IT Security Newsletter

IT Security Newsletter - 3/29/2023

Written by Cadre | Wed, Mar 29, 2023

ChatGPT Data Breach Confirmed as Security Firm Warns of Vulnerable Component Exploitation

ChatGPT creator OpenAI has confirmed a data breach caused by a bug in an open source library, just as a cybersecurity firm noticed that a recently introduced component is affected by an actively exploited vulnerability. OpenAI said on Friday that it had taken the chatbot offline earlier in the week while it worked with the maintainers of the Redis data platform to patch a flaw that resulted in the exposure of user information. READ MORE...

New York law firm gets fined $200k for failing to protect health data

A New York law firm has agreed to pay $200,000 in penalties to the state because it failed to protect the private and electronic health information of approximately 114,000 patients. Heidell, Pittoni, Murphy and Bach (HPMB) represents New York City area hospitals in litigation and maintains sensitive private information from patients, including dates of birth, social security numbers, health insurance information, medical history, and/or health treatment information. READ MORE...

Crown Resorts confirms ransom demand after GoAnywhere breach

Crown Resorts, Australia's largest gambling and entertainment company, has confirmed that it suffered a data breach after its GoAnywhere secure file-sharing server was breached using a zero-day vulnerability. The Blackstone-owned company has an annual revenue that surpasses $8 billion and operates complexes in Melbourne, Perth, Sydney, Macau, and London. READ MORE...

Lumen Technologies hit with 2 separate security incidents

Lumen Technologies announced Monday it was impacted by two separate cybersecurity incidents, including a ransomware attack discovered last week. Lumen, a communications and network services firm, said a malicious actor placed ransomware on a limited number of servers that support a segmented hosting service, according to a filing with the Securities and Exchange Commission. READ MORE...

Over 200 Organizations Targeted in Chinese Cyberespionage Campaign

Chinese cyberespionage group Mustang Panda has been targeting entities related to maritime, shipping, border, and immigration as part of a recent campaign, cybersecurity firm Trend Micro reports. Also known as Earth Preta, RedDelta, and TA416, Mustang Panda is believed to be operating on behalf of the Chinese government, and was previously seen targeting European diplomatic entities and various telecommunications companies. READ MORE...

North Korean hackers turn to 'cloud mining' for crypto to avoid law enforcement scrutiny

A North Korean espionage unit suspected of impersonating journalists and faking LinkedIn accounts to collect intelligence is using a novel way to fund their international hacking operations: renting out cloud-based power to mine for cryptocurrency. The use of so-called cloud mining to rent crypto mining processing power appears to be a way for the group to avoid technologies such as mixers, which have come under increased law enforcement scrutiny. READ MORE...

WiFi protocol flaw allows attackers to hijack network traffic

Cybersecurity researchers have discovered a fundamental security flaw in the design of the IEEE 802.11 WiFi protocol standard, allowing attackers to trick access points into leaking network frames in plaintext form. WiFi frames are data containers consisting of a header, data payload, and trailer, which include information such as the source and destination MAC address, control, and management data. READ MORE...

  • ...in 1886, pharmacist John Pemberton brews the first batch of Coca-Cola in an Atlanta, GA backyard.
  • ...in 1943, comedian/musician Eric Idle, best known for his work with the Monty Python comedy troupe, is born in Durham, England.
  • ...in 1973, the last U.S. military forces withdraw from South Vietnam.
  • ...in 1974, the Mariner 10 space probe becomes the first man-made vessel to fly past the planet Mercury.