IT Security Newsletter

IT Security Newsletter - 3/6/2024

Written by Cadre | Wed, Mar 6, 2024

BlackCat Ransomware Group Implodes After Apparent $22M Payment by Change Healthcare

There are indications that U.S. healthcare giant Change Healthcare has made a $22 million extortion payment to the infamous BlackCat ransomware group (a.k.a. "ALPHV") as the company struggles to bring services back online amid a cyberattack that has disrupted prescription drug services nationwide for weeks. However, the cybercriminal who claims to have given BlackCat access to Change's network says the crime gang cheated them out of their share of the ransom. READ MORE...

Improved, Stuxnet-Like PLC Malware Aims to Disrupt Critical Infrastructure

The proliferation of programmable logic controllers (PLCs) with embedded Web servers in them has given attackers a way to launch potentially catastrophic, remote attacks against operational technology (OT) for industrial control systems (ICS) in critical infrastructure sectors. To highlight the threat, a team of researchers has developed malware that an adversary could use to remotely access an embedded Web server within a PLC, and attack the underlying physical system. READ MORE...

Amex cardholder data exposed in merchant processor hack

Card issuer American Express notified cardholders this month that their personal information may have been compromised due to a merchant processor being hacked. "We became aware that a third-party service provider engaged by numerous merchants experienced unauthorized access to its system," the company wrote in a template notice to customers filed Feb. 27 with the Massachusetts Office of Consumer Affairs and Business Regulation. READ MORE...

Fidelity customers' financial info feared stolen in suspected ransomware attack

Criminals have probably stolen nearly 30,000 Fidelity Investments Life Insurance customers' personal and financial information - including bank account and routing numbers, credit card numbers and security or access codes - after breaking into Infosys' IT systems in the fall. According to Fidelity, in documents filed with the Maine attorney general's office, miscreants "likely acquired" information about 28,268 people's life insurance policies after infiltrating Infosys. READ MORE...

The Rise of Social Engineering Fraud in Business Email Compromise

Social engineering is present in 90% of phishing attacks today. However, business email compromise (BEC) attacks stand apart in the cybercrime industry for their emphasis on social engineering and the art of deception. Part of what makes social engineering such a prominent part of BEC and other types of phishing attacks is its ability to manipulate human levers to achieve a desired outcome. READ MORE...

U.S. sanctions Predator spyware operators for spying on Americans

The U.S. has imposed sanctions on two individuals and five entities linked to the development and distribution of the Predator commercial spyware used to target Americans, including government officials and journalists. "Today, the Department of the Treasury's Office of Foreign Assets Control (OFAC) designated two individuals and five entities associated with the Intellexa Consortium," reads a press release by the Office of Foreign Assets Control (OFAC). READ MORE...

Hackers target Docker, Hadoop, Redis, Confluence with new Golang malware

Hackers are targeting misconfigured servers running Apache Hadoop YARN, Docker, Confluence, or Redis with new Golang-based malware that automates the discovery and compromise of the hosts. The malicious tools used in the campaign take advantage of the configuration weaknesses and exploit an old vulnerability in Atlassian Confluence to execute code on the machine. Researchers at cloud forensics and incident response company Cado Security discovered the campaign. READ MORE...

JetBrains TeamCity a ripe attack target as more vulnerabilities emerge

Security researchers are warning about two new authentication bypass vulnerabilities in the on-premises version of JetBrains TeamCity, including a critical flaw that can enable a remote, unauthenticated attacker to take control of a vulnerable server. JetBrains urged customers to upgrade their servers to the latest version or apply a security patch, in a blog post released Sunday. However, Rapid7 criticized the software firm for releasing the fixed version without proper coordination. READ MORE...

CISA Warns of Pixel Phone Vulnerability Exploitation

The US cybersecurity agency CISA on Tuesday added flaws impacting Pixel phones and Sunhillo software to its Known Exploited Vulnerabilities (KEV) catalog. The exploited Pixel vulnerability is tracked as CVE-2023-21237. When it patched the flaw in June 2023, Google warned that it had been aware of "limited, targeted exploitation", but the company published its security bulletin for Pixel phones a week after the general Android security bulletin and CVE-2023-21237 went unnoticed. READ MORE...

  • ...In 1896, Charles King tested his automobile on the streets of Detroit, becoming the first person to drive a car in the Motor City.
  • ...in 1899, German company Bayer registers a trademark for its first major product: "Aspirin."
  • ...in 1917, cartoonist and graphic novelist Will Eisner ("The Spirit", "A Contract With God") is born in Brooklyn, NYC.
  • ...in 1972, basketball great (and former movie genie) Shaquille O'Neal is born in Newark, NJ.