Top stories.
- Dozens of cloud file-sharing breaches tied to a single threat actor.
- Brightspeed investigates alleged breach.
- ClickFix campaign uses fake BSOD pages.
Dozens of cloud file-sharing breaches tied to a single threat actor.
Researchers at Hudson Rock have tied dozens of breaches to a single threat actor dubbed "Zestix," who appears to have compromised the ShareFile, Nextcloud, and OwnCloud instances of around fifty major companies. The threat actor harvested passwords from malware-infected machines or obtained them from logs that were aggregated on the dark web. The compromised cloud instances did not use multifactor authentication, so the threat actor only needed the passwords.
The breached organizations include Pickett, Sekisui House, IFLUSAC, Iberia Airlines, K3G Solutions, CRRC MA, GreenBills, CiberC, and many others. The threat actor is auctioning terabytes of data allegedly stolen from the affected organizations.
Brightspeed investigates alleged breach.
US fiber broadband provider Brightspeed is investigating claims of a breach made by the Crimson Collective extortion group, SecurityWeek reports. The criminal gang claims to have stolen data belonging to more than a million customers, including names, billing addresses, email addresses, phone numbers, account status, payment details, and service records.
The company told SecurityWeek in a statement, "We are currently investigating reports of a cybersecurity event. As we learn more, we will keep our customers, employees, and authorities informed. We take the security of our networks and protection of our customers’ and employees’ information seriously and are rigorous in securing our networks and monitoring threats."
ClickFix campaign uses fake BSOD pages.
Securonix warns that a ClickFix phishing campaign is targeting Europe's hospitality sector with phony Windows Blue Screen of Death (BSOD) pages. The phishing emails target European hotels, impersonating hotel guests who are cancelling their Booking.com reservations. If a user clicks the link in the email, they'll be taken to a spoofed Booking.com page that appears to be loading. The page displays a pop-up that says the page failed to load, and asks them to refresh the page.
Securonix explains, "Once the victim clicks the 'Refresh' button, the trap is sprung. The browser immediately goes full-screen and mimics a Blue Screen of Death (BSOD)...A prompt then appears over the fake crash screen, offering a quick solution to 'fix' the issue. It instructs the user to perform a specific sequence of keystrokes." If the user follows these instructions, they'll inadvertently install the DCRat malware on their machine.
