IT Security Newsletter - 03/02/2021
Dairy Giant Lactalis Targeted by Hackers
France-based dairy giant Lactalis revealed last week that it was targeted by hackers, but claimed that it had found no evidence of a data breach. The company said a malicious third party attempted to breach its computer network, but it immediately took action to contain the attack. This included restricting access to public resources. Authorities have been notified and Lactalis' IT team has been working with external cybersecurity experts to investigate the incident. READ MORE...
European e-ticketing platform Ticketcounter extorted in data breach
A Dutch e-Ticketing platform has suffered a data breach after a user database containing 1.9 million unique email addresses was stolen from an unsecured staging server. Ticketcounter is a Dutch e-Ticketing platform that allows clients, such as zoos, parks, museums, and events, to provide online tickets to their venue. On February 21st, a threat actor created a topic on a hacker forum to sell the stolen Ticketcounter database but quickly took the post down. READ MORE...
Hacker reduces GTA Online load times by roughly 70 percent
A hacker going by the handle T0st says he has figured out a core issue that caused longer-than-necessary load times in Grand Theft Auto Online for years. The hacker has released a proof of concept DLL fix that shortens those lengthy startup times by roughly 70 percent. Grand Theft Auto Online's PC load times have been a persistent issue for seven years now, remaining slow despite general improvements to hardware and the game's status as a continuing lucrative revenue stream for publisher Take Two. READ MORE...
NSW Transport agency extorted by ransomware gang after Accellion attack
The transport system for the Australian state of New South Wales has suffered a data breach after the Clop ransomware exploited a vulnerability to steal files. Transport for NSW is New South Wales' transport system in charge of the buses, ferries, regional air operators, and cargo transportation. Last week, Transport for NSW disclosed that their agency suffered a data breach after their secure file-sharing system, Accellion FTA, was attacked and hackers stole data. READ MORE...
Asian Food Distribution Giant JFC International Hit by Ransomware
JFC International, a major distributor and wholesaler of Asian food products, last week revealed that it was recently targeted in a ransomware attack that disrupted some of its IT systems. The attack apparently only impacted JFC International's Europe Group, which said it had notified authorities, employees and business partners about the incident. "A full forensic investigation by in-house specialists together with external cyber experts was immediately started and is underway [...]" READ MORE...
Suspected China-linked hackers targeted India's energy sector, research suggests
A hacking group with suspected ties to China has been targeting entities in the power generation and distribution sector in India, according to Recorded Future research published Sunday. The group, which Recorded Future is calling "RedEcho," has targeted 10 power sector organizations in India since mid-2020, including four of five regional load dispatch centers that balance electricity supply and demand, according to the research. The attackers have also targeted at least two Indian seaports. READ MORE...
Universal Health Services Suffered $67 Million Loss Due to Ransomware Attack
A ransomware attack last fall cost Universal Health Services $67 million in pre-tax losses, the healthcare provider confirmed in an earnings report released today. Referring to it as an "information technology security incident," UHS officials said the cyberattack forced the organization to suspend user access to several information technology applications in the US during the attack. No evidence of unauthorized access, copying or misuse of any patient or employee data was identified to date. READ MORE...
Ryuk Ransomware With Worm-Like Capabilities Spotted in the Wild
In early 2021, security researchers identified a variant of the infamous Ryuk ransomware that is capable of lateral movement within the infected networks. Active since at least 2018 and believed to be operated by Russian cyber-criminals, the Ryuk ransomware has been involved in numerous high-profile attacks and researchers estimate the enterprise is worth $150 million. Ryuk has long been associated with the TrickBot malware, supposedly being operated by the same gang. READ MORE...
Malicious NPM packages target Amazon, Slack with new dependency attacks
Threat actors are targeting Amazon, Zillow, Lyft, and Slack NodeJS apps using a new 'Dependency Confusion' vulnerability to steal Linux/Unix password files and open reverse shells back to the attackers. Last month, BleepingComputer reported that security researcher Alex Birsan earned bug bounties from 35 companies by utilizing a new flaw in open-source development tools. This flaw works by attackers creating packages utilizing the same names as a company's internal repositories or components. READ MORE...
- ...in 1807, Congress passes the Act Prohibiting Importation of Slaves, abolishing the foreign slave trade in the U.S.
- ...in 1933, "King Kong" premieres at Radio City Music Hall in New York City, only 15 blocks from the actual Empire State Building.
- ...in 1962, Philadelphia Warriors center Wilt Chamberlain scores 100 points against the New York Knicks, setting the NBA single-game scoring record.
- ...in 1972, Pioneer 10, the world's first outer-planetary probe, is launched from Cape Canaveral, Florida, on a mission to Jupiter.