This Week in Cybersecurity News: New York Times Olympic Auto Parts Edition

6 minute read

  • Nathan Burke

NYT source code leaks, Advance Auto Parts customer data for sale, Frontier warns of data breach, Snowflake and Olympics update and more.

Breaches and Attacks in the News

‘New York Times source code’ leaks online via 4chan
By Jessica Lyons – TheRegister
A 4chan user claims to have leaked 270GB of internal New York Times data, including source code and other web assets, via the notorious image board. According to the unnamed netizen, the information includes “basically all source code belonging to The New York Time Company,” amounting to roughly 5,000 repositories and 3.6 million files now available for download from peer-to-peer networks. Details on how to get the files were shared by the poster on 4chan.
See Also: New York Times source code stolen using exposed GitHub token

Advance Auto Parts customer data posted for sale
By Pieter Arntz – MalwareBytes
A cybercriminal using the handle Sp1d3r is offering to sell 3 TB of data taken from Advance Auto Parts, Inc. Advance Auto Parts is a US automotive aftermarket parts provider that serves both professional installers and do it yourself customers. Advance Auto Parts has not disclosed any information about a possible data breach and has not responded to inquiries. But BleepingComputer confirms that a large number of the Advance Auto Parts sample customer records are legitimate. Interestingly enough, the seller claims in their post that the data comes from Snowflake, a cloud company used by thousands of companies to manage their data. On May 31st, Snowflake said it had recently observed and was investigating an increase in cyber threat activity targeting some of its customers’ accounts. It didn’t mention which customers.
See Also: Advance Auto Parts stolen data for sale after Snowflake attack

Frontier warns 750,000 of a data breach after extortion threats
By Bill Toulas – BleepingComputer
Frontier Communications is warning 750,000 customers that their information was exposed in a data breach after an April cyberattack claimed by the RansomHub ransomware operation. Frontier is a leading U.S. communications provider that provides gigabit Internet speeds over a fiber-optic network to millions of consumers and businesses across 25 states. The telecommunications provider says it suffered a cyberattack in mid-April 2024, allowing hackers to access customers’ personal information stored on its systems.

Christie’s Says Ransomware Attack Impacts 45,000 People
By Eduard Kovacs – SecurityWeek
Auction house Christie’s has informed authorities that the data breach caused by a recent ransomware attack impacts the information of roughly 45,000 individuals. According to information submitted by the company to the Maine Attorney General, the intrusion was discovered on May 9. An investigation showed that the attackers managed to steal some files containing personal information. Impacted individuals are being notified. The notification letter sample submitted by Christie’s to the Maine AG does not specify what type of data was compromised besides names, driver’s license numbers, and non-driver identification card numbers.
See Also: Christie’s data breach impacted 45,798 individuals

Snowflake tells customers to enable MFA as investigations continue
By Brandon Vigliarolo – TheRegister
Cloud data analytics platform Snowflake said it is going to begin forcing customers to implement multi-factor authentication to prevent more intrusions. The move comes in response to an incident discovered late last month by analysts at Hudson Rock, which saw criminals make off with more than a terabyte of data from Ticketmaster, information from Spanish bank Santander, and most recently (it’s been claimed), hundreds of millions of customer files from Advance Auto Parts. All are Snowflake customers.

Severe blood shortage hits NHS due to ransomware attack
By Naveen Goud – Cybersecurity Insiders
In recent times, the threat of ransomware attacks has plagued businesses, often leading to devastating consequences such as closures and data loss. However, the impact of such attacks has now extended beyond the corporate realm, affecting critical healthcare services and the patients they serve. A pathology services firm, Synnovis, recently fell victim to a malicious cyber attack, resulting in significant disruptions to its operations. As a result, essential blood sample testing services have been suspended, causing chaos and IT complications within the organization.

Los Angeles Unified School District investigates data theft claims
By Sergiu Gatlan – BleepingComputer
Los Angeles Unified School District (LAUSD) officials are investigating a threat actor’s claims that they’re selling stolen databases containing records belonging to millions of students and thousands of teachers. LAUSD is the second largest public school district in the United States, with over 25,900 teachers, roughly 48,700 other employees, and more than 563,000 students enrolled during the 2023-2024 school year. The threat actor selling the allegedly stolen data for $1,000 says the CSV files put up for sale on a hacking forum contain over 11GB of data, as first spotted by Dark Web Informer. These files are said to include over 26 million records with student information, more than 24,000 teacher records, and around 500 containing staff information.

Threats, Campaigns, and Techniques in the News

UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion
By Mandiant
Through the course of our incident response engagements and threat intelligence collections, Mandiant has identified a threat campaign targeting Snowflake customer database instances with the intent of data theft and extortion. Snowflake is a multi-cloud data warehousing platform used to store and analyze large amounts of structured and unstructured data. Mandiant tracks this cluster of activity as UNC5537, a financially motivated threat actor suspected to have stolen a significant volume of records from Snowflake customer environments. UNC5537 is systematically compromising Snowflake customer instances using stolen customer credentials, advertising victim data for sale on cybercrime forums, and attempting to extort many of the victims.

Phishing for Gold: Cyber Threats Facing the 2024 Paris Olympics
By Mandiant
Mandiant assesses with high confidence that the Paris Olympics faces an elevated risk of cyber threat activity, including cyber espionage, disruptive and destructive operations, financially-motivated activity, hacktivism, and information operations. Olympics-related cyber threats could realistically impact various targets including event organizers and sponsors, ticketing systems, Paris infrastructure, and athletes and spectators traveling to the event. Mandiant assesses with high confidence that Russian threat groups pose the highest risk to the Olympics. While China, Iran, and North Korea state sponsored actors also pose a moderate to low risk. To reduce the risk of cyber threats associated with the Paris Olympics, organizations should update their threat profiles, conduct security awareness training, and consider travel-related cyber risks. The security community is better prepared for the cyber threats facing the Paris Olympics than it has been for previous Games, thanks to the insights gained from past events. While some entities may face unfamiliar state-sponsored threats, many of the cybercriminal threats will be familiar. While the technical disruption caused by hacktivism and information operations is often temporary, these operations can have an outsized impact during high-profile events with a global audience.

GitHub Repos Targeted in Cyber-Extortion Attacks
By Jai Vijayan – DarkReading
An unknown user going by the handle “Gitloker” is grabbing and wiping clean repositories on GitHub in an apparent effort to extort victims. The campaign, which a researcher at Chilean cybersecurity firm CronUp highlighted in a message on social platform X this week, appears to have been ongoing since at least February 2024.  Posts on GitHub community forums suggest that several GitHub users have run into the issue over the past few months, although the actual number remains unknown.

New Fog ransomware targets US education sector via breached VPNs
By Bill Toulas – BleepingComputer
A new ransomware operation named ‘Fog’ launched in early May 2024, is using compromised VPN credentials to breach the networks of educational organizations in the U.S. Fog was discovered by Artic Wolf Labs, which reported that the ransomware operation has not set up an extortion portal yet and was not observed stealing data. However, BleepingComputer can confirm the ransomware gang steals data for double-extortion attacks, using the data as leverage to scare victims into paying.

Cybersecurity and Public Policy in the News

House Republicans propose eliminating funding for election security
By Derek B. Johnson – Cyberscoop
A key House panel has zeroed out funding for federal grants that would send tens of millions of dollars to state and local governments to improve the security of their election infrastructure, while slashing funds for the federal agency charged with disbursing them. This week, Republican leaders on the House Appropriations Committee released an appropriations bill that would reject a $96 million request from the Biden administration for grant funding through the Help America Vote Act, which has funneled billions in federal dollars to states and localities since 2002 to replace voting machines, train workers, harden the security of election systems and meet other election administration needs.

FCC approves $200M for cybersecurity in schools
By Shaun Nichols – SC Media
The U.S. Federal Communications Commission approved a $200 million program to improve cybersecurity in schools and libraries. The pilot program will earmark money from the larger Universal Service Fund to schools and libraries looking to upgrade their data and network security equipment. In exchange, the FCC will collect data on the equipment in order to help craft a larger program for cybersecurity rollouts.

Cybersecurity Opinion

Microsoft rolls back ‘dumbest cybersecurity move in a decade’ 
By AJ Vicens – Cyberscoop
Microsoft on Friday said that it would make major changes to a recently announced AI product that relied on screenshots of users’ screens to make a searchable log of past activity, a move that comes after withering criticism from security researchers.  When Microsoft announced the feature it dubbed Recall last month, CEO Satya Nadella referred to it as “photographic memory” that could “recreate moments from the past” of anything a user does, using the company’s proprietary artificial intelligence models running on the upcoming Copilot+ PCs

Cybersecurity Podcast of the Week


Cybersecurity News

More like this
a call center with hackers in hoodies calling people to install ransomware with piles of money around them in photorealistic style


This Week in Cybersecurity News: Volcano Demon Ransomware Group Calling Victims, TeamViewer Confirms Breach, Ransomware Demands Soar to $5.2 Million Per Attack and More….

FacebookLinkedInTweetEmail Breaches and Attacks in the News TeamViewer Confirms Security Breach by Russian Midnight BlizzardBy WAQAS ...

Read the post: This Week in Cybersecurity News: Volcano Demon Ransomware Group Calling Victims, TeamViewer Confirms Breach, Ransomware Demands Soar to $5.2 Million Per Attack and More….


Silent Threat Unveiled: The UEFI Firmware Vulnerability (CVE-2024-0762)

FacebookLinkedInTweetEmail By Lior Tenne – Security Researcher A critical security flaw (CVE-2024-0762) in Phoenix SecureCore UEFI ...

Read the post: Silent Threat Unveiled: The UEFI Firmware Vulnerability (CVE-2024-0762)
scripting & interpreter nagomi


Prioritizing MITRE ATT&CK Techniques for Command & Scripting Interpreters

FacebookLinkedInTweetEmail The second in a five part series looking at where security teams can understand the ...

Read the post: Prioritizing MITRE ATT&CK Techniques for Command & Scripting Interpreters