FreeBuf Morning Brief | Sept 25, 2024100 M Americans’ Privacy Exposed; UltraAV Auto-Replacing Kaspersky Sparks Alarm

Global Headlines

1. AutoCanada: Ransomware Attack “May” Have Hit Employee Data
   AutoCanada warns that employee data could have been exposed in an August breach claimed by the Hunters International ransomware gang. No fraudulent activity has yet been detected, but notifications are being sent to affected individuals.
2. U.S. CMS: MOVEit Breach Impacts 3.1 Million People
   The Centers for Medicare & Medicaid Services (CMS) says health-plan data for more than three million beneficiaries was exposed in last year’s Cl0p ransomware campaign against MOVEit.
3. Russia’s 2024 Cyber-Offensive Leans Toward Espionage, Not Sabotage
   Russian APT groups have shifted to stealthy, long-term espionage against military and critical-infrastructure targets to support the war in Ukraine, moving away from large-scale disruptive attacks.
4. Telegram to Share Suspects’ IPs & Phone Numbers with Police
   CEO Pavel Durov announced that Telegram will hand over IP addresses and phone numbers of users who violate its ToS to “relevant authorities” when presented with valid legal requests.
5. Kaspersky Exits U.S.; Auto-Switch to UltraAV Begins
   Antivirus vendor Kaspersky has begun withdrawing its products from the U.S. Existing users are being migrated to UltraAV as of Sept 19, with a full exit by month-end.
6. Background-Check Giant Leaks Data on 100 M Americans
   MC2 Data, a U.S. background-check and public-records firm, exposed 2.2 TB of sensitive files containing personal info on over 100 million citizens—posing a massive privacy risk.

Security Incidents

1. Infostealer Malware Bypasses Chrome’s New Cookie-Theft Defenses
   Updated Infostealer strains claim to sidestep Google Chrome’s recently introduced App-Bound Encryption for protecting cookies and other sensitive data.
2. CISA: Critical Ivanti vTM Auth-Bypass Flaw Now Actively Exploited
   CISA warns that attackers are exploiting a critical flaw in Ivanti’s Virtual Traffic Manager (vTM) to create rogue admin accounts.
3. MoneyGram Confirms Cyberattack Behind Multi-Day Outage
   After days of system failures and user complaints, MoneyGram confirmed Monday that a cyberattack caused the service disruption that began last Friday.
4. Versa Director Bugs Could Lead to API Attacks, Token Theft
   Flaws in Versa Director—used by ISPs and MSPs to manage SD-WAN configs—could have widespread downstream impact if exploited.
5. Star Health Mega-Breach: Indian Insurer’s Data on Telegram
   Sensitive customer data from India’s largest health insurer, Star Health & Allied Insurance—including medical reports—has surfaced on Telegram bots and forums.
6. Windows Server 2025 Adds Hot-Patching, No Reboot Needed
   Currently in preview, Windows Server 2025 will arrive late 2024 with hot-patching capabilities and several new security features, while deprecating some legacy components.

Featured Articles

1. Bug Bounty | Multi-Dimensional Recon for SRCs (Summary)
   A deep dive into mapping all elements of a typical website to perform granular reconnaissance before hunting bugs.
2. Code Audit: Dreamer CMS 4.0.1
   A beginner-friendly walk-through finding an SQL-injection flaw in ArchivesMapper.xml’s queryByKeywords statement.
3. Developing QR-Code Replacement in Gophish Phishing Campaigns
   How to extend the open-source Gophish framework to swap phishing-email QR codes on the fly for red-team exercises.