Cybersecurity News: Life360 faces extortion attempt, White House reports increase in federal attacks, Black Basta exploits zero-day flaw in windows


Life360, the parent company of Tile, faced an extortion attempt following a data breach in Tile’s customer support platform. The breach exposed personal information such as names, addresses, email addresses, and phone numbers. Fortunately, sensitive data like credit card details or location information was not compromised since it is not stored on the customer support platform. The hacker reportedly gained access using stolen credentials from a former Tile employee. While Life360 confirmed the extortion attempt, they have not disclosed the exact number of customers affected.

The White House released a report highlighting a 9.9% increase in cybersecurity incidents across 11 US federal agencies in 2023, totaling 32,211 cases. The most common incident was “improper usage,” with phishing and malicious emails showing the largest year-on-year increase. Notable breaches included ransomware attacks on the Department of Health and Human Services, data exposures at the Treasury Department, and successful phishing at the Office for the Inspector General. The report serves as a roadmap for the administration’s cyber investment priorities.

In Kyiv, Ukrainian cyber police arrested a 28-year-old Russian man with ties to the LockBit and Conti ransomware gangs. The suspect allegedly developed undetectable malware for these criminal groups, operating as a freelance hacker selling services for cryptocurrency. Dubbed “Operation Endgame,” an international law enforcement action led to the arrest, disrupting 100 criminal servers and seizing over 2,000 malicious domains.

Symantec discovered that the Black Basta ransomware group exploited a zero-day flaw (CVE-2024-26169) in the Windows Error Reporting Service before it was patched in March 2024. This flaw allowed attackers to gain SYSTEM privileges with a CVSS score of 7.8. Linked to the Cardinal group, Black Basta used pre-patch exploit tools to manipulate registry keys and execute commands with administrative privileges.

Google released patches addressing 50 security vulnerabilities affecting Pixel devices, including a high-severity zero-day flaw (CVE-2024-32896) exploited in targeted attacks. Users are urged to update to the 2024-06-05 patch level, which also resolves 44 other security bugs, including critical privilege escalation vulnerabilities.

Shortly after its disclosure, the TellYouThePass ransomware group exploited a newly disclosed PHP vulnerability (CVE-2024-4577) allowing remote code execution. The ransomware infiltrated systems via WebShell uploads, affecting both Windows and Linux platforms. Active since 2019, TellYouThePass has a history of exploiting vulnerabilities like Apache Log4j and Apache ActiveMQ Server.

The Toronto School Board reported an attack on its technology testing environment, separate from its official networks. Investigations are ongoing to determine any impact or data compromise. Managing 582 schools and over 230,000 students, TDSB assured parents that systems remain operational as they work to secure their networks.

Scattered Spider, a cybercrime group, has merged with the RansomHub ransomware-as-a-service (RaaS) operator following the disbandment of ALPHV/BlackCat. GuidePoint Security linked Scattered Spider to RansomHub based on shared tactics, including social engineering and attacks on ESXi environments.