<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 1/29/2024

SHARE

Top News

In major gaffe, hacked Microsoft test account was assigned admin privileges

The hackers who recently broke into Microsoft's network and monitored top executives' email for two months did so by gaining access to an aging test account with administrative privileges, a major gaffe on the company's part, a researcher said. The new detail was provided in vaguely worded language included in a post Microsoft published on Thursday. It expanded on a disclosure Microsoft published late last Friday. READ MORE...


Microsoft Shares New Guidance in Wake of 'Midnight Blizzard' Cyberattack

Microsoft has released new guidance for organizations on how to protect against persistent nation-state attacks like the one disclosed a few days ago that infiltrated its own corporate email system. A key focus of the guidance is on what organizations can do to protect against threat actors using malicious OAuth apps to hide their activity and maintain access to applications, despite efforts to boot them out. READ MORE...

Breaches

Kansas City public transportation authority hit by ransomware

The Kansas City Area Transportation Authority (KCATA) announced it was targeted by a ransomware attack on Tuesday, January 23. KCATA is a bi-state public transit agency serving seven counties of Missouri and Kansas, operating 78 bus routes and 6 MetroFlex routes using a fleet of 300 buses. The company reports that 10.5 million people use their services in a year. On Wednesday, the organization announced that it suffered a ransomware attack that impacted all its communication systems. READ MORE...

Hacking

Ukraine: Hack wiped 2 petabytes of data from Russian research center

The Main Intelligence Directorate of Ukraine's Ministry of Defense claims that pro-Ukrainian hacktivists breached the Russian Center for Space Hydrometeorology, aka "planeta" (???????), and wiped 2 petabytes of data. Planeta is a state research center using space satellite data and ground sources like radars and stations to provide information and accurate predictions about weather, climate, natural disasters, extreme phenomena, and volcanic monitoring. READ MORE...

Malware

Trickbot malware developer jailed for five years

A 40-year-old Russian man has been sentenced to five years and four months in prison by a US court, for his involvement in the Trickbot gang that deployed ransomware and stole money and sensitive information from businesses around the world. Vladimir Dunaev, from Amur Oblast in the far east of Russia, was a key member of the Trickbot cybercrime gang, infamous for its sophisticated data-stealing Trojan that defrauded innocent internet users in the United States, UK, and elsewhere. READ MORE...

Exploits/Vulnerabilities

Nearly 800 GoAnywhere instances are unpatched, exposed to critical CVE

Nearly 800 instances of Forta's GoAnywhere MFT remain unpatched and potentially exposed to a critical vulnerability disclosed earlier this week, according to Shadowserver data published Friday. While many instances of the file-transfer service remain unpatched, less than 30 are vulnerable to exploits due to admin panel exposure on the public internet, Shadowserver said. Remote access to the administration panel is required for threat actors to exploit the critical authentication bypass vulnerability. READ MORE...

On This Date

  • ...in 1737, political theorist Thomas Paine ("Common Sense", "The Rights of Man") is born in Norfolk, Great Britain.
  • ...in 1845, Edgar Allen Poe's "The Raven" is first published in the New York Evening Mirror.
  • ...in 1886, Karl Benz receives a patent for his 3-wheeled "Motorwagen", the first automobile to be powered by an internal-combustion engine.
  • ...in 1954, television host and producer Oprah Winfrey is born in Kosciusko, MS.
  • ...in 1964, Stanley Kubrick's "Dr. Strangelove or: How I Learned to Stop Worrying and Love the Bomb" debuts in theaters.