<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 1/5/2023

SHARE

Breaches

Five Guys Data Breach Puts HR Data Under a Heat Lamp

The Five Guys burger empire has been hit with what appears to be a "smash-and-grab" operation: Cyberattackers busted into a file server and made off with the personally identifiable information (PII) of people who applied to work at the chain. Details are scant, but in a form letter to the impacted sent out on Dec. 29, Five Guys chief operating officer Sam Chamberlain noted that an "unauthorized access to files" was discovered on Sept. 17 and was blocked the same day. READ MORE...


Slack Says Hackers Stole Private Source Code Repositories

Enterprise communication and collaboration platform Slack has informed customers that hackers have stolen some of its private source code repositories, but claims impact is limited. Slack disclosed the incident on December 31. It's not uncommon for companies to disclose data breaches right before or during major holidays in hopes that they will not get too much attention. READ MORE...

Hacking

French-speaking cybercriminals continue attacks on African banks

A cybercrime group believed responsible for a series of thefts targeting African banks continued its attacks on financial institutions on the continent well into 2022, according new research from Symantec. In a report released Thursday, researchers at Symantec reported that the group, which it tracks as "Bluebottle," carried out attacks on African banks as late as September of last year, offering new insights into the group's tactics and tools. READ MORE...


The Guardian ransomware attack hits week two as staff told to work from home

Long-standing British newspaper The Guardian has told staff to continue working from home and notified the UK's data privacy watchdog about the security breach following a suspected ransomware attack before Christmas. The publication broke the news about the "serious IT incident" on its systems on December 21, and said the attack affected parts of the company's technology infrastructure. At the time, it told staff to work from home. READ MORE...

Malware

BitRat Malware Gnaws at Victims With Bank Heist Data

Threat actors are using data stolen from a Colombian bank as a lure in what appears to be a malicious campaign aimed at spreading the BitRAT malware, researchers have found. The activity demonstrates the evolution of how attackers are using commercial, off-the-shelf malware in advanced threat scenarios, they said. Researchers at IT security and compliance firm Qualys were investigating "multiple lures" for BitRAT when they identified that the infrastructure of a Colombian bank had been hijacked. READ MORE...

Information Security

Database Containing 235 Million Twitter User Records Available for Free

A database containing over 235 million unique records of Twitter users is now available for free on the web, cybercrime intelligence firm Hudson Rock warns. Containing information such as name, username, email address, follower count, and creation date, the database has been circulating on underground forums and was eventually leaked for free. The information in the database, however, appears to have been gathered via web-scraping rather than by hacking into Twitter's systems. READ MORE...

Exploits/Vulnerabilities

Hackers abuse Windows error reporting tool to deploy malware

Hackers are abusing the Windows Problem Reporting (WerFault.exe) error reporting tool for Windows to load malware into a compromised system's memory using a DLL sideloading technique. The use of this Windows executable is to stealthy infect devices without raising any alarms on the breached system by launching the malware through a legitimate Windows executable. READ MORE...


Toyota, Mercedes, BMW API flaws exposed owners' personal info

Almost twenty car manufacturers and services contained API security vulnerabilities that could have allowed hackers to perform malicious activity, ranging from unlocking, starting, and tracking cars to exposing customers' personal information. The security flaws impacted well-known brands, including BMW, Roll Royce, Mercedes-Benz, Ferrari, Porsche, Jaguar, Land Rover, Ford, KIA, Honda, Infiniti, Nissan, Acura, Hyundai, Toyota, and Genesis. READ MORE...

On This Date

  • ...in 1914, "Adventures of Superman" actor George Reeves is born in Woolstock, IA.
  • ...in 1932, philosopher and author Umberto Eco ("The Name of the Rose", "Foucault's Pendulum") is born in Piedmont, Italy.
  • ...in 1933, construction on the Golden Gate Bridge begins.
  • ...in 1941, Academy Award-winning animation director Hayao Miyazaki ("Spirited Away", "My Neighbor Totoro") is born in Tokyo, Japan.