin Ransomware Claims Omni Hotels Cyberattack

Daixin Ransomware Claims Omni Hotels Cyberattack

The Daixin Team ransomware gang has taken responsibility for a recent cyberattack on Omni Hotels & Resorts and is currently issuing threats to publish sensitive customer information unless a ransom is paid. This development comes after the hotel chain experienced...

Stay Up to Date With The Latest News & Updates

Join Our Newsletter

 

Subscribe To Our Newsletter

Sign up to our weekly newsletter summarizing everything thats happened in data security, storage, and backup and disaster recovery

You have Successfully Subscribed!