IT Security Newsletter - 9/18/23
Scattered Spider traps 100+ victims in its web as it moves into ransomware
Scattered Spider, the crew behind at least one of the recent Las Vegas casino IT security breaches, has already hit some 100 organizations during its so-far brief tenure in the cybercrime scene, according to Mandiant. Further, as also witnessed in the ongoing MGM Resorts network outage, the gang, known for its social-engineering-based attacks, is now throwing data-stealing ransomware at victims, too. READ MORE...
Microsoft: 'Peach Sandstorm' Cyberattacks Target Defense, Pharmaceutical Orgs
A global cyber-espionage campaign conducted by the Iranian nation-state actor known as Peach Sandstorm (aka Holmium) has successfully plucked targets in the satellite, defense, and pharmaceutical sectors, Microsoft is warning. The cyber offensive has been active since February, which concluded that the campaign used masses of password spray attacks between February and July to authenticate to thousands of environments and exfiltrate data, all in support of Iranian state interests. READ MORE...
Okta Agent Involved in MGM Resorts Breach, Attackers Claim
The threat actors believed to be behind last week's MGM Resorts and Caesars Entertainment cyberattacks now say they were able breach MGM's systems by somehow cracking into the company's Okta platform, specifically the Okta Agent, which is the lightweight client that connects to an organization's Active Directory. "MGM made the hasty decision to shut down each and every one of their Okta Sync servers after learning that we had been lurking in their Okta Agent servers sniffing passwords of people whose passwords couldn't be cracked from their domain controller hash dumps." READ MORE...
How Google Authenticator made one company's network breach much, much worse
A security company is calling out a feature in Google's authenticator app that it says made a recent internal network breach much worse. Retool, which helps customers secure their software development platforms, made the criticism on Wednesday in a post disclosing a compromise of its customer support system. clicked a link in a text message purporting to come from a member of the company's IT team. READ MORE...
Google extends security update support for Chromebooks to 10 years
Google has announced the Auto Update Expiration (AUE) date will be extended from 5 years to 10 for all Chromebooks, guaranteeing a decade of monthly security updates. Chromebooks are inexpensive laptops running ChromeOS, which tend to have weaker processes and smaller RAM and ROM, typically aimed at students and remote workers who rely on cloud services rather than running heavy loads locally on the device. READ MORE...
Probe reveals previously secret Israeli spyware that infects targets via ads
Israeli software maker Insanet has reportedly developed a commercial product called Sherlock that can infect devices via online adverts to snoop on targets and collect data about them for the biz's clients. This is according to an investigation by Haaretz, which this week claimed the spyware system had been sold to a country that is not a democracy. READ MORE...
- ...in 1793, George Washington lays the cornerstone to the United States Capitol building.
- ...in 1927, Columbia Broadcasting System (known today as CBS) first goes on the air.
- ...in 1945, Gen. Douglas MacArthur moves his command headquarters to Tokyo.
- ...in 1971, American cyclist Lance Armstrong is born in Plano, TX.