CyberNews Central 🛡️

A suspected advanced persistent threat (APT) originating from China targeted a government organization in Taiwan, and possibly other countries in the Asia-Pacific (APAC) region, by exploiting a recently patched critical security flaw impacting OSGeo GeoServer GeoTools. The intrusion activity, which was detected by Trend Micro in July 2024, has been attributed to a threat actor dubbed Earth Baxia. https://lnkd.in/gii49k-6

Oracle Corporation, a leading multinational computer technology company, has allegedly suffered a data breach impacting the personal details of its employees. According to the post, the breach exposed sensitive employee details from a third-party source, affecting 4,002 records. https://lnkd.in/dGdwsrmm

Dell has confirmed to BleepingComputer that they are investigating recent claims that it suffered a data breach after a threat actor leaked the data for over 10,000 employees. The allegations were published yesterday by a threat actor named "grep," who alleges that the computing vendor suffered a "minor data breach" in September 2024, exposing internal employee and partner information. https://lnkd.in/eAK2x_E8

Microsoft has officially announced that Windows Server Update Services (WSUS) is now deprecated, but plans to maintain current functionality and continue publishing updates through the channel. This move isn't surprising, as Microsoft first listed WSUS as one of the "features removed or no longer developed starting with Windows Server 2025" on August 13. In June, the company also revealed that it would also soon deprecate WSUS driver synchronization. https://lnkd.in/dK7zny-X

Less than two weeks after patching one flaw, Ivanti announced on Sept. 19 that a second, critical Cloud Services Appliance (CSA) vulnerability is being exploited in the wild. The vulnerability (CVE-2024-8963, CVSS 9.4) is a path traversal in Ivanti CSA that allows a remote, unauthenticated attacker to access restricted functionalities. Attackers have chained it to the previously disclosed flaw, CVE-2024-8190, which is a high-severity OS command injection flaw that can allow unauthorized access to devices. The chain can be exploited for remote code execution (RCE), if the attacker has admin-level privileges. https://lnkd.in/dXM8NhyA

Ukraine’s National Coordination Centre for Cybersecurity (NCCC) has banned the Telegram messaging app on government agencies, military, and critical infrastructure, due to national security concerns. The ban does not affect Ukrainian citizens. https://lnkd.in/d7EG8z_u

Singaporean crypto platform BingX reported a cyberattack on Friday. Threat actors stole over $44 million worth of cryptocurrency. The crypto platform discovered unauthorized transfers of funds on Thursday night, shortly before BingX announced a shutdown for “wallet maintenance” on social media. https://lnkd.in/dDJuejrG

GreyNoise Intelligence firm warns of a mysterious phenomenon observed since January 2020, massive waves of spoofed traffic called Noise Storms. https://lnkd.in/d8CzfTJb

Post on a dark web forum alleges that Uber Eats, the food delivery service by Uber, suffered a data breach in September 2024, leading to the exposure of over 283,000 records. The post was made by a threat actor operating under the alias “@888”. According to the threat actor, the compromised dataset includes information such as order details and financial transactions. The exposed data reportedly contains fields like “Store Name,” “Order ID,” “Ordering Provider,” “POS Reference,” “Type,” and timestamps related to the placement and fulfillment of orders. Financial data, including “Subtotal,” “Delivery Charge,” “Tax,” “Tip,” and “Total,” was also listed as part of the leak. https://lnkd.in/dh434PBX

A threat actor, known as l33tfg, has claimed responsibility for leaking data allegedly belonging to SpaceX. The leaked information is said to include emails, password hashes, phone numbers, host details, and IP addresses. https://lnkd.in/depbNyDq