In mid-October, staff for the Colorado-based satellite maker, Maxar Technologies identified some unauthorized activity on their internal network and traced the intrusion back to an IP address in Hong Kong. The following investigation revealed that the attacker had gained access to a significant amount of extremely sensitive employee information, a large portion of which had been exfiltrated and later published on BreachForums. This incident comes just months after another threat actor claimed to have scraped data from Maxar by exploiting an API vulnerability.
Ransomware targets Oklahoma medical center
Upon completion of the investigation, it has been confirmed that more than 133,000 individuals have had their medical records compromised during a ransomware attack on the Great Plains Regional Medical Center in Oklahoma. The initial attack occurred during the first week of September, and the threat actor maintained access for several days before being discovered. While officials state that they were able to restore many of their systems to normal operation quickly, there were some portions of their servers that they were unable to recover.
Phobos ransomware operator arrested in South Korea
At the beginning of November, one individual suspected of being an operator behind the Phobos ransomware group was extradited from South Korea to the US to face prosecution. Phobos has operated as a Ransomware-as-a-Service, by working with affiliates who compromise victim networks and use Phobos for encryption and then pay for decryption keys to extort the victims into paying for the return or deletion of their stolen data. It is believed that Phobos and their affiliates have successfully targeted over 1,000 organizations across the globe and received upwards of $16 million in ransom payments.
Apple patches multiple Zero-day vulnerabilities for WebKit
Apple has recently pushed out patches for two known zero-day vulnerabilities that affect WebKit, the engine used for all iOS and iPadOS browsers, including Safari. The first vulnerability is labeled CVE-2024-44309, which could lead to cross-site scripting attacks by compromising WebKit. The second vulnerability, CVE-2024-44308, affects the JavaScriptCore, which is the JavaScript engine for WebKit, and can be exploited to perform remote code execution on the compromised device.
Hacker claims stolen data trove belongs to Ford Motor Company
Over the weekend, a hacker posted a data trove to the BreachForums hacker marketplace that is claimed to have come from Ford Motor Company. It is believed that the data contains 44,000 customer records, though the contents and legitimacy has yet to be confirmed. Officials for Ford are currently investigating the claim and are denying any breach at Ford specifically, though a third-party supplier has been identified as the possible source of the data.
