<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 1/24/2023



GoTo says hackers stole customers' backups and encryption key

GoTo (formerly LogMeIn) is warning customers that threat actors who breached its development environment in November 2022 stole encrypted backups containing customer information and an encryption key for a portion of that data. GoTo provides a platform for cloud-based remote working, collaboration, and communication, as well as remote IT management and technical support solutions. READ MORE...

Zendesk Hacked After Employees Fall for Phishing Attack

Cryptocurrency trading and portfolio management company Coinigy revealed last week that it had been informed by Zendesk about a cybersecurity incident. According to the email received by Coinigy, Zendesk learned on October 25, 2022, that several employees were targeted in a "sophisticated SMS phishing campaign". Some employees took the bait and handed over their account credentials to the attackers, allowing them to access unstructured data from a logging platform. READ MORE...


Hackers use Golang source code interpreter to evade detection

A Chinese-speaking hacking group tracked as 'DragonSpark' was observed employing Golang source code interpretation to evade detection while launching espionage attacks against organizations in East Asia. The attacks are tracked by SentinelLabs, whose researchers report that DragonSpark relies on a little-known open-source tool called SparkRAT to steal sensitive data from compromised systems, execute commands, perform lateral network movement, and more. READ MORE...

FBI: North Korean hackers stole $100 million in Harmony crypto hack

The FBI has confirmed that the North Korean state-sponsored 'Lazarus' and APT38 hacking groups were behind the theft of $100 million worth of Ethereum stolen from Harmony Horizon in June 2022. Harmony Horizon is a cross-chain bridge for Ethereum that suffered a breach in June 2022, allowing hackers to assume control of a MultiSigWallet contract and use it to transfer large amounts of tokens to their addresses. READ MORE...

Software Updates

Apple patches are out - old iPhones get an old zero-day fix at last!

Last year, on the last day of August 2022, we wrote with mild astonishment, and perhaps even a tiny touch of excitement, about an unexpected but rather important update for iPhones stuck back on iOS 12. As we remarked at the time, we'd already decided that iOS 12 had slipped (or perhaps been quietly pushed) off Apple's radar, and would never be updated again, give that the previous update had been a year before that, back in September 2021. READ MORE...

Information Security

Ransomware victims are refusing to pay, tanking attackers' profits

Two new studies suggest that ransomware isn't the lucrative, enterprise-scale gotcha it used to be. Profits to attackers' wallets, and the percentage of victims paying, fell dramatically in 2022, according to two separate reports. Chainalysis, a blockchain analysis firm that has worked with a number of law enforcement and government agencies, suggests in a blog post that payments to attackers fell from $766 million in 2021 to $457 million last year. READ MORE...


Samsung Galaxy Store Flaws Can Lead to Unwanted App Installations, Code Execution

Cybersecurity firm NCC Group has shared details on two vulnerabilities in Samsung's Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page. An alternative app marketplace, the Galaxy Store comes pre-installed on Samsung's Android devices and can be used alongside Google Play to download and install software. READ MORE...

Security and the Electric Vehicle Charging Infrastructure

With more countries reaching the tipping point for electric vehicle (EV) adoption, it's more urgent than ever for the public and private sectors to invest in EV charging infrastructure. A robust and highly secure EV charging ecosystem is essential for ensuring network availability and stability, providing a seamless charging experience to drivers, and achieving zero-emission transportation. The downside is that cybersecurity risks are growing along with the charging infrastructure. READ MORE...

On This Date

  • ...in 1908, the first Boy Scout troop is organized in England by Robert Baden-Powell.
  • ...in 1947, singer-songwriter Warren Zevon ("Werewolves of London", "Lawyers, Guns and Money") is born in Chicago, IL.
  • ...in 1978, comedian and cartoon voice artist Kristen Schaal ("Bob's Burgers", "Gravity Falls") is born in Longmont, CO.
  • ...in 1984, the Apple Macintosh personal computer is first sold in the United States.