IT Security Newsletter

IT Security Newsletter - 2/6/2023

Written by Cadre | Mon, Feb 6, 2023

20 Million Users Impacted by Data Breach at Instant Checkmate, TruthFinder

PeopleConnect-owned background check services Instant Checkmate and TruthFinder have disclosed data breaches affecting a total of more than 20 million users. In individual data breach notices published on February 3, the organizations informed users that the incident was discovered after cybercriminals started sharing databases stolen from the two companies on underground forums. READ MORE...

Florida hospital takes IT systems offline after cyberattack

Tallahassee Memorial HealthCare (TMH) has taken its IT systems offline and suspended non-emergency procedures following a late Thursday cyberattack. While all its network systems were taken online, TMH says this attack only impacted some of them. Patients who require emergency medical services (EMS) will also be diverted to other hospitals, as TMH will only accept Level 1 traumas from its immediate service area. READ MORE...

OpenSSH fixes double-free memory bug that's pokable over the network

The open source operating system distribution OpenBSD is well-known amongst sysadmins, especially those who manage servers, for its focus on security over speed, features and fancy front-ends. Fittingly, perhaps, its logo is a puffer fish - inflated, with its spikes ready to repel any wily hackers who might come along. But the OpenBSD team is probably best known not for its entire distro, but for the remote access toolkit OpenSSH that was written in the late 1990s. READ MORE...

High-Severity Privilege Escalation Vulnerability Patched in VMware Workstation

VMware has informed users about the availability of patches for a Workstation vulnerability that could be exploited by malicious hackers for privilege escalation. The flaw, tracked as CVE-2023-20854 and rated 'high severity', has been described by VMware as an arbitrary file deletion vulnerability affecting version 17.x on Windows. The virtualization giant has credited Frederik Reiter of German cybersecurity firm Cirosec for reporting the vulnerability. READ MORE...

NY attorney general forces spyware vendor to alert victims

The New York attorney general's office has announced a $410,000 fine for a stalkerware developer who used 16 companies to promote surveillance tools illegally. Stalkerware (or spyware) platforms allow their customers to monitor other people's phones without the users' knowledge. In some, if not most cases, they're also used to monitor the targets' online activity and collect sensitive user information like their location that later could be used for blackmail or various other malicious purposes. READ MORE...

Scores of Redis Servers Infested by Sophisticated Custom-Built Malware

An unknown threat actor has been quietly mining Monero cryptocurrency on open source Redis servers around the world for years, using a custom-made malware variant that is virtually undetectable by agentless and conventional antivirus tools. Since September 2021, the threat actor has compromised at least 1,200 Redis servers - that thousands of mostly smaller organizations use as a database or a cache - and taken complete control over them. READ MORE...

Former Ubiquiti Employee Who Posed as Hacker Pleads Guilty

Former Ubiquiti employee Nickolas Sharp has admitted in court to abusing company-provided credentials to steal data and then attempting to extort the company, the Department of Justice announced. Sharp, 37, of Portland, Oregon, worked at the New York City-based IoT device maker between August 2018 and April 2021, as a senior developer who had access credentials for Ubiquiti's AWS and GitHub servers. READ MORE...

  • ...in 1862, Union forces capture Fort Henry on the Tennessee River, their first major victory in the Civil War.
  • ...in 1952, Elizabeth II becomes queen regnant of the United Kingdom, upon the death of her father George VI.
  • ...in 1959, engineer Jack Kilby of Texas Instruments files the first patent for an integrated circuit.
  • ...in 1962, Guns N' Roses lead singer Axl Rose is born William Bruce Rose in Lafayette, IN.