Researchers have identified a new ransomware-as-a-service variant that impersonates the cybersecurity firm, Sophos, and appends encrypted files with ‘.sophos’ extensions. This new variant has been dubbed SophosEncrypt, based on the new file extensions and the victim device’s wallpaper being altered to show the legitimate Sophos logo. It has also been confirmed that the command & control servers that are being used by this ransomware variant were previously linked to Cobalt Strike, which would infect victim devices with cryptomining software.
JumpCloud suffers data breach
Last week, officials for the services provider, JumpCloud, revealed that they had fallen victim to a data breach that originated with a spear phishing campaign that targeted the organization in mid-June. After the initial reaction to the unauthorized intrusion, JumpCloud staff implemented the necessary security updates, forced users to update their credentials, and notified all impacted customers. Shortly thereafter, it was revealed that some customer data had been compromised and allowed the attackers to continue their intrusion into JumpCloud’s infrastructure, and potentially re-allowing unauthorized access to additional data storage locations.
FIA World Endurance Championship data leak
Researchers have found two unsecured databases belonging to Le Mans Endurance Management, the company that operates the main website for the FIA World Endurance Championship (FIA WEC) and has exposed highly sensitive information on hundreds of racing drivers. The affected databases contained over 1.1 million files, many of which are government-issued IDs and passports, which could lead to identity theft or other phishing scams. While there is no confirmation of the exposed data being misused, officials for FIA WEC have since contacted all impacted individuals and properly secured the unauthenticated databases.
MOVEit data breach affects Colorado State University
Recently, officials for Colorado State University (CSU) began contacting students and staff about a data breach stemming from the MOVEit data transfer attacks, which affected multiple third-party vendors for the institution. While the investigation is still on-going, it has been revealed that both student and staff data back to 2021 may have been stolen, though they have confirmed that CSU wasn’t directly targeted. Unfortunately, many of the third-party service vendors that were impacted by these attacks also provide their services to hundreds of other higher education institutions and could leave CSU as the first of many that have to disclose a data breach.
Millions of WordPress attacks driven by WooCommerce vulnerability
Over the weekend, researchers began tracking a significant number of cyberattacks that were focusing solely on WordPress sites that use the WooCommerce payment plugin, which has a critical remote access vulnerability. The bug in question can be exploited to allow an attacker to gain administrator access to a WordPress site and begin making extensive modifications, including installing the vulnerable WordPress plugin on other sites. Though the vulnerable plugin was patched back in March, many sites have still not done the proper updates to ensure their site is secured from these types of attacks.
