In this issue:

Apache OFBiz ERP - zero-day hits OFBiz Enterprise Resource Planning system;
The Grand Palais Réunion des musées nationaux - a ransomware attack hits Paris amidst the Olympics;
McLaren Health Care, INC Ransom - ransomware attack on a major healthcare provider;
Hunters International - a ransomware group targets IT workers with a new Trojan;  
Cryptonator, US DoJ, German law enforcement - Crypto wallet seized by authorities; 
Google, Android - zero-day exploited in the wild, update ASAP; 
INTERPOL, I-GRIP - Authorities recover $40+ million from a BEC
National Public Data - 2.9 billion personal records exposed as a result of data scraping;
CrowdStrike, Windows - Crowdstrike discloses the official reason for the update fiasco;

Vulnerability of the Week - Apache OFBiz ERP 0-day ( CVE-2024-38856)

A critical zero-day vulnerability, CVE-2024-38856, has been discovered in the Apache OFBiz ERP system, allowing pre-authentication remote code execution. With a CVSS score of 9.8, this flaw affects versions prior to 18.12.15. SonicWall reported that the vulnerability stems from a flaw in the authentication mechanism, enabling unauthenticated users to access restricted functionalities. This issue also bypasses the patch for CVE-2024-36104, resolved in version 18.12.14. The flaw resides in the override view functionality, exposing critical endpoints to unauthenticated threat actors through specially crafted requests.

[Ransomware]
The Grand Palais Réunion des musées nationaux 

The Grand Palais Réunion des musées nationaux in France suffered a ransomware attack on August 3, 2024, causing operational disruptions. The institute is currently hosting the fencing and Taekwondo competitions, as part of the Olympic Games. Systems were shut down to prevent the spread, affecting bookstores and boutiques. The museums under its management continue to operate normally. No group has yet claimed the attack. 

[Ransomware]
McLaren Health Care, INC Ransom

On Tuesday (August, 6th), McLaren Health Care hospitals' IT and phone systems were disrupted by an INC Ransom ransomware attack. The non-profit health system, with $6.5 billion in annual revenue, is investigating the breach and advises patients to bring detailed medical information to appointments due to potential data access issues. INC Ransom is a ransomware-as-a-service (RaaS) operation that surfaced in July 2023 and has since targeted organizations in both the public and private sectors.

[Ransomware]
Hunters International ransomware

The Hunters International ransomware group targets IT workers with SharpRhino, a new C# remote access trojan. The Trojan malware achieves initial infection, elevates privileges, executes PowerShell commands, and deploys ransomware. Reportedly, it uses typosquatting sites to impersonate legitimate networking tools for initial infection.

[Cryptocurrencies]
Cryptonator, US DoJ, German law enforcement

U.S. and German authorities seized Cryptonator's domain, used by ransomware gangs and darknet markets, and indicted its operator Roman Boss for money laundering and operating an unlicensed money service. Cryptonator lacked anti-money laundering controls, enabling illicit activities.

[Update]
Google, Android

Google has patched CVE-2024-36971, a high-severity Linux kernel vulnerability in Android devices. The bug, under limited, targeted exploitation, allows remote code execution. Google's August update also addressed 46 other flaws, with most rated high severity, highlighting the increasing threat of zero-day exploits by both espionage and financially motivated hackers.

[Legal]
INTERPOL, I-GRIP

INTERPOL's stop-payment mechanism, I-GRIP, recovered over $40 million stolen in a BEC attack on an unnamed commodity firm based in Singapore. This marks the largest recovery of funds from a BEC scam to date, demonstrating the effectiveness of the Global Rapid Intervention of Payments (I-GRIP) system.

[Legal]
National Public Data (Jerico Pictures)

A class action lawsuit against National Public Data (Jerico Pictures) alleges a data breach exposed 2.9 billion personal records on the dark web. The breach involved sensitive data collected through ‘scraping’ and has led to accusations of negligence. Plaintiffs seek compensation and improved data protection measures.

[Legal]
CrowdStrike, Windows

CrowdStrike's root cause analysis revealed a content validation issue in the Falcon Sensor update, causing a global Windows crash. The problem stemmed from a mismatch in input parameters during the introduction of a new IPC Template Type, undetected in testing due to wildcard matching criteria.

Resources

• The Hacker News: New Zero-Day Flaw in Apache OFBiz ERP Allows Remote Code Execution

• Bleeping Computer: France's Grand Palais discloses cyberattack during Olympic games

• Bleeping Computer: McLaren hospitals disruption linked to INC ransomware attack

• Bleeping Computer: Ransomware gang targets IT workers with new SharpRhino malware

• Bleeping Computer: Cryptonator seized for laundering ransom payments, stolen crypto

• The Record: Google says Android zero-day was exploited in the wild

• Bleeping Computer: INTERPOL recovers over $40 million stolen in a BEC attack

• Tech Radar: One of the biggest data breaches ever leaks details on billions of users — here's what we know so far

• The Hacker News: CrowdStrike Reveals Root Cause of Global System Outages