Cyber Bits · · 3 min read

Cyber Bits: May 13, 2024

Dell's customers are on high alert this week, with the news that 49 million customer records stolen, Google patches the fifth zero-day of the year in Chrome, Android users targeted with malware hidden in apps, and Black-Basta ransomware is on the rise.

Cyber Bits: May 13, 2024

Dell's customers are on high alert this week, with the news that 49 million customer records stolen, Google patches the fifth zero-day of the year in Chrome, Android users targeted with malware hidden in apps, and Black-Basta ransomware is on the rise.

49 Million Dell customer records stolen

Link: bleepingcomputer, arstechnica

A threat actor named Menelik exploited a Dell partner portal API to steal data from 49 million customer records by registering fake companies and gaining rapid portal access. This breach involved a wide array of Dell products, such as monitors, notebooks, and desktops, with Menelik managing to scrape significant amounts of data by sending thousands of requests per minute over three weeks. This incident highlights the vulnerabilities in APIs, reminiscent of past security issues faced by companies like Facebook and Twitter​. If you're a Dell customer, be on the lookout for phishing emails.

Google Patches 5th Zero day vulnerability of the year

Link: arstechnica

Google recently patched its fifth zero-day vulnerability of the year in Chrome, identified as CVE-2024-0519. This vulnerability was being actively exploited and involved out-of-bounds memory access in the V8 JavaScript and WebAssembly engine. Attackers could use a specially crafted HTML page to exploit this flaw, potentially leading to heap corruption and remote code execution. Google released updates for Chrome on Windows, Mac, and Linux to address this issue and recommended that users update their browsers promptly to protect against these vulnerabilities​.

Malicious Android apps posing as legitimate apps

Link: thehackernews

The recent surge in malicious Android apps posing as legitimate Google utilities has been a significant concern. These apps, often appearing as innocuous tools like fitness trackers or photo editors, are actually fronts for distributing malware such as the notorious Joker and Facestealer variants. These malicious apps engage in various harmful activities, including stealing user credentials and sensitive information like text messages and contact lists. Over 200 apps have been implicated in distributing Facestealer spyware, targeting users with credential theft, especially for Facebook accounts, and even going as far as stealing cryptocurrency wallet keys.

To protect against such threats, users are advised to scrutinize app reviews, verify the legitimacy of developers, and be cautious about the permissions they grant to apps. It's also recommended to avoid downloading apps from unofficial sources, which are a common source of malware​.

Black-Basta ransomware group strikes over 500 organizations

Link: thehackernews

The Black Basta ransomware group has been identified as a significant cybersecurity threat after striking over 500 organizations. This group is known for its efficient and damaging attacks, often bypassing traditional security measures. SentinelOne's research suggests possible links between Black Basta and the FIN7 (also known as Carbanak) group, indicating a potentially sophisticated and resource-rich operation. Unlike many ransomware operators who recruit affiliates, Black Basta appears to operate independently, deploying their malware directly without advertising it as Ransomware-as-a-Service (RaaS) on darknet forums or crimeware marketplaces.

Read next

Cyber Bits: September 23
Cyber Bits ·

Cyber Bits: September 23

This week, we cover software-breaking updates, major security vulnerabilities including a Mediatek 0day, data breaches at Deloitte and Dell, cyber-espionage activities and Disney affected by Slack.