Daily News Update: Saturday, March 22, 2025 (Australia/Melbourne)
Oracle Denies Breach After Hacker Claims Theft of 6 Million Data Records
Oracle denies it was breached after a threat actor claimed to be selling 6 million data records allegedly stolen from Oracle Cloud federated SSO login servers.
The threat actor, rose87168, released a sample database, LDAP information, and a list of companies allegedly stolen from Oracle Clouds' SSO platform. They claim to have stolen encrypted SSO passwords, Java Keystore (JKS) files, key files, and enterprise manager JPS keys after hacking into 'login.(region-name).oraclecloud.com' Oracle servers.
Oracle states that there has been no breach of Oracle Cloud and that no Oracle Cloud customers experienced a breach or lost any data.
Bleeping Computer | "Oracle denies breach after hacker claims theft of 6 million data records"
Citizen Lab Reports Paragon Spyware Deployed Against Journalists and Activists
Citizen Lab reports that Paragon Solutions' Graphite spyware has been used to target journalists, activists, and other civilians. Paragon, co-founded by former Israeli Prime Minister Ehud Barak and Ehud Schneorson, pitches Graphite as a restrained alternative to NSO Group's Pegasus. Citizen Lab shared technical details of Paragon's infrastructure with Meta, leading WhatsApp to identify and block a zero-click exploit used by Paragon to inject its spyware. WhatsApp notified approximately 90 users believed to have been targeted. Several Italian WhatsApp users, including Francesco Cancellato, Luca Casarini, and Giuseppe Caccia, were allegedly targeted. SpyX, a parental control software vendor, suffered a security breach, exposing nearly two million accounts' details.
The Register | "Paragon spyware deployed against journalists and activists, Citizen Lab claims"
Phishing Campaign Targets SEO Professionals' Google Accounts
A phishing campaign is targeting SEO professionals with malicious Semrush Google Ads to steal their Google account credentials. The threat actor is believed to be after Google Ads accounts to create new malvertising campaigns.
Cybercriminals are abusing the Semrush brand, a popular SaaS platform for SEO and online advertising. The phishing sites mimic Semrush's interface and force users to log in via "Log in with Google." The attackers may gain access to sensitive business data in Google Analytics and Google Search Console.
"The scammers' ultimate goal are Google accounts. But their second best option are SaaS credentials. If an enterprise Google account was linked in the past, there's a possibility of exfiltrating sensitive Google data without compromising the Google account itself."
Bleeping Computer | "Fake Semrush ads used to steal SEO professionals’ Google accounts"
Steam Pulls Game Demo Distributing Info-Stealing Malware
Valve has removed the game 'Sniper: Phantom's Resolution' from Steam after users reported that the demo installer infected their systems with information-stealing malware.
The installer, inventively named 'Windows Defender SmartScreen.exe,' contained commodity attack tools, including a privilege escalation utility, a Node.js wrapper, and the tool 'Fiddler.' The malware executed Node.js scripts and created a startup task for persistence.
Users who installed the game are advised to uninstall it and run a full system scan. The developer's website has been taken offline.
Bleeping Computer | "Steam pulls game demo infecting Windows with info-stealing malware"
CISA Warns of Actively Exploited NAKIVO Backup Flaw
CISA has added CVE-2024-48248, a high-severity absolute path traversal vulnerability in NAKIVO's Backup & Replication software, to its Known Exploited Vulnerabilities catalog. This flaw allows unauthenticated attackers to read arbitrary files on vulnerable devices.
NAKIVO patched the vulnerability in November with version 11.0.0.88174 after being notified by watchTowr Labs. The vulnerability could expose sensitive data, including configuration files, backups, and credentials, potentially leading to data breaches.
Federal Civilian Executive Branch (FCEB) agencies have until April 9th to patch their systems. All organisations are advised to prioritise patching this vulnerability. NAKIVO advises customers to check system logs for unauthorised access attempts and unexpected file access activities.
Bleeping Computer | "CISA tags NAKIVO backup flaw as actively exploited in attacks"
US Treasury Removes Sanctions Against Tornado Cash Crypto Mixer
The U.S. Department of Treasury has removed sanctions against Tornado Cash, a cryptocurrency mixer used by North Korean Lazarus hackers to launder stolen funds. The decision follows an appellate court ruling that the Treasury exceeded its authority in imposing sanctions. Tornado Cash was sanctioned in August 2022 for helping launder over $7 billion since 2019.
The Treasury remains concerned about state-sponsored hacking and money laundering but acknowledges the opportunities presented by digital assets. The Justice Department charged two of Tornado Cash's founders, Roman Storm and Roman Semenov, with money laundering. Alexey Pertsev, another co-founder, was sentenced to 64 months in prison in the Netherlands.
"We remain deeply concerned about the significant state-sponsored hacking and money laundering campaign aimed at stealing, acquiring, and deploying digital assets for the Democratic People's Republic of Korea (DPRK) and the Kim regime."
Bleeping Computer | "US removes sanctions against Tornado Cash crypto mixer"
The Record | "US Treasury removes sanctions on Tornado Cash after appellate court loss"
DoD Engineer Arrested for Taking Top-Secret Documents Home
Gokhan Gun, a Department of Defense electrical engineer, pleaded guilty to unauthorised removal and retention of classified material. Gun printed 155 pages from 20 top-secret and classified documents from his DoD workspace and took them home. He was arrested on his way to Mexico.
Gun had top-secret security clearance with access to sensitive compartmented information (SCI) and was trained on handling classified information. The FBI found a file marked "top secret" in a backpack he was taking on the trip. He faces up to five years in prison.
The Register | "Dept of Defense engineer took home top-secret docs, booked a fishing trip to Mexico – then the FBI showed up"
Former Michigan Football Coach Indicted for Hacking Athlete Databases
Matthew Weiss, a former University of Michigan assistant football coach, has been indicted on 24 counts for hacking into the student athlete databases of over 100 colleges and universities. He allegedly accessed the medical information of about 150,000 people. Weiss is accused of gaining unauthorised access from 2015 to January 2023 to databases maintained by third-party vendor Keffer Development Services (also known as Athletic Trainer System).
He allegedly downloaded personal information and medical data of over 150,000 athletes and hacked into the social media, email, and cloud storage accounts of over 2,000 target athletes and another 1,300 students and alumni. Weiss primarily targeted female college athletes, seeking private photographs and videos.
He allegedly cracked the encryption protecting passwords and exploited vulnerabilities in universities' account authentication processes. He faces a maximum of five years for each hacking charge and two years for each identity theft charge.
"Weiss primarily targeted female college athletes. He researched and targeted these women based on their school affiliation, athletic history and physical characteristics,” the indictment said. “His goal was to obtain private photographs and videos never intended to be shared beyond intimate partners."
The Record | "Former Michigan football coach indicted in hacks of athlete databases of more than 100 colleges "
