April 28, 2024 at 10:30PM
Discord data harvesting site Spy.pet, which gathered information on over 620 million users, was shut down after its existence became known. Discord is working to take action and considering legal action. Critical vulnerabilities in OT world include issues in Honeywell, Hitachi Energy, and Rockwell Automation. Additionally, an infostealer campaign is using CDN servers to deceive network defenders. Lastly, eScan antivirus product in India is being hijacked to deliver GuptizMiner malware.
From the meeting notes, I have identified the following takeaways:
1. Discord took action against the Spy.pet website for violating its terms of service and community guidelines, banning affiliated accounts and considering legal action. The website was suspended, and its operators may be trying to reappear through a backup domain.
2. Critical vulnerabilities were reported in OT systems, such as Honeywell Experion PKS, Hitachi Energy Mach SCMs, and Rockwell Automation 5015-AENFTXT ethernet/IP adapters, along with an active exploitation vulnerability in CrushFTP before versions 10.7.1 and 11.1.0.
3. Talos threat intelligence researchers discovered an infostealer campaign operated by Vietnamese threat actors using Cryptbot, LummaC2, and Rhadamanthys on CDN servers to avoid detection. Victims in various countries were found downloading movie files containing the malicious code.
4. Local antivirus product eScan had its updates hijacked to deliver the GuptizMiner malware suite, possibly linked to North Korean APT Kimsuky. The issue was reportedly patched in a software update last July.
If you need further details on any of these topics, please let me know.