IT Security Newsletter

IT Security Newsletter - 2/28/2023

Written by Cadre | Tue, Feb 28, 2023

Attackers Were on Network for 2 Years, News Corp Says

The state-sponsored attackers behind a breach that News Corp disclosed last year had actually been on its network for nearly two years already by that time, the publishing giant has disclosed. In a letter to employees last week, News Corp said an investigation of the incident showed the intruder first broke into its network in February 2020, and remained on it until discovered on Jan. 20, 2022. READ MORE...

LastPass says employee's home computer was hacked and corporate vault taken

Already smarting from a breach that put partially encrypted login data into a threat actor's hands, LastPass on Monday said that the same attacker hacked an employee's home computer and obtained a decrypted vault available to only a handful of company developers. Although an initial intrusion into LastPass ended on August 12, officials with the leading password manager said the threat actor "was actively engaged in a new series of reconnaissance, enumeration, and exfiltration activity" until August 26. READ MORE...

Cyberattack on Boston Union Results in $6.4M Loss

A cyberattack on a Boston-based labor union's health fund resulted in the loss of $6.4 million, but it does not appear that the personal information of members was stolen or compromised, union officials said. Federal and local law enforcement agencies were notified of the attack at Pipefitters Local 537 that was discovered Feb. 7 and the union retained a cyber security forensic investigator, union business manager/financial secretary-treasurer Daniel O'Brien said in a message to members. READ MORE...

Russian hacktivists DDoS hospitals, with pathetic results

A series of distributed-denial-of-service (DDoS) attacks shut down nine Danish hospitals' websites for a few hours on Sunday, but did not have any life-threatening impact on the medical centers' operations or digital infrastructure. Copenhagen's health authority confirmed the outages in a tweet, and directed patients to an emergency page with the hospitals' phone numbers. READ MORE...

10 US states that suffered the most devastating data breaches in 2022

Cyber attack risks faced by businesses across states and reported data breaches are relative to the respective state governments' cybersecurity investment, according to Network Assured. Network Assured compared data from State Attorneys Generals and the Department of Health and Human Services (HHS) Centers for Medicare and Medicaid Services (CMS) Office of Civil Rights' (OCR), along with public reporting of state budgets for cybersecurity. READ MORE...

The DoJ Disruption of the Hive Ransomware Group Is a Short-Lived Win

This year started off with a bang, with critical infrastructure attacks - both physical and cyber - at an all-time high. The Cybersecurity and Infrastructure Security Agency (CISA) released 12 industrial control system (ICS) advisories warning of critical security flaws, while the hacker group GhostSec, aka Anonymous Operations, claimed to have used ransomware in encrypting an industrial remote terminal unit of the type relied on by critical infrastructure. READ MORE...

CISA director urges tech industry to take responsibility for secure products

Cybersecurity and Infrastructure Security Agency Director Jen Easterly called for a transformative shift to put the onus on the technology industry to infuse security into their products during the design phase. Easterly, speaking Monday in an address at Carnegie Mellon University, said we can no longer continue blaming and shaming technology customers that are being targeted by sophisticated adversaries - including nation-state adversaries like China and Russia - after they are targeted for attack. READ MORE...

Vulnerability in Popular Real Estate Theme Exploited to Hack WordPress Websites

A critical vulnerability affecting the Houzez premium WordPress theme has been exploited in the wild, WordPress security company Patchstack warned on Monday. Houzez is a premium theme for the real estate industry. Patchstack CTO Dave Jong discovered recently that the Houzez theme and its associated Houzez Login Register plugin are impacted by a critical vulnerability that can allow an unauthenticated attacker to hack WordPress websites. READ MORE...

  • ...in 1901, Nobel Prize-winning chemist and peace activist Linus Pauling is born in Portland, OR.
  • ...in 1935, DuPont chemist Wallace Hume Carothers invents nylon, the first fully synthetic fiber.
  • ...in 1983, the final episode of "M*A*S*H" airs on CBS, drawing over 120 million viewers, the largest audience of any TV series finale.
  • ...in 2013, Pope Benedict XVI resigns as pope of the Catholic Church, becoming the first to do so since Pope Gregory XII in 1415.