Hello, fellow hackers! In this week’s issue of HackerReport, we're diving into the latest data breach reports, major software update advisories, and essential security tips to combat ransomware.

What’s Inside

1. Massive National Data Breach Exposes 3 Billion Social Security Numbers

2. Trump Campaign Hacked by Suspected Iranian Hackers

3. Microsoft Tackles Six 0-Days in August 2024 Security Patch

4. Cybersecurity at the Paris Olympics

5. Ransomware: The Digital Extortion Threat

6. Cybersecurity Word of the Day: Smishing

Cybersecurity News This Week

1. Massive National Data Breach Exposes 3 Billion Social Security Numbers

• Scope of Breach: A significant data breach has compromised the Social Security numbers of approximately 3 billion individuals, marking one of the largest data breaches in history.

• Impact on Security: The breach raises serious concerns about national security and the protection of personal information, highlighting vulnerabilities in data management systems.

• Government Response: Authorities are investigating the breach and working to mitigate its impact, urging affected individuals to monitor their financial accounts and credit reports for suspicious activity.

• Determine If You Were Affected: Search this site to learn if you were affected by the breach.

🤦 Well, there goes my identity.🤦 

2. Trump Campaign Hacked by Suspected Iranian Hackers

• Email Compromise: Suspected Iranian hackers breached the personal email account of Roger Stone, a key Trump associate, using it as a foothold to attempt further infiltration into the Trump campaign's networks.

• Foreign Involvement Alleged: The campaign has attributed the breach to "foreign sources hostile to the United States," specifically pointing to a Microsoft report that identified Iranian hackers as responsible for breaking into a high-ranking official's account in June 2024.

• Leaked Documents: Politico received emails from an anonymous source containing internal campaign documents, including a dossier on Trump's running mate, Ohio Sen. JD Vance. The documents are said to be authentic by sources familiar with them.

• Investigation and Denial: The FBI, alongside other investigators, is probing the breach, with Iran denying involvement. The attack methods align with those typically used by Iranian cyber operatives, adding to concerns over foreign interference in the 2024 election.

• Historical Context: This breach draws parallels to the 2016 Democratic Party hack, where Russian hackers were blamed for leaking internal communications. The current situation underscores ongoing concerns about foreign interference in U.S. elections.

🤦 Trump Campaign, where is your multi-factor authentication at? 🤦 

3. 🐛 Microsoft Tackles Six 0-Days in August 2024 Security Patch

1. Zero-Day Exploits: This month's patch includes fixes for six actively exploited zero-day vulnerabilities, with CVE-2024-38189 in Microsoft Project posing significant risks due to remote code execution if macros are not properly managed.

2. Critical Vulnerabilities: Among the critical patches, two vulnerabilities (CVE-2024-38140 and CVE-2024-38063) have CVSS scores of 9.8, targeting Windows' RMCAST driver and TCP/IP stack, respectively, both enabling remote code execution under specific conditions.

3. Severity: 92 vulnerabilities were patched, with nine rated critical, emphasizing the need for immediate updates.

😎 If you have an affected windows system, patch now! 😎 

4. 📰 Cybersecurity at the Paris Olympics

As people gathered around their TV to watch Torri Huske and Simon Biles take gold for Team USA at the Paris 2024 Olympics, not to mention Raygun’s infamous breakdancing routine, an invisible issue lurked behind the scenes that most Americans were unaware of: cyber attacks targeting platforms used at the Paris Olympics.

Here’s a breakdown on what happened:

• 140 Cyberattacks Reported: French authorities noted over 140 cyberattacks during the Olympics, including 119 low-impact and 22 serious incidents targeting critical infrastructure.

• Increased Security Measures: The Agence Nationale de la Sécurité des Systèmes d'Information (ANSSI) collaborated with private partners to enhance monitoring and secure networks.

• Ongoing Vulnerabilities: Less than 20% of French businesses feel their cybersecurity is mature, highlighting persistent challenges despite extensive preparations.

• Ransomware Attack on Olympic Venue: A ransomware attack targeted the Grand Palais and other museums in the Réunion des Musées Nationaux network, which are hosting events for the Paris 2024 Olympics.

While attackers are always attempting to breach systems, in this case, the Olympic venues and platforms, security professionals work tirelessly behind the scenes to secure the games. Always be vigilant about keeping your security strong (not like your break dancing).

🥚HackerReport Easter Egg 🥚

• A Hacker Summer Camp Does Exist!

  ToorCamp is the ultimate hacker summer camp where tech-savvy families gather in the Pacific Northwest for epic adventures. Imagine drone-delivered tacos, kids' lock-picking sessions, solar oven s’mores, and a pixel art studio run by kids—who totally schooled the adults. It's all the fun of a summer camp mixed with hacker ingenuity, minus the sales pitches. Check it out!

Security Crash Course

5. 🤑 Ransomware: The Digital Extortion Threat

What is Ransomware?: Ransomware is a type of malicious software designed to block access to a computer, files, accounts, and/or data until a ransom is paid. Traditionally, ransomware works by encrypting the victim's files or data, making them inaccessible. The attacker then demands a ransom, often in cryptocurrency, in exchange for a decryption key that will restore access

Why?: Ransomware can cause significant disruption to individuals and organizations by locking them out of critical data and systems. It often leads to financial losses, reputational damage, and can compromise sensitive information.

How It Works (Basic Method):

• Ransomware is delivered via phishing emails, software vulnerabilities, and/or misconfiguraitons.

• The malware is executed on the system when the user interacts with the malicious content.

• It encrypts files on the infected system.

• A ransom message is displayed, demanding payment for the decryption key.

Basic Preventative Measures:

• Regular Backups: Implement the 3-2-1 backup rule by keeping three copies of data on two different storage types with one copy offline (for the advanced). For personal, you can just use Google Drive Backup. This ensures data can be restored without paying ransom.

• Strong Authentication: Use phishing-resistant, multi-factor authentication, to protect access to systems and data.

• System Updates and Patching: Continuously update and patch operating systems, software, and applications to protect against vulnerabilities that ransomware might exploit.

Cybersecurity Word of the Day

6. 📖 Cybersecurity Word of the Day: Smishing

Smishing refers to a form of phishing attack that uses SMS text messages to deceive individuals into providing sensitive information. These messages often appear to come from legitimate sources, such as banks or service providers, and may include a link to a fake website designed to steal personal data.

Example: “Lisa received a text from what seemed like her bank, urging her to verify a suspicious transaction by clicking on a link. The message appeared legitimate, so Lisa clicked the link and entered her banking details. Later, she discovered that her account had been compromised. She learned the importance of verifying the authenticity of such messages before taking action.”

❤️ Thank you for reading this issue of HackerReport brought to you by ZeroVuln^SM, Your Personal Cybersecurity Team^TM. ❤️

In our next issue, we'll dive into smishing attacks, security tips when using a wifi hotspot, a deep dive on a phishing/malware campaign, and more. Until then, stay safe online!

Helpful Links

• Need help with your security? Contact ZeroVuln or book an appointment directly. Learn more about our services at www.zerovuln.ai.

• Have a topic or product you'd like us to review? Want to share your feedback or give us some love? Drop us an email at [email protected]. We’d love to hear from you!

• Do you have an idea for a newsletter and you love the platform we use? You’re in luck! Get a free 30-day trial + 20% OFF for 3 months. Sign up here.

• Please help us reduce data breaches and grow our newsletter! Send this subscribe link to your friends, family, and/or co-workers.