IT Security Newsletter - 1/8/2024
Law Firm Orrick Reveals Extensive Data Breach, Over Half a Million Affected
Orrick, Herrington & Sutcliffe, a law firm that specializes in cyberattacks, last week disclosed that more than 600,000 individuals were impacted by a data breach that happened in early 2023. Between February 28 and March 13, 2023, the company said attackers had unauthorized access to a portion of its network, including a file share storing files related to Orrick's clients. READ MORE...
Mortgage firm loanDepot cyberattack impacts IT systems, payment portal
U.S. mortgage lender loanDepot has suffered a cyberattack that caused the company to take IT systems offline, preventing online payments against loans. loanDepot is one of the largest nonbank retail mortgage lenders in the USA, employing approximately 6,000 people and servicing loans of over $140 billion. Yesterday, customers began experiencing issues when trying to log in to the company's payment portal to pay loans or contact them by phone. READ MORE...
Former BreachForums admin to be jailed until Jan. 19 sentencing
A federal judge in the Eastern District of Virginia on Friday ordered that Conor Fitzpatrick be held in jail until his Jan. 19 sentencing for his role in running the notorious BreachForums cybercrime website. Fitzpatrick was arrested Jan. 2 after prosecutors said he violated the conditions of his pretrial release by using a computer without the required monitoring software and using virtual private network (VPN) services. READ MORE...
Stealthy AsyncRAT malware attacks targets US infrastructure for 11 months
A campaign delivering the AsyncRAT malware to select targets has been active for at least the past 11 months, using hundreds of unique loader samples and more than 100 domains. AsyncRAT is an open-source remote access tool (RAT) for Windows, publicly available since 2019, with functions for remote command execution, keylogging, data exfiltration, and dropping additional payloads. READ MORE...
North Korea Debuts 'SpectralBlur' Malware Amid macOS Onslaught
The prolific North Korean state-backed threat actor known as TA444 is back with shiny new malware for targeting macOS users, dubbed "SpectralBlur." The custom tool is the latest in a string of proprietary malware that the advanced persistent threat (APT) group has been consistently generating - a trait that sets it apart from other DPRK-sponsored threats. TA444 often shares overlaps with its well-known cousin APT, Lazarus Group. READ MORE...
Iranian Crypto Exchange Misstep Exposes User Details
A misconfigured object storage system used by Iranian crypto exchange bit24.cash has exposed the personal details of approximately 230,000 citizens in Iran. Researchers from Cybernews reported that the oversight in bit24.cash's MinIO left unprotected and open online S3 buckets storing users' verification documents, including consent letters, passport information, and credit card details. MinIO is an S3-compatible open source object storage system that handles unstructured data. READ MORE...
Major IT, Crypto Firms Exposed to Supply Chain Compromise via New Class of CI/CD Attack
Tens of thousands of public GitHub repositories are vulnerable to malicious code injection via self-hosted GitHub Actions runners, which could lead to high-impact supply chain attacks, security researchers warn. This new class of CI/CD attacks can be launched if a repository has self-hosted runners attached. These are "build agents hosted by end users running the Actions runner agent on their own infrastructure," Praetorian security researcher Adnan Khan explains. READ MORE...
Ivanti warns of critical vulnerability in its popular line of endpoint protection software
Software maker Ivanti is urging users of its end-point security product to patch a critical vulnerability that makes it possible for unauthenticated attackers to execute malicious code inside affected networks. The vulnerability, in a class known as a SQL injection, resides in all supported versions of the Ivanti Endpoint Manager. Also known as the Ivanti EPM, the software runs on a variety of platforms, including Windows, macOS, Linux, Chrome OS, and Internet of Things devices such as routers. READ MORE...
- ...in 1790, President George Washington delivers the first State of the Union address in New York City.
- ...in 1935, rock singer and cultural icon Elvis Presley is born in Tupelo, MS.
- ...in 1942, English theoretical physicist and author Stephen Hawking is born in Oxford.
- ...in 1947, musician David Robert Jones -- who changed his name to David Bowie to avoid confusion with the Monkees singer -- is born in London.