MSP cybersecurity news digest, August 26, 2024

Microsoft August 2024 Patch Tuesday addressed 89 vulnerabilities, including six actively exploited zero-days and three publicly disclosed ones.

These vulnerabilities involve categories like elevation of privilege, remote code execution, and information disclosure. A tenth zero-day remains unfixed but is being addressed. Among the zero days, CVE-2024-38178, affecting Microsoft Edge in Internet Explorer mode, has been exploited in the wild. Eight critical flaws were patched, including vulnerabilities that allow attackers to gain SYSTEM privileges and execute remote code.

Four other publicly disclosed vulnerabilities were also fixed, including a Windows Line Printer Daemon remote code execution flaw. Microsoft continues working on updates for the remaining vulnerabilities.

Netflix is dealing with its most significant data breach to date, as numerous unreleased shows and movies have surfaced online.

The breach has impacted highly anticipated projects like Arcane and Heartstopper, with some episodes leaked in unfinished form. Netflix attributes the leak to a compromised post-production partner and has vowed to take aggressive action against those responsible. The breach has affected several upcoming releases, particularly in the animation department, with titles like Spellbound and Terminator Zero also leaked.

The leak is a major setback for the creative teams involved, who have worked on these projects. Fans are urged to avoid the leaked content and support the official releases when they become available.

A large-scale Magniber ransomware campaign is currently encrypting home users' devices worldwide, demanding ransoms starting at $1,000 for decryption.

Magniber, which emerged in 2017 as a successor to Cerber, has used various methods to spread, including Windows zero days, fake updates, and trojanized software cracks. Unlike larger ransomware operations, Magniber mainly targets individual users who unknowingly download malicious software.

Since July 20, there has been a noticeable surge in victims, with many reporting infections after running software cracks or key generators. Once infected, files are encrypted with a random extension, and a ransom note is created. It is recommended to avoid illegal software downloads to prevent infection.

Evolution Mining, one of Australia's largest gold producers, with an annual revenue of $1.6 billion, was hit by a ransomware attack, impacting its IT systems. The company has brought in external cybersecurity experts and reports that the attack is now fully contained.

Despite the disruption, Evolution Mining does not expect the incident to have a material impact on its mining operations, indicating that critical systems were likely unaffected. The Australian Cyber Security Centre has been notified, but no major ransomware groups have claimed responsibility yet.

In a separate case, around $60 million was stolen from Orion, a Luxembourg-based supplier of carbon products with an annual revenue of $1.9 billion, after an employee was deceived into making several wire transfers to cybercriminals. The company, which produces carbon black used in various industries, reported the incident to the SEC. A non-executive employee fell victim to a criminal scheme, resulting in multiple fraudulent transfers to accounts controlled by unknown parties. If the stolen funds are not recovered, Orion expects to record a one-time pre-tax charge of approximately $60 million. Law enforcement agencies are now investigating the theft, and the company is exploring all legal avenues for fund recovery, including insurance claims.

Nearly 2.7 billion personal records of U.S. residents were leaked on a hacking forum, exposing names, Social Security numbers, addresses and possible aliases.

 The data reportedly originated from National Public Data, a company that aggregates personal information from public sources for background checks and other purposes. A threat actor named "Fenice" recently leaked the most complete version of this data, totaling 277 GB, though it is said to have been stolen by another hacker known as "SXUL."

The leaked records contain unencrypted information, including outdated or inaccurate details, raising concerns about privacy and security. Multiple class action lawsuits have been filed against Jerico Pictures, which operates as National Public Data, for failing to protect this information. U.S. residents are advised to monitor their credit reports and be wary of phishing scams in light of this breach.