Orrick, Herrington & Sutcliffe, a law firm that specializes in cyberattacks, last week disclosed that more than 600,000 individuals were impacted by a data breach that happened in early 2023. Between February 28 and March 13, 2023, the company said attackers had unauthorized access to a portion of its network, including a file share storing files related to Orrick's clients. READ MORE...
U.S. mortgage lender loanDepot has suffered a cyberattack that caused the company to take IT systems offline, preventing online payments against loans. loanDepot is one of the largest nonbank retail mortgage lenders in the USA, employing approximately 6,000 people and servicing loans of over $140 billion. Yesterday, customers began experiencing issues when trying to log in to the company's payment portal to pay loans or contact them by phone. READ MORE...
A federal judge in the Eastern District of Virginia on Friday ordered that Conor Fitzpatrick be held in jail until his Jan. 19 sentencing for his role in running the notorious BreachForums cybercrime website. Fitzpatrick was arrested Jan. 2 after prosecutors said he violated the conditions of his pretrial release by using a computer without the required monitoring software and using virtual private network (VPN) services. READ MORE...
A campaign delivering the AsyncRAT malware to select targets has been active for at least the past 11 months, using hundreds of unique loader samples and more than 100 domains. AsyncRAT is an open-source remote access tool (RAT) for Windows, publicly available since 2019, with functions for remote command execution, keylogging, data exfiltration, and dropping additional payloads. READ MORE...
The prolific North Korean state-backed threat actor known as TA444 is back with shiny new malware for targeting macOS users, dubbed "SpectralBlur." The custom tool is the latest in a string of proprietary malware that the advanced persistent threat (APT) group has been consistently generating - a trait that sets it apart from other DPRK-sponsored threats. TA444 often shares overlaps with its well-known cousin APT, Lazarus Group. READ MORE...
A misconfigured object storage system used by Iranian crypto exchange bit24.cash has exposed the personal details of approximately 230,000 citizens in Iran. Researchers from Cybernews reported that the oversight in bit24.cash's MinIO left unprotected and open online S3 buckets storing users' verification documents, including consent letters, passport information, and credit card details. MinIO is an S3-compatible open source object storage system that handles unstructured data. READ MORE...
Tens of thousands of public GitHub repositories are vulnerable to malicious code injection via self-hosted GitHub Actions runners, which could lead to high-impact supply chain attacks, security researchers warn. This new class of CI/CD attacks can be launched if a repository has self-hosted runners attached. These are "build agents hosted by end users running the Actions runner agent on their own infrastructure," Praetorian security researcher Adnan Khan explains. READ MORE...
Software maker Ivanti is urging users of its end-point security product to patch a critical vulnerability that makes it possible for unauthenticated attackers to execute malicious code inside affected networks. The vulnerability, in a class known as a SQL injection, resides in all supported versions of the Ivanti Endpoint Manager. Also known as the Ivanti EPM, the software runs on a variety of platforms, including Windows, macOS, Linux, Chrome OS, and Internet of Things devices such as routers. READ MORE...