A daily look at the relevant information security news from overnight - 20 July, 2022
Episode 269 - 20 July 2022
Knauf Knocked Out- https://www.bleepingcomputer.com/news/security/building-materials-giant-knauf-hit-by-black-basta-ransomware-gang/
Rusty Luna -
https://thehackernews.com/2022/07/new-rust-based-ransomware-family.html
GPS Over-Tracking -
https://www.zdnet.com/article/flaws-in-a-popular-gps-tracker-could-allow-hackers-to-track-or-stop-vehicles-say-security-researchers/
Oracle Patchfest- https://www.securityweek.com/oracle-releases-349-new-security-patches-july-2022-cpu
Magicart Skim -
https://docs.google.com/document/d/1Kse6lMi7hJEg1wDnVS_ZEND2pZOEMT4a9We3erCPsXE/edit
Hi, I’m Paul Torgersen. It’s Wednesday July 20th, 2022, and from Victoria, this is a look at the information security news from overnight.
From BleepingComputer.com:
The Knauf Group, a large Germany based building materials company, has announced it has been the target of a cyberattack that has disrupted its business operations. Their global IT team has shut down all systems to isolate the incident. Knauf has not confirmed it is a ransomware attack, but the Black Basta group has claimed responsibility for the attack on their extortion site. So far they claim to have released about 20% of the information they stole, which indicates they are likely still hopeful to receive a ransom from the victim.
From TheHackerNews.com:
Researchers have disclosed a brand-new ransomware family written in Rust, that Kaspersky Labs has named Luna. The ransomware is fairly simple and appears to be in its early development. It is designed to be used by Russian speaking threat actors, and can run on Windows, Linux, and ESXi systems.
From ZDNet.com:
Critical security vulnerabilities in the MiCODUS MV720 vehicle GPS tracker could be used to remotely track, stop or even take control of vehicles in which it is installed. These devices are popular with large companies and government entities, with approximately 1.5 million of them currently in use in 169 countries. Researchers at BitSight, who found the flaws, say these devices should not be used until patches are available. No word from MiCODUS on when that might be.
From SecurityWeek.com:
Oracle’s quarterly Critical Patch Update has a total of 349 new security patches, including 230 for vulnerabilities that can be exploited by remote, unauthenticated attackers. 64 of the vulnerabilities are rated critical, with four of those scoring a ten out of ten. Financial Services Applications received the largest number of fixes, followed by Oracle Communications, then Fusion Middleware. Get your patch on kids.
And last today, from ThreatPost.com:
A Magecart campaign has been skimming payment-card credentials from customers using three online restaurant-ordering systems. The attack has affected over 300 restaurants and compromised at least 50,000 cards so far, which have already been offered up for sale on the dark web. The platforms impacted are MenuDrive, Harbortouch, and InTouchPOS.
That’s all for me today. Have a great rest of your day. Like and subscribe, and until next tomorrow, be safe out there.