<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 1/20/2023



T-Mobile investigates yet another data breach, this one affecting 37 million accounts

The telecom giant T-Mobile, which has suffered several massive data breaches in recent years, disclosed in a financial filing Thursday that the company is investigating another breach that impacted as many as 37 million users. A malicious actor was able to gain access to an internal system allowing them to steal account information including names, billing addresses, emails, phone numbers, dates of birth and account numbers. READ MORE...

PayPal warns 35,000 customers of exposure following credential stuffing attack

Nearly 35,000 PayPal accounts were accessed via a credential stuffing attack, exposing personal information including names, addresses, social security numbers, tax identification numbers, and dates of birth, the company said Wednesday. The financial services company said unauthorized parties accessed PayPal customer accounts between Dec. 6 and Dec. 8. READ MORE...


Hacker group incorporates DNS hijacking into its malicious website campaign

Researchers have uncovered a malicious Android app that can tamper with the wireless router the infected phone is connected to and force the router to send all network devices to malicious sites. The malicious app, found by Kaspersky, uses a technique known as DNS (Domain Name System) hijacking. Once the app is installed, it connects to the router and attempts to log in to its administrative account by using default or commonly used credentials, such as admin:admin. READ MORE...

Ransomware gang steals data from KFC, Taco Bell, and Pizza Hut brand owner

Yum! Brands, the fast food brand operator of KFC, Pizza Hut, Taco Bell, and The Habit Burger Grill fast-food restaurant chains, has been targeted by a ransomware attack that forced the closure of 300 locations in the United Kingdom. Yum! Brands operates 53,000 restaurants across 155 countries and territories, with over $5 billion in total assets and $1.3 billion in yearly net profit. READ MORE...


New 'Hook' Android malware lets hackers remotely control your phone

A new Android malware named 'Hook' is being sold by cybercriminals, boasting it can remotely take over mobile devices in real-time using VNC (virtual network computing). The new malware is promoted by the creator of Ermac, an Android banking trojan selling for $5,000/month that helps threat actors steal credentials from over 467 banking and crypto apps via overlaid login pages. READ MORE...

Attackers Crafted Custom Malware for Fortinet Zero-Day

Researchers analyzing data associated with a recently disclosed zero-day vulnerability in Fortinet's FortiOS SSL-VPN technology have identified a sophisticated new backdoor specifically designed to run on Fortinet's FortiGate firewalls. The malware appears to be the work of a China-based threat actor engaged in cyber-espionage operations targeting government organizations and those working with these organizations. READ MORE...

Information Security

The politics and power of Latin American hacktivists Guacamaya

At a press conference in Mexico City last October, about a month after a massive leak of secret government and military documents created a domestic political firestorm, Mexican President Andrés Manuel López Obrador attempted to downplay the ensuing controversy. He told reporters his opponents failed to use the information against him and mocked the hacktivists behind the breach, a group calling itself "Guacamaya," the Mayan name for a macaw. READ MORE...


EmojiDeploy Attack Chain Targets Misconfigured Azure Service

An attack chain exploiting misconfigurations and weak security controls in a common Azure service is highlighting how lack of visibility impacts the security of cloud platforms. The "EmojiDeploy" attack chain could allow a threat actor to run arbitrary code with the permission of the Web server, steal or delete sensitive data, and compromise a targeted application, Ermetic stated in its Jan. 19 advisory. READ MORE...

On This Date

  • ...in 1918, Mexican composer and bandleader Juan Garcia Esquivel, known as "The King of Space Age Pop", is born in Tampico, Mexico.
  • ...in 1920, actor DeForest Kelley, best known as Dr. Leonard "Bones" McCoy from "Star Trek", is born in Toccoa, GA.
  • ...in 1946, film/TV director and screenwriter David Lynch ("Blue Velvet", "Twin Peaks") is born in Missoula, MT.
  • ...in 2009, Barack Obama is inaugurated as the 44th President of the United States, becoming the first African-American man to hold the office.