00:00Welcome to Hawk Attack, your daily dose of cyber carnage from the past 24 hours.
00:04I'm your guide through the digital dumpster fire serving up the latest breaches, hacks, and exploits with zero sugarcoating.
00:10From state-sponsored spies to ransomware clowns, we've got a fresh batch of chaos to dissect.
00:15Buckle up, let's dive into the muck.
00:17First up, Microsoft SharePoint espionage dumpster fire, part two.
00:22I called it first when SharePoint's zero day got lit up, and now it's a full-blown inferno.
00:28Chinese crews Violet Typhoon, Linen Typhoon Storm 2603 are still slipping past authentication like it's a screen door.
00:37Over 100 organizations hit maybe 400 United States and German governments, banks, hospitals, the works.
00:43They're snatching files, running code in Storm 2603s, flirting with ransomware to brick servers, victim counts spiking, and they're chaining exploits to roam networks.
00:53On-prem SharePoint? Patch it yesterday or your data's gone.
00:56Cloud safe, but if you're still self-hosting, why?
01:00Check logs for sketchy access now.
01:02You audited those SharePoint logs since my last drop, or you think you're too small fry for the hit list?
01:07Next, NASCAR's high-speed data wipeout.
01:10NASCAR got smoked by Medusa's ransomware gang.
01:13Four million ransom for a March data heist.
01:15Name social security numbers Raceway Maps.
01:17Employee emails IT credentials missed till June 24th.
01:21Medusa's been dumping unpaid loot since 2021.
01:25NASCAR's tossing out credit monitoring, but that's a Band-Aid on a blown tire.
01:29No word on paying up.
01:31If you're tied to NASCAR, watch your accounts hackers don't break.
01:34How long's it take your organization to spot a breach?
01:36Weeks, like NASCAR's crew.
01:38Now, patchwork APT fishing with a side of drones.
01:41Indian APT patchworks back spear-fishing Turkish defense firms with fake UAV conference baits.
01:46Malicious LNK files drop back doors while a decoy PDF distracts stealing data and snapping screens.
01:52They're chasing geopolitical dirt, likely on Turkey-Pakistan defense ties.
01:56Defense sector?
01:56Eyeball weird email attachments, unsolicited invites, or bad news.
02:00Patchworks dodging detection?
02:02Tweaking tools like pros?
02:03When'd you last train your team on fishing?
02:05Think they'd bite a fake drone conference?
02:07Fire Ant.
02:08Virtual infrastructure takedown.
02:10Chinese Fire Ants gutting VMware ESXIV Center VPNs load balancers.
02:14They exploit bugs like CVE-2023-34048 to own hypervisors.
02:19Pivot to virtual machines plant Python back doors.
02:22Tied to UNC-3886, they kill logs, swap tools to dodge defenders, unpatched virtualization.
02:28You're begging for a full-stack takeover.
02:30Patch VMware, lock network gear, log everything Fire Ants betting you won't.
02:34Got eyes on your virtualization layer?
02:36Or are your hypervisors open season?
02:39Castle Loader, malware's new delivery boy.
02:42Castle Loaders, a slick malware loader writing fake Cloudflare captchas and spoofed GitHub repos.
02:48Users paste dodgy PowerShell or run fake installers and bam deer stealer redline worse.
02:54Since May, 1,634 attempts, 469 infections, 29% hit rate.
03:01Encrypted, memory-only sandbox proof.
03:03Don't run random web code or trust every GitHub repo.
03:06Lock PowerShell, verify URLs, or you're screwed.
03:10Ever pasted a command from a sketchy site?
03:12Why trust?
03:13A captcha fix.
03:15Critical patches?
03:16Sophos, SonicWall, Mattel.
03:18Sophos Firewall, 2.9.8 out of 10.
03:21Remote code execution bugs and email protection SQL injection.
03:24Patch now only 1% of setups at risk, but don't roll dice.
03:27SonicWall, SMA100, CVSS 9.1, flaw in VPN web interface.
03:34Admins can be tricked into malicious uploads.
03:36Patch to 10.2.2.1-90 SV kill external management.
03:41Add multi-factor authentication.
03:43UNC6148 sniffing.
03:45Mattel MiVoice and MyCollab 9.4 out of 10.
03:48Auth Bypass and MyVoice MX1 plus MyCollab SQL injection.
03:53Patch or yank management offline.
03:55No exploits yet, but Mattel's a repeat target.
03:57How fast can you patch edge devices?
03:59A week's delay hands, hackers the keys.
04:01That's your hack attack fix for today.
04:03SharePoint's a spy fest, NASCAR's leaking like a sieve.
04:06Patchwork and Fire Ant are state-backed terrors,
04:08castle loaders playing users,
04:10and unpatched gears, a hacker's dream.
04:12Stay sharp, patch fast, trust nothing.
04:15Catch me tomorrow for more Tales from the Cyber Abyss.
04:17Stay paranoid and don't get pommed.
Comments