IT Security Newsletter

IT Security Newsletter - 12/21/2022

Written by Cadre | Wed, Dec 21, 2022

Okta's source code stolen after GitHub repositories hacked

Okta, a leading provider of authentication services and Identity and Access Management (IAM) solutions, says that its private GitHub repositories were hacked this month. According to a 'confidential' email notification sent by Okta and seen by BleepingComputer, the security incident involves threat actors stealing Okta's source code. BleepingComputer has obtained a 'confidential' security incident notification that Okta has been emailing to its 'security contacts' as of a few hours ago. READ MORE...

Krebs on Security: The Equifax Breach Settlement Offer is Real, For Now

Millions of people likely just received an email or snail mail notice saying they're eligible to claim a class action payment in connection with the 2017 megabreach at consumer credit bureau Equifax. Given the high volume of reader inquiries about this, it seemed worth pointing out that while this particular offer is legit (if paltry), scammers are likely to soon capitalize on public attention to the settlement money. READ MORE...

'Russian hackers' help two New York men game JFK taxi system

A pair of men living in New York, working with unnamed Russian nationals, hacked and manipulated the electronic taxis dispatch system at John F. Kennedy International Airport as part of a money-making scheme over a period of at least two years, federal prosecutors said Tuesday. Starting in at least September 2019, Daniel Abayev and Peter Leyman ran a pay-to-play system for cabbies who could jump the line instead of idling in a holding lot until hailed by a dispatcher. READ MORE...

Industrial Giant Thyssenkrupp Again Targeted by Cybercriminals

German industrial engineering and steel production giant Thyssenkrupp has again confirmed being targeted by cybercriminals. The company told SecurityWeek that 'organized crime' is believed to be behind the attack. "Parts of the Materials Services and Corporate segment of Thyssenkrupp are currently affected. The possibility of the other segments and business units being affected can be ruled out at this time," a spokesperson of Thyssenkrupp Materials Services said in an emailed statement. READ MORE...

GodFather Android malware targets 400 banks, crypto exchanges

An Android banking malware named 'Godfather' has been targeting users in 16 countries, attempting to steal account credentials for over 400 online banking sites and cryptocurrency exchanges. The malware generates login screens overlaid on top of the banking and crypto exchange apps' login forms when victims attempt to log in to the site, tricking the user into entering their credentials on well-crafted HTML phishing pages. READ MORE...

Raspberry Robin Worm Targets Telcos & Governments

It's likely the group behind the worm called Raspberry Robin is just testing the waters - launching attacks against telecommunications companies and governments across Australia, Europe, and Latin America to see how far their malware can spread - for now. Researchers at Trend Micro have been tracking Raspberry Robin since September and are warning the worm is notable for its 10 layers of obfuscation and its ability to deploy a fake payload to throw off detection efforts. READ MORE...

'Blindside' Attack Subverts EDR Platforms From Windows Kernel

A newly pioneered technique could render endpoint detection and response (EDR) platforms "blind" by unhooking the user-facing mode of the Windows kernel (NTDLL) from hardware breakpoints. This potentially gives malicious actors the ability to execute any function from within NTDLL and deliver it, without the EDR knowing it, researchers warned. The Cymulate Offensive Research Group noted in a report released Dec. 19 that the injected commands could be used to perform any number of operations. READ MORE...

Critical Vulnerability in Hikvision Wireless Bridges Allows CCTV Hacking

Chinese video surveillance company Hikvision has patched a critical vulnerability in some of its wireless bridge products. The flaw can lead to remote CCTV hacking, according to the researchers who found it. In an advisory published on December 16, Hikvision revealed that two of its wireless bridge products, designed for elevator and other video surveillance systems, are affected by CVE-2022-28173, a critical access control vulnerability. READ MORE...

  • ...in 1935, TV talk show host and producer Phil Donahue is born in Cleveland, OH.
  • ...in 1937, Disney's "Snow White and the Seven Dwarfs", the first-ever full-length animated feature, premieres in Los Angeles.
  • ...in 1948, actor Samuel L. Jackson ("Pulp Fiction", "Unbreakable") is born in Washington, D.C.
  • ...in 1968, the Apollo 8 mission launches from Cape Canaveral. It will be the first time that a human-crewed craft reaches the Moon and achieves lunar orbit.