Cybersecurity Digest for 17 July 2024:
Today we discuss:
MuddyWater’s Latest Cyber Onslaught and a sneaky backdoor!

AT&T Pays Hackers – Was it Worth it?

An Update on RiteAid’s Data Breach

SEXi Ransomware group rebrands…. Meet APT INC!

mSpy Breach

SYS01 Stealer Malware: Malvertising across Social Media

15 Million Trello Email Addresses Leaked

Google’s 23 Billion to acquire Wiz

Octo Tempest, AKA Scattered Spider adds new ransomware payloads

CISA adds one new vulnerability to its Known Exploited Catalog

Articles Referenced in the Show in the order they appear:
CheckPoint Research Bugsleep Backdoor:

New BugSleep Backdoor Deployed in Recent MuddyWater Campaigns - Check Point Research

AT&T Paid Threat Actor:

AT&T Paid a Hacker $370,000 to Delete Stolen Phone Records | WIRED

RiteAid Update:
Rite Aid says June data breach impacts 2.2 million people (bleepingcomputer.com)
SEXi Rebranding:

SEXi ransomware rebrands to APT INC, continues VMware ESXi attacks (bleepingcomputer.com)

Mspy Data Breach:

Mspy data breach exposes millions of customers' information (candid.technology)

Malvertising in Facebook, LinkedIn, and YoutTube:
Facebook Malvertising Epidemic – Unraveling a Persistent Threat: SYS01 (trustwave.com)

Malvertising_Research.pdf (trustwave.com)

Trello Leak:

Email addresses of 15 million Trello users leaked on hacking forum (bleepingcomputer.com)

Wiz Acquisition:

Exclusive | Google Near $23 Billion Deal for Cybersecurity Startup Wiz - WSJ

Microsoft Tweet Thread:
Microsoft Threat Intelligence on X

CISA KEV Addition:
NVD - CVE-2024-36401 (nist.gov)