<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 1/23/2024

SHARE

Top News

SEC confirms X account was hacked in SIM swapping attack

The U.S. Securities and Exchange Commission confirmed today that its X account was hacked through a SIM-swapping attack on the cell phone number associated with the account. Earlier this month, the SEC's X account was hacked to issue a fake announcement that the agency had finally approved Bitcoin ETFs on security exchanges. Ironically, the SEC approved Bitcoin ETFs in a legitimate announcement the following day. READ MORE...


North Korean government hackers target individuals of interest, infosec professionals

North Korean government hackers focused on gathering strategic intelligence have carried out a series of campaigns against media organizations and high-profile experts in the country's affairs, while also preparing a campaign likely designed to target cybersecurity researchers, according to a new report from SentinelLabs. The hacking unit was observed targeting the same experts repeatedly over November and December 2023. READ MORE...

Breaches

Australia sanctions REvil hacker behind Medibank data breach

The Australian government has announced sanctions for Aleksandr Gennadievich Ermakov, a Russian national considered responsible for the 2022 Medibank hack and a member of the REvil ransomware group. Medibank is a large health insurance provider in Australia that suffered a ransomware attack in October 2022, causing operational and business disruption. Following an internal investigation, it was determined that hackers had accessed troves of customers' personal data. READ MORE...


LoanDepot ransomware attack exposes data on almost 17M customers

The sensitive personal information of 16.6 million loanDepot customers was stolen during a ransomware attack earlier this month, the California-based company said Monday in a filing with the Securities and Exchange Commission. LoanDepot first disclosed the ransomware attack on Jan. 8 and took some of its IT systems offline as part of its response. Some customer portals were brought back online with limited functionality starting Jan. 18. READ MORE...


Data of 15 million Trello users scraped and offered for sale

Someone is selling scraped data of millions of users of Trello, a popular a web-based list-making application and project management platform, on a dark web hacker forum. The database dump "contains emails, usernames, full names and other account info," the seller claims in the advertisement. The dump contains 15,115,516 unique lines (i.e., records). As proof that the data is authentic, the seller published a sample that contains entries matching the term 'cheko'. READ MORE...

Hacking

'VexTrio' TDS: The Biggest Cybercrime Operation on the Web?

A single traffic distribution system (TDS) operator in possession of more than 70,000 domains is facilitating scams, phishing, and malware infections on an unprecedented scale. The group, "VexTrio," isn't known for its malicious campaigns, though it does occasionally get its feet wet in cybercrime. Instead, it manages a TDS network connecting threat actors who compromise vulnerable websites with those who host malicious content. READ MORE...


Subway Sandwich Chain Investigating Ransomware Group's Claims

Sandwich chain Subway has launched an investigation after the notorious LockBit ransomware group claimed over the weekend that it hacked into the company's systems and stole vast amounts of information. "The biggest sandwich chain is pretending that nothing happened," the LockBit gang said in a message posted on its website. "We exfiltrated their SUBS internal system which includes hundreds of gigabytes of data and all financial [aspects] of the franchise." READ MORE...

Software Updates

Apple Ships iOS 17.3, Warns of WebKit Zero-Day Exploitation

Apple is pushing out fresh versions of its flagship iOS and macOS platforms with patches for multiple WebKit vulnerabilities being exploited as zero-day in the wild. The device maker said the newest iOS 17.3 and macOS Sonoma 14.3 updates fix at least 16 documented vulnerabilities that expose Apple users to code execution, denial-of-service and data exposure attacks. The Cupertino company called urgent attention to a trio of WebKit security defects that have already been exploited. READ MORE...

Malware

Magecart Adds Middle East Retailers to Long List of Victims

Retailers in the Middle East and Africa account for a greater number of victims of Web-skimming attacks, but with a small fraction of the total number of consumer victims. In the latest discovery of such an attack, an independent researcher claims to have uncovered Web-skimming code on a staging server of clothing retail site Khaadi, based in Pakistan and the United Arab Emirates. The code was discovered during an investigation into a Web-skimming attack on another website. READ MORE...

Exploits/Vulnerabilities

Atlassian Confluence Server RCE attacks underway from 600+ IPs

More than 600 IP addresses are launching thousands of exploit attempts against CVE-2023-22527 - a critical bug in out-of-date versions of Atlassian Confluence Data Center and Server - according to non-profit security org Shadowserver. Atlassian disclosed the flaw, a template injection flaw that can allow unauthenticated remote code execution (RCE) attacks, last week. The CVE scored a CVSS rating of 10 out of 10, and it affects Confluence Data Center and Server 8 versions. READ MORE...

On This Date

  • ...in 1944, actor Rutger Hauer ("Blade Runner", "Ladyhawke") is born in Utrecht, Netherlands.
  • ...in 1957, former US Air Force pilot Walter Morrison sells his invention, called the "Pluto Platter", to Wham-O. It would go on to become a household name, as the Frisbee.
  • ...in 1986, the Rock and Roll Hall of Fame inducts its first honorees, including Little Richard, Chuck Berry, Buddy Holly, Jerry Lee Lewis, and Elvis Presley, among others.
  • ...in 1998, Netscape announces the formation of Mozilla. It would outlive its parent company, releasing the Firefox web browser and several other open-source products.