<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 1/11/2024

SHARE

Top News

Fidelity National Financial cyberattack impacts up to 1.3M customers

About 1.3 million Fidelity National Financial customers were potentially impacted by a November cyberattack, the company said Tuesday in an amended 8-K filing with the Securities and Exchange Commission. An unauthorized third-party gained access to the title insurance provider's systems, deployed malware that is not self-propagating and stole company data, Fidelity National Financial said after it completed an internal investigation Dec. 13. READ MORE...


AI-Powered Misinformation is the World's Biggest Short-Term Threat, Davos Report Says

False and misleading information supercharged with cutting-edge artificial intelligence that threatens to erode democracy and polarize society is the top immediate risk to the global economy, the World Economic Forum said in a report Wednesday. In its latest Global Risks Report, the organization also said an array of environmental risks pose the biggest threats in the longer term. The report was released ahead of the annual elite gathering of CEOs and world leaders in the Swiss ski resort town of Davos. READ MORE...

Breaches

Mandiant Details How Its X Account Was Hacked

Mandiant revealed on Wednesday that its account on the social media platform X, formerly Twitter, was hacked as part of a cryptocurrency theft campaign that generated at least $900,000 for cybercriminals. The X account of Mandiant, which is part of Google Cloud, was hijacked in early January and abused to promote a link to a fake website claiming to be affiliated with the legitimate Phantom cryptocurrency wallet. READ MORE...

Hacking

Pro-Ukraine hackers breach Russian ISP in revenge for KyivStar attack

A pro-Ukraine hacktivist group named 'Blackjack' has claimed a cyberattack against Russian provider of internet services M9com as a direct response to the attack against Kyivstar mobile operator. Kyivstar is Ukraine's largest telecommunications service provider and its services were severely disrupted in mid-December by what was later revealed to be an attack from Russian hackers. An investigation revealed that the Russians initially breached Kyivstar in May last year. READ MORE...

Malware

Atomic Stealer rings in the new year with updated version

Last year, we documented malware distribution campaigns both via malvertising and compromised sites delivering Atomic Stealer (AMOS) onto Mac users. This stealer has proven to be quite popular in the criminal underground and its developers have been adding new features to justify its hefty $3000/month rental fee. It looks like Atomic Stealer was updated around mid to late December 2023, where its developers introduced payload encryption in an effort to bypass detection rules. READ MORE...


Attack of the copycats: How fake messaging apps and app mods could bite you

Mobile applications make the world go round. Instant communication services are among the most popular apps on iOS and Android alike - US non-profit operation Signal has an estimated 40 million users, with the figure rising to 700 million for Telegram, another open-source messaging service. Meanwhile, Meta-owned WhatsApp is the undisputed global leader with an estimated two billion monthly active users. READ MORE...


Pikabot Malware Surfaces as Qakbot Replacement for Black Basta Attacks

A threat actor associated with Black Basta ransomware attacks has been wielding a new loader similar to the notoriously hard-to-kill Qakbot, in a widespread phishing campaign aimed at gaining entry to organization networks for further malicious activity. Tracked as Water Curupira by Trend Micro, the actor is best known for conducting dangerous campaigns to drop backdoors such as Cobalt Strike that ultimately lead to Black Basta ransomware attacks, researchers said in a post published Jan. 9. READ MORE...


Finland warns of Akira ransomware wiping NAS and tape backup devices

The Finish National Cybersecurity Center (NCSC-FI) is informing of increased Akira ransomware activity in December, targeting companies in the country and wiping backups. The agency says that the threat actor's attacks accounted for six out of the seven cases of ransomware incidents reported last month. Wiping the backups amplifies the damage of the attack and allows the threat actor to put more pressure on the victim as they eliminate the option of restoring the data without paying a ransom. READ MORE...

Information Security

Twitter says it's not its fault the SEC's account got hacked

The safety team at Twitter has responded to the high profile hack of the SEC Twitter account, which made headlines around the world. And what do they have to say? Well, in a nutshell - "it's not our fault." What @Safety is saying is that someone hijacked control of the mobile phone number associated with the official SEC account. This was, one assumes, through a SIM swap attack. READ MORE...

Exploits/Vulnerabilities

Hackers are targeting exposed MS SQL servers with Mimic ransomware

Hackers are brute-forcing exposed MS SQL database servers to deliver Mimic ransomware, Securonix researchers are warning. Mimic ransomware was first spotted in the wild in June 2022 and analyzed by Trend Micro researchers in January 2023. It abuses the APIs of a Windows filename search engine called Everything to search for files to be encrypted or avoided, and has the ability to delete shadow copies, kill processes and services (e.g., Windows Defender, Windows telemetry), unmount virtual drives, and more. READ MORE...

On This Date

  • ...in 1755, Founding Father, first Treasury Secretary, and Broadway musical inspiration Alexander Hamilton is born in the British West Indies.
  • ...in 1908, President Theodore Roosevelt designates the Grand Canyon a national monument.
  • ...in 1942, E Street Band saxophonist Clarence Clemons, AKA "The Big Man", is born in Norfolk County, VA.
  • ...in 1973, Major League Baseball's American League adopts the designated hitter rule.