Slim CD Data Breach Exposes 1.7 Million Credit Card Records

Payment gateway provider Slim CD has disclosed a data breach that exposed the personal and credit card details of nearly 1.7 million individuals. Hackers gained unauthorized access to the company’s network for almost a year, from August 17, 2023, to June 15, 2024.

While the breach spanned several months, Slim CD revealed that credit card information may have been accessed during a two-day window—June 14 and 15, 2024. Compromised data includes full names, physical addresses, credit card numbers, and payment card expiration dates. The absence of card verification numbers (CVVs) lowers, but does not entirely eliminate, the risk of fraudulent transactions.

Slim CD advises all affected individuals to remain vigilant for signs of identity theft or credit card fraud and report any suspicious activity to their card issuers immediately. Despite the breach’s magnitude, Slim CD has not offered free identity theft protection services to impacted individuals.

The company has since strengthened its security measures to prevent similar incidents in the future. Slim CD provides payment processing solutions across various industries, including retail, hospitality, and restaurants. Many affected individuals may be unaware of the company, having indirectly interacted with Slim CD through businesses using its services. Full News Here

TIDrone Cyberattackers Target Taiwan’s Drone Manufacturers

A cybercriminal group known as TIDrone is launching advanced malware attacks aimed at military and satellite supply chains, with a particular focus on drone manufacturers in Taiwan. According to researchers at Trend Micro, the group has ties to other Chinese-speaking threat actors and uses sophisticated tools to infiltrate their targets.

TIDrone has been linked to attacks on enterprise resource planning (ERP) software and remote desktop tools, deploying proprietary malware to compromise systems. Since the beginning of 2024, numerous incident reports from Taiwan have highlighted the group’s ongoing campaign. However, Trend Micro’s telemetry from VirusTotal reveals that targets are varied, suggesting the group’s reach extends globally.

Among TIDrone’s malware arsenal is CXCLNT, a tool capable of uploading and downloading files, gathering victim information like file listings and computer names, and operating with stealth. Another weapon, CLNTEND, is a remote access tool (RAT) that supports multiple network protocols and was first observed in April 2024.

Once inside a system, TIDrone uses user account control (UAC) bypass techniques, credential dumping, and hacktools to disable antivirus defenses. The group also employs anti-analysis methods, such as altering application programming interfaces (APIs) and verifying process entry points to evade detection.

Trend Micro warns businesses and individuals alike to remain vigilant as TIDrone continues to refine its attack methods and target industrial supply chains worldwide.

Avis Car Rental Data Breach Exposes Nearly 300,000 Customers’ Information

A recent cyberattack on Avis Car Rental, one of the largest car rental companies in the U.S., has compromised the personal data of nearly 300,000 individuals. Attackers infiltrated Avis’ systems on August 3, 2024, and remained inside for three days before the company managed to secure its network.

According to a data breach notification submitted to the Maine Attorney General’s Office, Avis became aware of the breach on August 5, 2024, and acted quickly to remove the unauthorized access. The letter did not specify the exact type of data exposed, only suggesting that customer names and other sensitive information may have been accessed.

Avis, which operates in over 160 countries and generated $12 billion in revenue in 2022, advised affected customers to monitor their financial accounts and credit history for any signs of unauthorized transactions or suspicious activity. The company recommends taking precautions to prevent identity theft and fraud.

The breach affected 299,006 individuals, and Avis has offered one year of free identity protection services to those impacted.

This incident highlights the growing risk of cyberattacks on large corporations with global operations, urging businesses and customers to remain vigilant against potential data breaches.

Kibana Vulnerabilities Expose Systems to Arbitrary Code Execution

Elastic has identified two critical vulnerabilities in Kibana, allowing attackers to execute arbitrary code. The flaws, CVE-2024-37288 and CVE-2024-37285, stem from issues with YAML deserialization, posing a serious risk to affected systems. These vulnerabilities have been rated with high severity, highlighting the need for immediate action by users.

CVE-2024-37288 affects Kibana 8.15.0, specifically targeting users of the Amazon Bedrock Connector. Attackers can exploit a deserialization flaw in the connector, leading to arbitrary code execution. Elastic has released Kibana 8.15.1 to patch this vulnerability, and users are urged to upgrade immediately. If upgrading isn’t possible, disabling the integration assistant in the configuration file can serve as a temporary fix.

CVE-2024-37285 impacts Kibana versions 8.10.0 through 8.15.0. To exploit this vulnerability, attackers need specific Elasticsearch and Kibana privileges, such as write access to system indices or Fleet privileges. Elastic recommends upgrading to version 8.15.1 to mitigate this issue and advises organizations to review privilege configurations to minimize risk.

Both vulnerabilities carry high CVSS scores, with CVE-2024-37288 rated at 9.9 and CVE-2024-37285 at 9.1, indicating a high likelihood of exploitation. Elastic emphasizes the importance of prompt patching and maintaining up-to-date security configurations to safeguard against future threats. Full News Here

RAMBO Attack Steals Data from Air-Gapped Computers Using RAM

Researchers have uncovered a new side-channel attack, dubbed RAMBO (Radiation of Air-gapped Memory Bus for Offense), which exploits electromagnetic emissions from a computer’s RAM to steal data from air-gapped systems. These isolated systems, often used in high-security environments like government facilities and nuclear power plants, are traditionally separated from networks to prevent breaches. However, the RAMBO attack bypasses this security by using RAM’s electromagnetic radiation to transmit data.

The attack works by planting malware on the air-gapped computer, which manipulates the RAM’s memory bus to emit controlled electromagnetic signals. These signals, encoded as binary 1s and 0s, are then intercepted by a nearby attacker using a low-cost Software-Defined Radio (SDR) with an antenna. The data transfer rate is approximately 1,000 bits per second, making it suitable for small-scale data exfiltration, such as passwords or keystrokes.

The attack can transmit data over distances up to 7 meters (23 ft) with nearly zero errors at slower transmission speeds. Despite its limitations, the RAMBO attack represents a serious threat to air-gapped systems. 

To mitigate this risk, researchers recommend physical defenses like zone restrictions, RAM jamming, external electromagnetic interference, or using Faraday cages to block EM radiation from escaping these systems.

Chinese Hackers Exploit Visual Studio Code in Southeast Asian Cyberattacks

The Chinese-linked APT group Mustang Panda is using Visual Studio Code in cyberattacks targeting Southeast Asian government entities, according to a report by Palo Alto Networks’ Unit 42. The group has weaponized the software’s embedded reverse shell feature to gain access to networks. This technique, first demonstrated in September 2023, allows attackers to execute arbitrary code and deliver malicious payloads.

Mustang Panda, operational since 2012, has a history of cyber espionage targeting government and religious entities across Europe and Asia, particularly in South China Sea regions. By exploiting Visual Studio Code’s tunnel feature, attackers can remotely control infected machines after logging into GitHub, enabling them to run commands and exfiltrate sensitive data.

In addition to this method, Mustang Panda has used OpenSSH for reconnaissance and spreading malware, including the ShadowPad backdoor. There is some uncertainty about whether multiple Chinese APT groups are involved, possibly collaborating or piggybacking on each other’s access.

This campaign highlights the evolving techniques used by APT groups and the importance of monitoring software tools for potential exploitation.

CBIZ Discloses Data Breach Affecting 36,000 Individuals

CBIZ Benefits & Insurance Services (CBIZ) has disclosed a data breach involving unauthorized access to client information. The breach occurred between June 2 and June 21, 2024, when a threat actor exploited a vulnerability in one of CBIZ’s web pages, stealing sensitive customer data. 

CBIZ, a leading U.S. professional services company, discovered the breach on June 24 and immediately launched an investigation with cybersecurity professionals. The stolen information includes names, contact details, Social Security numbers, dates of birth or death, retiree health data, and welfare plan information. The breach affected nearly 36,000 individuals.

Although there is no evidence of misuse, CBIZ is offering two years of free credit monitoring and identity theft protection services to those impacted. Additionally, affected individuals are advised to consider placing a credit freeze and adding a fraud alert to their credit reports as a precaution.

CBIZ, which provides financial, insurance, and consulting services, operates 120 offices and employs 6,700 people across the U.S., with a 2023 revenue of $1.59 billion. Impacted clients began receiving personalized notifications on August 28, 2024.