IT Security Newsletter - 1/31/2023
GitHub says hackers cloned code-signing certificates in breached repository
GitHub said unknown intruders gained unauthorized access to some of its code repositories and stole code-signing certificates for two of its desktop applications: Desktop and Atom. Code-signing certificates place a cryptographic stamp on code to verify it was developed by the listed organization, which in this case is GitHub. If decrypted, the certificates could allow an attacker to sign unofficial versions of the apps that had been maliciously tampered with and pass them off as legitimate. READ MORE...
U.S. No Fly list shared on a hacking forum, government investigating
A U.S. No Fly list with over 1.5 million records of banned flyers and upwards of 250,000 'selectees' has been shared publicly on a hacking forum. BleepingComputer has confirmed the list is the same TSA No Fly list that was discovered recently on an unsecured CommuteAir server. This month, Swiss hacker maia arson crimew (formerly Tillie Kottmann), stumbled upon a misconfigured AWS server containing TSA's No Fly list, as first reported by Daily Dot journalists Mikael Thalen and David Covucci. READ MORE...
10M JD Sports Customers' Info Exposed in Data Breach
UK sportswear retailer JD Sports is warning some 10 million of its customers that their personal data - including name, billing address, delivery address, email address, phone number, order details, and last four payment card digits - might have been exposed in a recent cyberattack. Affected customers placed online orders with JD Sports between November 2018 and October 2020 for items branded JD Sports, Size?, Millets, Blacks, Scotts, and MilletSport, the company said in a statement. READ MORE...
Long Con Impersonates Financial Advisers to Target Victims
Fraudsters have donned the identities of legitimate US financial advisers in an effort to gain the trust of victims, before recommending fraudulent financial investments. According to threat intelligence service DomainTools, the con artists, most of whom appear to be located in West Africa, have advertised on popular social media platforms, including TikTok, using the information of actual financial advisers, copying personal biographical information and work details. READ MORE...
Latvia says Russian hackers tried to phish its Ministry of Defence
Russian hackers are being blamed for an attempted phishing attack against the Latvian Ministry of Defence. Gamaredon, a Russian state-sponsored cyberespionage group, used a domain name (admou[.]org) previously linked to the gang in previous attacks designed to steal information and gain access to networks run by Ukraine and its allies. Researchers at French security outfit Sekoia explained that the hackers sent spear phishing emails to the Latvian MoD while posing as Ukrainian officials. READ MORE...
Gootloader malware updated with PowerShell, sneaky JavaScript
The operators of the Windows Gootloader malware - a crew dubbed UNC2565 - have upgraded the code in cunning ways to make it more intrusive and harder to find. Researchers with Google-owned security shop Mandiant started seeing significant changes to the Gootloader malware package - also known as Gootkit - in November 2022, including using multiple variations of FONELAUNCH, a .NET-based loader, as well as some newly developed payloads and obfuscation techniques. READ MORE...
Are Your Employees Thinking Critically About Their Online Behaviors?
A confused marketing team member nervously buys $1,000 worth of Amazon gift cards after receiving purchasing instructions via text from the "boss." The entire sales team mindlessly accepts cookies while visiting competitor websites and skips through privacy disclosures when downloading new apps to gather business intel. These panic-inducing scenarios are familiar to most modern IT and security leaders and share something in common. READ MORE...
KeePass disputes vulnerability allowing stealthy password theft
The development team behind the open-source password management software KeePass is disputing what is described as a newly found vulnerability that allows attackers to stealthily export the entire database in plain text. KeePass is a very popular open-source password manager that allows you to manage your passwords using a locally stored database, rather than a cloud-hosted one, such as LastPass or Bitwarden. READ MORE...
Chromebook SH1MMER exploit promises admin jailbreak
Users of enterprise-managed Chromebooks now, for better or worse, have a way to break the shackles of administrative control through an exploit called SHI1MMER. SH1MMER - you may pronounce the "1" as an "i" - is a shim exploit, or more specifically, a weaponized Return Merchandise Authorization (RMA) shim. A shim is Google-signed software used by hardware service vendors for Chromebook diagnostics and repairs. READ MORE...
- ...in 1919, Baseball Hall of Fame second baseman Jackie Robinson, the first African American MLB player, is born in Cairo, GA.
- ...in 1949, the first television daytime soap opera, "These Are My Children", is broadcast by NBC live from Chicago.
- ...in 1960, comics writer Grant Morrison ("The Invisibles", "All-Star Superman") is born in Glasgow, Scotland.
- ...in 2010, director James Cameron's "Avatar" becomes the first motion picture to gross over $2 billion worldwide.