Threat Intelligence Report - May 26, 2023.
The NetFire Threat Intelligence Report contains a weekly collection of key developments to be aware of along with action tips from NetFire.
NetFire Threat Intelligence Team
Infosec Analyst Pleads Guilty to Blackmailing Employer
Ashley Liles, a former IT security analyst at Oxford Biomedica, admitted to hijacking a cyber attack on his own company to divert ransom payments to himself, totaling £300,000 in Bitcoin. The hijacking was discovered during an investigation by the South East Regional Organised Crime Unit (SEROCU) after the company suffered a security breach.
Read more: https://netfire.link/infosecblackmail
Hackers Target 1.5M WordPress Sites with Cookie Consent Plugin Exploit
An unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in the WordPress cookie consent plugin 'Beautiful Cookie Consent Banner' has been exploited by hackers in an attack that has targeted 1.5 million WordPress sites. WordPress security firm Defiant reported that although the current wave of attacks is not able to inject malicious payloads due to a misconfigured exploit, the threat actor could rectify this issue at any time, and infect any exposed sites, hence administrators are advised to update the plugin to its latest version.
Read more: https://netfire.link/wordpresscookieplugin
Google Cloud Bug Allows Server Takeover from CloudSQL Service
A critical vulnerability in Google Cloud Platform's (GCP) managed database service, CloudSQL, was discovered that could potentially expose sensitive customer data. Researchers at Dig were able to escalate privileges and gain full system admin control over the hosting container, allowing them to access sensitive files in the host OS, internal Google URLs, and potentially expose cloud provider and customer data, a major security breach that has since been resolved in collaboration with Google's Vulnerability Reward Program.
Read more: https://netfire.link/gcpcloudsql
2021 Luxottica Data Leak Confirmed
Luxottica, the Italian parent company of eyewear brands Ray-Ban and Oakley, has confirmed a 2021 data breach where the data of more than 70 million customers was exposed due to a cyber attack on a third-party data storage provider. The breach, which included customers' names, emails, home addresses, phone numbers, and birth dates, was discovered through proactive monitoring and immediately reported to the FBI and Italian police; Luxottica asserts that its own systems were not compromised and remain secure.
Read more: https://netfire.link/luxotticadataleak
Have a Happy and Safe Memorial Day Weekend!