Breach Breakdown - November 2024

Introducing Episode 8 of our expertly crafted series on data breaches, cyber-attacks, and more. Breach Breakdown is your go-to source for recapping incidents and staying up-to-date on the latest solutions. October saw its fair share of reported cases, with breaches affecting:

New FakeCall Malware Varient Hijacks Banks Calls for Data Theft

A new variant of FakeCall malware is hijacking calls to banks, using sophisticated vishing attacks, creating fake customer service interactions, tricking victims into revealing sensitive information.

“Victims are tricked into calling fraudulent phone numbers, controlled by the attacker and mimicking the normal user experience on the device.” Zimperium researcher Fernando Ortega said in a report published last week.

AI Stops Critical IoT Camera Security Threat Before It Spreads

GreyNoise Intelligence used an AI-powered system to spot hackers attempting to exploit vulnerabilities in internet-connected cameras, often found in healthcare, industrial, and government settings. The AI tool flagged unusual activity on their sensor network, allowing GreyNoise to catch the threat before it spread.

How AI helped:

📹 Detected suspicious behavior on cameras, revealing critical flaws (CVE-2024-8956 and CVE-2024-8957).
🛡️ Enabled fast action to patch the vulnerabilities, preventing potential control over camera feeds and data theft.

GreyNoise’s founder emphasised the value of AI in identifying and stopping threats early: “Without AI, we might have missed this exploit.”

Russian Espionage Group 'Midnight Blizzard' Targets Cloud Services in New Cyber Espionage Campaign

Russian Espionage Group ‘Midnight Blizzard’ Targets Cloud Services in New Cyber Espionage Campaign 🚨

A notorious Russian state-sponsored hacking group, Midnight Blizzard, is once again in the spotlight. According to recent reports, the group has launched a sophisticated cyber espionage campaign targeting major cloud services providers.

Their goal? To steal sensitive information and infiltrate key infrastructure.

Utilising advanced phishing tactics, the attackers are posing as legitimate IT support agents, tricking users into divulging critical login details.

ChatGPT Users Targeted in New Phishing Scam!

Cybersecurity experts Barracuda Networks have found a scam where hackers pretend to be OpenAI, to steal login details.The fake emails say there’s an issue with your ChatGPT subscription and ask you to “update payment info” through a link.

What’s happening:

✉️ Hackers sent over 1,000 emails pretending to be from OpenAI.
🕵️ The emails look real but come from a fake source.
👾 Clicking the link takes you to a fake login page to steal your info.

Barracuda warns that hackers can use stolen accounts to send even more scam emails.

National Public Data Files for Bankruptcy Following Massive Data Breach

The National Public Data (NPD) breach, which exposed the personal data of nearly 3 billion users, has led to the company’s downfall. After a year of dealing with legal battles, regulatory scrutiny, and significant financial strain, NPD has officially filed for bankruptcy.