<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 1/19/2024

SHARE

Breaches

Vans, North Face owner says ransomware breach affects 35 million people

VF Corporation, the company behind brands like Vans, Timberland, The North Face, Dickies, and Supreme, said that more than 35 million customers had their personal information stolen in a December ransomware attack. The American global apparel and footwear giant said that the affected customers' social security numbers, bank account information, or payment card information was not impacted since it doesn't store such data on its systems. READ MORE...


Kansas State University cyberattack disrupts IT network and services

Kansas State University (K-State) announced it is managing a cybersecurity incident that has disrupted certain network systems, including VPN, K-State Today emails, and video services on Canvas and Mediasite. Kansas State University is a public land-grant research university offering 65 masters and 45 doctoral programs. On Tuesday morning, the university announced on its media portal that it was experiencing disruption in some IT systems, and confirmed a cyberattack had caused it. READ MORE...

Hacking

US Charges Russian Involved in 2013 Hacking of Neiman Marcus, Michaels

The US Justice Department this week announced separate charges against two Russian nationals accused of being involved in cybercriminal activities, including a man allegedly involved in the 2013 hacking of retailers Michaels and Neiman Marcus. One of the indicted individuals is Aleksey Timofeyevich Stroganov, also known as Aleksei Stroganov, Flint, Flint24, Gursky Oleg, and Oleg Gurskiy. READ MORE...

Malware

Google: Russia's ColdRiver APT Unleashes Custom 'Spica' Malware

The Russia-backed advanced persistent threat (APT) known as ColdRiver has taken a dive into the icy waters of custom malware, rolling out a proprietary backdoor called "Spica." The use of malware represents a significant evolution in the group's tactics, techniques, and procedures (TTPs), and one that potential targets need to take note of, researchers say - especially as election season looms. READ MORE...

Information Security

US agencies warn made-in-China drones might help Beijing snoop on the world

Two US government agencies, the Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI), warned on Wednesday that drones made in China could be used to gather information on critical infrastructure. "The People's Republic of China (PRC) has enacted laws that provide the government with expanded legal grounds for accessing and controlling data held by firms in China," according to a statement on the CISA website. READ MORE...


IT consultant fined for daring to expose shoddy security

A security researcher in Germany has been fined €3,000 ($3,300, £2,600) for finding and reporting an e-commerce database vulnerability that was exposing almost 700,000 customer records. Back in June 2021, according to our pals at Heise, an contractor identified elsewhere as Hendrik H. was troubleshooting software for a customer of IT services firm Modern Solution GmbH. He discovered that the Modern Solution code made an MySQL connection to a MariaDB database server operated by the vendor. READ MORE...

Exploits/Vulnerabilities

VMware vCenter Server Vulnerability Exploited in Wild

VMware is warning customers that CVE-2023-34048, a critical vCenter Server vulnerability patched in October 2023, is being exploited in the wild. CVE-2023-34048 has been described as an out-of-bounds write issue related to the implementation of the DCERPC protocol. It can allow an attacker who has network access to vCenter Server to remotely execute arbitrary code. The issue was deemed so critical that VMware decided to release patches in October even for end-of-life versions of the product. READ MORE...

Encryption

80 years later, GCHQ releases new images of Nazi code-breaking computer

On Thursday, UK's Government Communications Headquarters (GCHQ) announced the release of previously unseen images and documents related to Colossus, one of the first digital computers. The release marks the 80th anniversary of the code-breaking machines that significantly aided the Allied forces during World War II. While some in the public knew of the computers earlier, the UK did not formally acknowledge the project's existence until the 2000s. READ MORE...

On This Date

  • ...in 1809, short story writer and poet Edgar Allen Poe, regarded as the inventor of the detective story, was born in Boston.
  • ...in 1883, the first electric lighting system using overhead wires, built by Thomas Edison, begins service in New Jersey.
  • ...in 1955, Dwight D. Eisenhower becomes the first president to hold news conferences to be filmed by TV and newsreels.
  • ...in 1977, President Gerald R. Ford pardons Iva Toguri D'Aquino, aka "Tokyo Rose", known for her propaganda broadcasts during World War II.