Google, SolarWinds, Linux, Mirasvit, Cisco and Zcash: DentaQuest Breach: ShinyHunters - Security Affairs

Google, SolarWinds, Linux, Mirasvit, Cisco and Zcash: DentaQuest Breach: ShinyHunters - Security Affairs

Cybersecurity Roundup: Critical Flaws, Espionage Campaigns, and Major Breaches

Recent weeks have seen a surge in high-profile cybersecurity incidents, from long-standing vulnerabilities to sophisticated espionage operations and large-scale data breaches.

Critical Vulnerabilities Exploited
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added multiple flaws to its Known Exploited Vulnerabilities (KEV) catalog, including:

  • A Mirasvit Full Page Cache Warmer flaw, now actively exploited.
  • Android and Linux Kernel vulnerabilities, posing risks to mobile and enterprise systems.
  • A SolarWinds Serv-U flaw, adding to the company’s history of supply chain attacks.
  • A Cisco Unified Communications Manager (CM) bug, with public exploit code now available, heightening urgency for patches.

In a separate discovery, researchers identified a four-year-old vulnerability in Zcash’s privacy layer, raising concerns about potential undetected exploitation. Meanwhile, a new VS Code zero-day was publicly disclosed after a researcher lost confidence in Microsoft’s vulnerability handling process.

Espionage and Targeted Attacks

  • Gamaredon, a Russian-linked threat group, exploited a WinRAR vulnerability in a modular spy campaign targeting Ukrainian entities.
  • A cyber espionage operation breached a stock exchange executive’s Outlook account, underscoring the risks of high-value phishing.
  • Russia’s FSB reported that foreign intelligence services infected officials’ phones with malware, highlighting state-sponsored surveillance threats.
  • The Silent Ransom Group (SRG) shifted to DNS fast flux infrastructure, complicating detection and attribution.

Data Breaches and Botnet Threats

  • ShinyHunters leaked data from DentaQuest, exposing 2.6 million individuals after a breach.
  • A Meta AI recovery tool flaw compromised over 20,000 Instagram accounts, demonstrating risks in authentication systems.
  • The IoT botnet C0XMO evolved to include competitor-killing capabilities, enabling attacks on rival botnets.

Law Enforcement Actions
Authorities dismantled nine crime groups linked to illegal streaming, resulting in 29 arrests and disrupting a major piracy ecosystem. Separately, researchers uncovered PCPJack, a 230-node cloud email relay network used for malicious campaigns.

These developments reflect the escalating complexity of cyber threats, from zero-days and state-backed espionage to large-scale data leaks and botnet warfare.

Source: https://securityaffairs.com/193274/data-breach/dentaquest-breach-shinyhunters-publish-data-impacting-2-6m-people.html/attachment/image-1418

Zcash Foundation cybersecurity rating report: https://www.rankiteo.com/company/zcash-foundation

Mirasvit cybersecurity rating report: https://www.rankiteo.com/company/mirasvit

Google cybersecurity rating report: https://www.rankiteo.com/company/google

SolarWinds cybersecurity rating report: https://www.rankiteo.com/company/solarwinds

Cisco cybersecurity rating report: https://www.rankiteo.com/company/cisco

The Linux Foundation cybersecurity rating report: https://www.rankiteo.com/company/the-linux-foundation

"id": "ZCAMIRGOOSOLCISTHE1780914449",
"linkid": "zcash-foundation, mirasvit, google, solarwinds, cisco, the-linux-foundation",
"type": "Vulnerability",
"date": "1/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': '2.6 million individuals',
                        'industry': 'Dental Insurance',
                        'name': 'DentaQuest',
                        'type': 'Healthcare'},
                       {'customers_affected': '20,000 accounts',
                        'industry': 'Technology',
                        'name': 'Instagram',
                        'type': 'Social Media'},
                       {'location': 'Ukraine',
                        'name': 'Ukrainian Entities',
                        'type': 'Government/Private'},
                       {'industry': 'Finance',
                        'name': 'Stock Exchange Executive',
                        'type': 'Individual'},
                       {'industry': 'Public Sector',
                        'location': 'Russia',
                        'name': 'Russian Officials',
                        'type': 'Government'},
                       {'industry': 'Piracy',
                        'name': 'Illegal Streaming Groups',
                        'size': '9 groups, 29 arrests',
                        'type': 'Criminal Organization'}],
 'attack_vector': ['Zero-day Exploit',
                   'Phishing',
                   'Supply Chain Attack',
                   'Malware',
                   'DNS Fast Flux'],
 'data_breach': {'data_exfiltration': ['Yes (ShinyHunters)'],
                 'number_of_records_exposed': ['2.6 million (DentaQuest)',
                                               '20,000 (Instagram)'],
                 'personally_identifiable_information': ['Yes'],
                 'sensitivity_of_data': ['High (PII)'],
                 'type_of_data_compromised': ['Personal Data',
                                              'Account Credentials']},
 'description': 'Recent weeks have seen a surge in high-profile cybersecurity '
                'incidents, from long-standing vulnerabilities to '
                'sophisticated espionage operations and large-scale data '
                'breaches.',
 'impact': {'data_compromised': ["2.6 million individuals' data (DentaQuest)",
                                 '20,000 Instagram accounts'],
            'identity_theft_risk': ['Personally Identifiable Information '
                                    '(PII)'],
            'systems_affected': ['Android',
                                 'Linux Kernel',
                                 'SolarWinds Serv-U',
                                 'Cisco Unified CM',
                                 'WinRAR',
                                 'Outlook',
                                 'Meta AI recovery tool']},
 'initial_access_broker': {'data_sold_on_dark_web': ['Yes (ShinyHunters)'],
                           'entry_point': ['Phishing (Outlook)',
                                           'Vulnerabilities (WinRAR, VS Code)'],
                           'high_value_targets': ['Stock Exchange Executive',
                                                  'Ukrainian Entities',
                                                  'Russian Officials']},
 'motivation': ['Espionage',
                'Financial Gain',
                'Data Theft',
                'Surveillance',
                'Competitor Disruption'],
 'post_incident_analysis': {'corrective_actions': ['Patch management',
                                                   'Enhanced monitoring',
                                                   'Law enforcement '
                                                   'disruption'],
                            'root_causes': ['Unpatched vulnerabilities',
                                            'Phishing attacks',
                                            'Supply chain weaknesses']},
 'ransomware': {'data_exfiltration': ['Yes (Silent Ransom Group)']},
 'references': [{'source': 'U.S. Cybersecurity and Infrastructure Security '
                           'Agency (CISA)'},
                {'source': 'Researchers (Zcash vulnerability, VS Code '
                           'zero-day)'}],
 'regulatory_compliance': {'legal_actions': ['29 arrests (illegal streaming '
                                             'groups)']},
 'response': {'law_enforcement_notified': ['Yes (for illegal streaming '
                                           'groups)'],
              'remediation_measures': ['Patches for vulnerabilities',
                                       'Disruption of botnet infrastructure']},
 'threat_actor': ['Gamaredon',
                  'Silent Ransom Group (SRG)',
                  'ShinyHunters',
                  'FSB (Russian Intelligence)',
                  'PCPJack Operators'],
 'title': 'Cybersecurity Roundup: Critical Flaws, Espionage Campaigns, and '
          'Major Breaches',
 'type': ['Vulnerability Exploitation',
          'Espionage',
          'Data Breach',
          'Ransomware',
          'Botnet'],
 'vulnerability_exploited': ['Mirasvit Full Page Cache Warmer flaw',
                             'Android and Linux Kernel vulnerabilities',
                             'SolarWinds Serv-U flaw',
                             'Cisco Unified Communications Manager (CM) bug',
                             'Zcash’s privacy layer vulnerability (4-year-old)',
                             'WinRAR vulnerability',
                             'VS Code zero-day']}
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.