To summarise the news of January 2024, we saw a new GitLab vulnerability, Subway targeted by hacker groups, drainer-as-a-service gangs attack Mandiant, and experts witness “the mother of all breaches”. Plus more!
Continue reading as we cover some of the biggest stories of the month.
The mother of all breaches?
Cyber security researcher Bob Dyachenko and the Cybernews team uncovered this vast collection of data, stored in an open instance with an unidentifiable owner. The MOAB includes records from thousands of leaks and breaches, some of which contain information not previously published. This leak spans 3,800 folders, each corresponding to a different data breach.
The dataset's massive scale poses significant risks, as it could be exploited for identity theft, phishing schemes, cyberattacks, and unauthorised account access. Notably, the data includes not just credentials but also sensitive personal information, making it valuable to malicious actors. The largest set of records, 1.4 billion, is from Tencent QQ, a Chinese messaging app, and substantial data from other major platforms and government organisations worldwide.
New GitLab CVE-2023-7028 vulnerability
Earlier this month, the CVE-2023-7028 vulnerability was reported by the National Vulnerability Database. The vulnerability relates to an issue discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.
With TryHackMe’s latest recent threat room, GitLab CVE-2023-7028, we walk you through how to exploit a GitLab instance using CVE-2023-7028 and understand various mitigation techniques.
Suspected ransom attack at Lush
Lush, a British cosmetics retailer, has confirmed a cyber security incident, with details still emerging. The company, in its announcement on January 11, stated it is working with IT forensic experts to investigate and has taken steps to secure its systems and mitigate the incident's impact.
While the exact nature of the attack is unclear, there is speculation of a ransomware attack, given Lush's actions to contain the situation. This type of cyberattack typically involves data encryption and demands for cryptocurrency.
The incident has been reported to relevant authorities, including the police, Europol, and the ICO.
Sensitive SUBS internal data threatened to be released by hacker group LockBit
Bad news for all you Subway lovers! LockBit, a hacker group, uploaded a timer to their DarkWeb along with text stating that if Subway did not pay the ransom by February 2nd, the data they stole would be sold to their competitors.
Data includes employee salaries, franchise royalty payments, master franchise commission payments and restaurant turnovers.
Subway has acknowledged the claim and launched an investigation to determine the validity of the ransomware group's assertions.
Mandiant's X account hacked by crypto ‘Drainer-as-a-Service’ gang
On the 3rd of January 2024, Mandiant’s X social media account was taken over and subsequently used to distribute links to a cryptocurrency drainer phishing page, likely through a brute force attack. Due to changes in their team and 2FA policy, it is thought the account wasn't adequately protected. The compromised account was used to share phishing links, leading Mandiant's 123,000 followers to a page aiming to steal cryptocurrency.
After regaining control of the account, Mandiant's investigation revealed no further harm to its or Google Cloud's systems. The attacker used a wallet drainer called CLINKSINK, part of a larger campaign targeting Solana (SOL) cryptocurrency users since December.
We have finished our investigation into last week's Mandiant X account takeover and determined it was likely a brute force password attack, limited to this single account.
— Mandiant (@Mandiant) January 10, 2024
Following the incident targeting Mandiant, X accounts belonging to other companies like CertiK, NETGEAR, and Hyundai MEA have been breached in recent days to infect potential victims with cryptocurrency wallet drainer malware.
NEW! AWS Security Training for Individuals
You asked, and of course, we listened. Earlier this month, TryHackMe opened up their AWS Attacking & Defending Security Training for individual purchases!
The training offers a unique opportunity for individuals to get hands-on access to various attack scenarios, with scenarios replicating common real-world threats.
Geared towards individuals seeking to master the intricacies of AWS security, this training promises to be a game-changer in the realm of cloud-based cyber security. So whether you’re looking to advance in your career, embark on new job opportunities, or dive into a new area of cloud security, this one is for you!
Jabba
