IT Security Newsletter

IT Security Newsletter - 3/1/2024

Written by Cadre | Fri, Mar 1, 2024

Krebs: Fulton County, Security Experts Call LockBit's Bluff

The ransomware group LockBit told officials with Fulton County, Ga. they could expect to see their internal documents published online this morning unless the county paid a ransom demand. LockBit removed Fulton County's listing from its website this morning, claiming the county had paid. But county officials said they did not pay, nor did anyone make payment on their behalf. Security experts say LockBit was likely bluffing and probably lost most of the data when the gang's servers were seized this month by law enforcement. READ MORE...

20 million Cutout.Pro user records leaked on data breach forum

AI service Cutout.Pro has suffered a data breach exposing the personal information of 20 million members, including email addresses, hashed and salted passwords, IP addresses, and names. Cutout.Pro is an AI-powered photo and video editing platform for image enhancement, background removal, diffusion, colorizing, old photo restoration, and content generation. On Tuesday, someone using the alias 'KryptonZambie' shared a link on the BreachForums hacking forum to CSV files containing 5.93 GB of data stolen from Cutout.Pro. READ MORE...

Iranian Hackers Target Aviation and Defense Sectors in Middle East

Iranian hackers have been using Microsoft Azure cloud infrastructure in attacks targeting aerospace, aviation, and defense organizations in the Middle East, Mandiant reports. As part of a campaign ongoing since at least June 2022, the hacking group, tracked as UNC1549, has been deploying two unique backdoors dubbed MiniBike and MiniBus, to spy on organizations in Israel and the United Arab Emirates (UAE), as well as Albania, India, and Turkey. READ MORE...

Hackers Stole 'Sensitive' Data From Taiwan Telecom Giant: Ministry

Hackers stole "sensitive information" including military and government documents from Taiwan's largest telecom company and sold it on the dark web, the island's ministry of national defense has said. The confirmation of the democratic island's latest major data leak followed a report by local news channel TVBS on the hack of telecom giant Chunghwa Telecom. That report included a screenshot of a post in which hackers announced they were 1.7 TeraBytes of data that included government contracts. READ MORE...

New Bifrost malware for Linux mimics VMware domain for evasion

A new Linux variant of the Bifrost remote access trojan (RAT) employs several novel evasion techniques, including the use of a deceptive domain that was made to appear as part of VMware. First identified twenty years ago, Bifrost is one of the longest-standing RAT threats in circulation. It infects users via malicious email attachments or payload-dropping sites and then collects sensitive information from the host. READ MORE...

Act now to stop WordPress and Tumblr selling your content to AI firms

If you've spent the last umpteen years pouring blood, sweat, and tears into creating content for your Tumblr or WordPress blog, chances are that you would appreciate some payback all of your hard work. Instead, though, Automattic (the parent company of Tumblr and WordPress) is going to monetise it - selling access to the information you have publicly posted to selected AI companies. READ MORE...

MITRE Rolls Out 4 Brand-New CWEs for Microprocessor Security Bugs

The MITRE-led Common Weakness Enumeration (CWE) program added four new microprocessor-related weaknesses to its community-developed list of common software and hardware weaknesses that result in exploitable vulnerabilities. The new CWEs are the most significant among the updates included in CWE Version 4.14, the latest version of the widely used resource for describing and documenting different weakness types, released Feb. 29. READ MORE...

Microsoft Zero-Day Used by Lazarus in Rootkit Attack

Microsoft has updated a zero-day exploit in its AppLocker application whitelisting software, but not before the North Korean state-backed Lazarus Group was able to leverage the flaw to pull off a rootkit cyberattack. Researchers from Avast discovered the Microsoft zero-day flaw, tracked under CVE-2024-21338, and explained that it allowed Lazarus to use an updated version of its proprietary rootkit malware called "FudModule" to cross the admin-to-kernel boundary, according to a new report. READ MORE...

  • ...in 1803, Ohio becomes the 17th state of the United States.
  • ...in 1944, The Who lead singer Roger Daltrey ("My Generation", "Pinball Wizard") is born in London, England.
  • ...in 1990, tabletop RPG publisher Steve Jackson Games is raided by the U.S. Secret Service, after their cyberpunk genre sourcebook is mistaken for an actual hacking guide.
  • ...in 1998, James Cameron's "Titanic" becomes the first motion picture to gross over $1 billion worldwide.