Cyber Bits · · 2 min read

Cyber Bits: July 15, 2024

Cyber Bits: July 15, 2024

In this week's Cyber Bits, AT&T breach impacts millions of customers, hackers take advantage of a proof of concept 20 minutes after release, EXIM bugs affecting almost a million mail relays, the anatomy of the Akira Ransomware and their unfortunate efficiency at data exfiltration, and a new group targeting Veeam infrastructure.

AT&T Data Breach Impacts Millions

Link: Dark Reading

The recent data breach at AT&T, resulting from a supply chain cyber-incident, compromised the personal information of over 70 million current and former customers. The leak included sensitive details such as social security numbers, email addresses, and phone numbers, although financial information remained secure. This also affected customers of Boost Mobile, Cricket Wireless, and H2O Wireless, all of which are owned by AT&T.

Rapid Exploitation of PoC Exploits

Link: Bleeping Computer

Hackers have been observed exploiting proof-of-concept (PoC) exploits within 22 minutes of their public release. Security researchers at Cloudflare found that as soon as PoC exploits become available, attackers incorporate them into their arsenal to target vulnerable systems before they can be patched.

Critical Exim Mail Server Bug

Link: Bleeping Computer

A critical vulnerability in the Exim mail transfer agent software, used on over 1.5 million servers, allows attackers to bypass security filters, posing a significant threat to email security. This flaw enables remote code execution, allowing attackers to potentially take control of affected servers. The vulnerability affects multiple versions of Exim, and users are urged to update their software to mitigate this risk.

Akira Ransomware’s Quick Data Exfiltration

Link: Dark Reading

The Akira ransomware group has been noted for its exceptionally fast data exfiltration capabilities. With the able to steal sensitive data within just two hours, organizations face a significant challenge for detection and mitigation, as traditional security measures may not respond quickly enough. Akira’s tactics include targeting corporate networks, exfiltrating valuable data, and then encrypting the systems to demand ransom. 

New Ransomware Exploits Veeam Vulnerability

Link: The Hacker News

A new ransomware group has been exploiting vulnerabilities in Veeam backup software to target businesses, leveraging known weaknesses to gain unauthorized access, exfiltrate data, and then deploy ransomware. We strongly recommend anyone using Veeam to review their security practices, review their IR procedures, and apply necessary patches to prevent exploitation.

Read next

Cyber Bits: October 14
Cyber Bits ·

Cyber Bits: October 14

In this weeks Cyber Bits, Microsoft deprecates VPN protocols, OpenAI confirms what everyone already knew about bad guys using ChatGPT for malware, SOC teams lament alert fatigue, qualified personnel gaps in cloud and cyber, and how to build cyber resilience for SMB's.