Originally reported by BleepingComputer, Graham Cluley, Malwarebytes Labs
TL;DR
The U.S. sanctioned a Russian exploit broker involved in zero-day trading while SolarWinds patched four critical remote code execution vulnerabilities. Multiple major data breaches affected Wynn Resorts and CarGurus, exposing millions of records.
Critical SolarWinds Serv-U vulnerabilities offering root access combined with active zero-day exploit trading represent immediate enterprise threats requiring urgent attention.
The U.S. Treasury Department sanctioned a Russian exploit broker who purchased stolen hacking tools from a former U.S. defense contractor executive. The sanctions target the procurement and distribution network for zero-day exploits, highlighting the ongoing threat from state-sponsored cybercriminal enterprises operating across jurisdictional boundaries.
The action represents continued efforts to disrupt the commercial exploit trade that enables advanced persistent threat groups and ransomware operators to acquire sophisticated attack tools.
SolarWinds addressed four critical remote code execution vulnerabilities in Serv-U that could grant attackers root access to unpatched servers. The flaws represent significant exposure for organizations running the file transfer solution, particularly given SolarWinds' history as a high-value target for nation-state actors.
Administrators should prioritize immediate patching of Serv-U instances to prevent potential compromise through these attack vectors.
A financially motivated threat group designated "Diesel Vortex" is conducting credential theft campaigns against freight and logistics operators across the U.S. and Europe. The operation leverages 52 domains in phishing attacks specifically targeting the transportation sector's operational infrastructure.
The campaign demonstrates continued adversary focus on critical supply chain components, with credential theft enabling potential downstream attacks on logistics networks.
Wynn Resorts confirmed employee data theft after appearing on the ShinyHunters extortion gang's leak site. Separately, ShinyHunters published personal information from over 12.4 million CarGurus accounts, exposing data from the automotive platform's user base.
Both incidents underscore the persistent threat from extortion groups targeting high-profile organizations for data monetization schemes.
Microsoft expanded data loss prevention controls to prevent Microsoft 365 Copilot from processing confidential documents regardless of storage location. The enhancement addresses enterprise concerns about AI systems accessing sensitive information across distributed cloud environments.
The update also included native System Monitor (Sysmon) functionality in Windows 11 KB5077241, providing built-in advanced logging capabilities previously requiring separate installation.
The UK Information Commissioner's Office fined Reddit £14.47 million ($19.5 million) for unlawful collection and use of children's personal data without adequate safeguards. Los Angeles County separately filed suit against Roblox, alleging the gaming platform provides predators with tools to target children.
A $10,000 bounty was offered for methods to run Ring doorbell cameras locally, cutting off data transmission to Amazon servers amid growing privacy concerns over smart home device data collection practices.
Originally reported by BleepingComputer, Graham Cluley, Malwarebytes Labs