IT Security Newsletter

IT Security Newsletter - 1/18/2024

Written by Cadre | Thu, Jan 18, 2024

Researcher uncovers one of the biggest password dumps in recent history

Nearly 71 million unique credentials stolen for logging into websites such as Facebook, Roblox, eBay, and Yahoo have been circulating on the Internet for at least four months, a researcher said Wednesday. Troy Hunt, operator of the Have I Been Pwned? breach notification service, said the massive amount of data was posted to a well-known underground market that brokers sales of compromised credentials. READ MORE...

Customer Information of Toyota Insurance Company Exposed Due to Misconfigurations

A series of misconfigurations and security vulnerabilities allowed a researcher to access customer information stored in an email account at Toyota Tsusho Insurance Broker India (TTIBI). The unauthorized access, US-based researcher Eaton Zveare explains, was possible because the TTIBI site had a dedicated Eicher Motors subdomain, with a premium calculator. TTIBI is an insurance broker under the Toyota Tsusho Insurance Management Corporation in Japan. READ MORE...

E-Crime Rapper 'Punchmade Dev' Debuts Card Shop

The rapper and social media personality Punchmade Dev is perhaps best known for his flashy videos singing the praises of a cybercrime lifestyle. With memorable hits such as "Internet Swiping" and "Million Dollar Criminal" earning millions of views, Punchmade has leveraged his considerable following to peddle tutorials on how to commit financial crimes online. But until recently, there wasn't much to support a conclusion that Punchmade was actually doing the cybercrime things he promotes in his songs. READ MORE...

Docker hosts hacked in ongoing website traffic theft scheme

A new campaign targeting vulnerable Docker services deploys an XMRig miner and the 9hits viewer app on compromised hosts, allowing a dual monetization strategy. 9hits is a web traffic exchange platform where members can drive traffic to each others' sites. This traffic is generated by a 9hits viewer app that is installed on members' devices, which uses a headless Chrome instance to visit websites requested by other members. READ MORE...

CISA: AWS, Microsoft 365 Accounts Under Active 'Androxgh0st' Attack

The FBI and the US Cybersecurity and Infrastructure Security Agency (CISA) have issued an alert about a malware campaign targeting Apache webservers and websites using the popular Laravel Web application framework, leveraging known bugs for initial compromise. The end goal of the campaign is to steal credentials to high-profile applications such as Amazon Web Services, Microsoft 365, Twilio, and SendGrid, so the threat actors can access sensitive data in the apps or use the apps for other malicious operations. READ MORE...

Bigpanzi botnet infects 170,000 Android TV boxes with malware

A previously unknown cybercrime syndicate named 'Bigpanzi' has been making significant money by infecting Android TV and eCos set-top boxes worldwide since at least 2015. Beijing-based Qianxin Xlabs reports that the threat group controls a large-scale botnet of approximately 170,000 daily active bots. However, the researchers have seen 1.3 million unique IP addresses associated with the botnet since August, most in Brazil. READ MORE...

Ransomware Group Targets Foxconn Subsidiary Foxsemicon

Foxsemicon Integrated Technology, a subsidiary of Taiwanese electronics giant Foxconn, appears to have been targeted by the notorious LockBit ransomware group. Foxsemicon specializes in semiconductor equipment manufacturing. The company's website was defaced this week with a message claiming that data has been stolen and encrypted. The message said 5 Tb of data has been taken from the company's systems. READ MORE...

Prolific Russian hacking unit using custom backdoor for the first time

A Russian government-linked cyber espionage and influence operation known to target entities around the world has added custom backdoor malware to its arsenal, researchers said Thursday, demonstrating the continued evolution of one of Moscow's most prolific cyber groups. Researchers with Google's Threat Analysis Group said in a blog post Thursday that the group, which it tracks as "Cold River," has been using its first publicly known custom malware, dubbed "SPICA." READ MORE...

How a 27-year-old busted the myth of Bitcoin's anonymity

Just over a decade ago, Bitcoin appeared to many of its adherents to be the crypto-anarchist holy grail: truly private digital cash for the Internet. Satoshi Nakamoto, the cryptocurrency's mysterious and unidentifiable inventor, had stated in an email introducing Bitcoin that "participants can be anonymous." And the Silk Road dark-web drug market seemed like living proof of that potential, enabling the sale of illegal contraband for bitcoin while flaunting its impunity from law enforcement. READ MORE...

Google Chrome Zero-Day Bug Under Attack, Allows Code Injection

Google has patched a high-severity zero-day bug in its Chrome Web browser that attackers are actively exploiting. It paves the way for code execution and other cyberattacks on targeted endpoints. The vulnerability, assigned as CVE-2024-0519, is the first Chrome zero-day bug that Google has disclosed in 2024, and the second in the browser in less than a calendar month. In 2023, Google disclosed a total of eight zero-day vulnerabilities in Chrome, which is by far the most widely used browser currently. READ MORE...

  • ...in 1778, explorer James Cook is the first known European to discover the Hawaiian Islands, which he names the "Sandwich Islands".
  • ...in 1904, actor Cary Grant (born Archibald Alexander Leach) is born in Bristol, England.
  • ...in 1911, aviation pioneer Eugene B. Ely lands a Curtiss biplane on the deck of the USS Pennsylvania, the first successful shipboard landing of an aircraft.
  • ...in 1969, actor and former WWE wrestler/MMA fighter Dave Bautista (Guardians of the Galaxy, Spectre) is born in Washington, D.C.
  • ...in 1993, Martin Luther King, Jr. Day is officially observed for the first time in all 50 states.