Millions of Malicious ‘Imageless’ Containers Planted on Docker Hub Over 5 Years

Cybersecurity researchers have discovered multiple campaigns targeting Docker Hub by planting millions of malicious “imageless” containers over the past five years, once again underscoring how open-source registries could pave the way for supply chain attacks.

What’s more, the documentation has no connection whatsoever to the container. Instead, it’s a web page that’s designed to lure users into visiting phishing or malware-hosting websites.

Of the 4.6 million imageless Docker Hub repositories uncovered, 2.81 million of them are said to have been used as landing pages to redirect unsuspecting users to fraudulent sites as part of three broad campaigns.

Source – https://thehackernews.com/2024/04/millions-of-malicious-imageless.html

London Drugs pharmacy chain closes stores after cyberattack

Canadian pharmacy chain London Drugs has closed all its retail stores to contain what it described as a “cybersecurity incident.”

The company has also hired external experts to investigate the cyberattack that impacted its systems over the weekend.

London Drugs said it had found no evidence pointing to customer or employee data being impacted in the incident.

The chain advised customers to call their local pharmacy to make arrangements if they have “urgent pharmacy needs.”

Source – https://www.bleepingcomputer.com/news/security/london-drugs-pharmacy-chain-closes-stores-after-cyberattack/

New R Programming Vulnerability Exposes Projects to Supply Chain Attacks

A security vulnerability has been discovered in the R programming language that could be exploited by a threat actor to create a malicious RDS (R Data Serialization) file such that it results in code execution when loaded and referenced.

The flaw, assigned the CVE identifier CVE-2024-27322 (CVSS score: 8.8), “involves the use of promise objects and lazy evaluation in R,” AI application security company HiddenLayer said in a report shared with The Hacker News.

RDS, like pickle in Python, is a format used to serialize and save the state of data structures or objects in R, an open-source programming language used in statistical computing, data visualization, and machine learning.

Source – https://thehackernews.com/2024/04/new-r-programming-vulnerability-exposes.html

Collection agency FBCS warns data breach impacts 1.9 million people

Financial Business and Consumer Solutions (FBCS) is warning 1,955,385 impacted individuals in the United States that the company suffered a data breach after discovering unauthorized access to specific systems in its network.

FBCS is a nationally licensed debt collection agency in the U.S., specializing in collecting unpaid debts from consumer credit, healthcare, commercial, auto loans and leases, student loans, and utilities.

According to a data breach notification sample the firm shared with the authorities late last week, on February 26, 2024, it discovered that unauthorized actors had breached its network since February 14, 2024.

Source – https://www.bleepingcomputer.com/news/security/collection-agency-fbcs-warns-data-breach-impacts-19-million-people/

Threat Report – Actively exploited critical vulnerability found in WordPress Automatic Plugin – April 2024

A security vulnerability in the WP Automatic WordPress plugin, identified as CVE-2024-27956, has exposed millions of websites to SQL injection attacks. The plugin, which automates content publishing on WordPress websites, is being targeted by hackers who are exploiting the flaw to inject malicious code and take control of affected sites.

The vulnerability poses a significant risk to website owners using the WP Automatic plugin and highlights the importance of regularly updating plugins and maintaining strong security practices. Security experts have warned users to be vigilant and take immediate action to mitigate the impact of potential attacks.

Source – https://www.smarttech247.com/news/threat-report-actively-exploited-critical-vulnerability-found-in-wordpress-automatic-plugin-april-2024/

New Cuttlefish malware infects routers to monitor traffic for credentials

A new malware named ‘Cuttlefish’ has been spotted infecting enterprise-grade and small office/home office (SOHO) routers to monitor data that passes through them and steal authentication information.

Lumen Technologies’ Black Lotus Labs examined the new malware and reports that Cuttlefish creates a proxy or VPN tunnel on the compromised router to exfiltrate data discreetly while bypassing security measures that detect unusual sign-ins.

The malware can also perform DNS and HTTP hijacking within private IP spaces, interfering with internal communications and possibly introducing more payloads.

Source – https://www.bleepingcomputer.com/news/security/new-cuttlefish-malware-infects-routers-to-monitor-traffic-for-credentials/

Kaiser health plan reveals data breach impacting millions

Kaiser Foundation Health Plan is one of the the largest nonprofit health insurance providers in the US serving patients and medical entities from coast to coast.

The number of victims impacted is listed as 13.4 million, according to the filing posted on the US Department of Health and Human Services (HHS) breach notification portal and submitted by Kaiser on April 12th.

The health giant reports the cause of the breach was due to unauthorized access/disclosure on its network servers.

Kaiser Permanente said it is not aware of any misuse of any member’s or patient’s personal information at this time.

Source – https://cybernews.com/news/kaiser-health-data-breach-millions/

Qantas app exposed sensitive traveler details to random users

Qantas Airways confirms that some of its customers were impacted by a misconfiguration in its app that exposed sensitive information and boarding passes to random users.
Qantas is Australia’s flag carrier and the largest airline by fleet size, operating 125 aircraft and serving 104 destinations. Qantas has 23,500 employees and an annual revenue of almost $12.9 billion.
Earlier today, several users of the Qantas app reported on social media that they could view other users’ travel details, including personally identifiable information, boarding passes for upcoming flights, and other account information.
Qantas quickly responded to the reports and confirmed an unintentional exposure of sensitive information possibly caused by recent system changes.

Source – https://www.bleepingcomputer.com/news/security/qantas-app-exposed-sensitive-traveler-details-to-random-users/

Avast fined nearly $15M for GDPR violations

The Office for Personal Data Protection (ÚOOÚ) in the Czech Republic has imposed a fine of approximately $14.8 million on Avast Software for General Data Protection Rules (GDPR) after investigating the company’s Czech branch, Jumpshot, INC.

According to ÚOOÚ, the company processed personal data from Avast antivirus software and browser extensions in 2019 without authorization.

The company transferred the data of 100 million of its users to Jumpshot, a company that marketed itself, among other things, as providing insights into online consumer behavior to third parties.

ÚOOÚ says that Avast misled users. While it claimed to use robust anonymization techniques, at least a portion of data subjects could be reidentified.

Source – https://cybernews.com/news/avast-fined-nearly-15m-for-gdpr-violations/

CISA Warns of Active Exploitation of Severe GitLab Password Reset Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical flaw impacting GitLab to its Known Exploited Vulnerabilities (KEV) catalog, owing to active exploitation in the wild.

Tracked as CVE-2023-7028 (CVSS score: 10.0), the maximum severity vulnerability could facilitate account takeover by sending password reset emails to an unverified email address.

GitLab, which disclosed details of the shortcoming earlier this January, said it was introduced as part of a code change in version 16.1.0 on May 1, 2023.

Successful exploitation of the issue can have serious consequences as it not only enables an adversary to take control of a GitLab user account, but also steal sensitive information, credentials, and even poison source code repositories with malicious code, leading to supply chain attacks.

Source – https://thehackernews.com/2024/05/cisa-warns-of-active-exploitation-of.html

CISA and Partners Release Fact Sheet on Defending OT Operations Against Ongoing Pro-Russia Hacktivist Activity

Today, CISA, in collaboration with U.S. and international partners, published a joint fact sheet, Defending OT Operations Against Ongoing Pro-Russia Hacktivist Activity. This fact sheet provides information and mitigations associated with cyber operations conducted by pro-Russia hacktivists who seek to compromise industrial control systems (ICS) and small-scale operational technology (OT) systems in North American and European critical infrastructure sectors, including Water and Wastewater Systems, Dams, Energy, and Food and Agriculture Sectors.

The pro-Russia hacktivist activity appears mostly limited to unsophisticated techniques that manipulate ICS equipment to create nuisance effects. However, investigations have identified that these actors are capable of techniques that pose physical threats against insecure and misconfigured OT environments.

CISA and partners encourage OT operators in critical infrastructure sectors to apply the recommendations listed in the fact sheet to defend against this activity. To learn more about secure by design principles and practices, visit CISA’s Secure by Design webpage. For more information and guidance on protection against the most common and impactful threats, tactics, techniques, and procedures, visit CISA’s Cross-Sector Cybersecurity Performance Goals.

Source – https://www.cisa.gov/news-events/alerts/2024/05/01/cisa-and-partners-release-fact-sheet-defending-ot-operations-against-ongoing-pro-russia-hacktivist

Smarttech247