IT Security Newsletter

IT Security Newsletter - 1/9/2023

Written by Cadre | Mon, Jan 9, 2023

Vice Society Releases Info Stolen From 14 UK Schools, Including Passport Scans

Another month, another release of personal information stolen from a school system. This time, it's a group of 14 schools in the United Kingdom. Once again, the perpetrator appears to be Vice Society, which is well known for targeting educational systems in the US. As the Cybersecurity and Infrastructure Security Agency (CISA) pointed out in a bulletin from Sept. 6, "K-12 institutions may be seen as particularly lucrative targets due to the amount of sensitive student data." READ MORE...

Notorious Russian hacking group appears to resurface with fresh cyberattacks on Ukraine

Since Russia's invasion of Ukraine in February, Moscow's digital spies and hackers loyal to the Kremlin have attacked Ukrainian systems relentlessly in a bid to support the operation. But one group - known as Turla and widely regarded as one of Russia's most capable - has been conspicuously absent from the conflict, until now. On Thursday, researchers at Mandiant disclosed they discovered Turla targeting Ukrainian systems. READ MORE...

Hackers push fake Pokemon NFT game to take over Windows devices

Threat actors are using a well-crafted Pokemon NFT card game website to distribute the NetSupport remote access tool and take control over victims' devices. The website "pokemon-go[.]io," which is still online at the time of writing, claims to be home to a new NFT card game built around the Pokemon franchise, offering users strategic fun together with NFT investment profits. READ MORE...

Dridex malware pops back up and turns its attention to macOS

A variant of the bad penny that is Dridex, the general-purpose malware that has been around for years, now has macOS platforms in its sights and a new way of delivering malicious macros via documents. The first sample of this latest variant appeared on Virus Total in 2019, but detections started to rise a year later and peaked in December 2022, according to threat researchers at Trend Micro. READ MORE...

What Twitter's 200 million email leak really means

After reports at the end of 2022 that hackers were selling data stolen from 400 million Twitter users, researchers now say that a widely circulated trove of email addresses linked to about 200 million users is likely a refined version of the larger trove with duplicate entries removed. The social network has not yet commented on the massive exposure, but the cache of data clarifies the severity of the leak and who may be most at risk as a result of it. READ MORE...

What's at stake for 33M compromised LastPass users?

A seemingly run-of-the-mill breach at LastPass in August produced one of last year's most alarming security incidents. Downstream impacts mounted as the year came to a close, months after the password manager claimed the threat contained. LastPass users and business customers should be on high alert and change all passwords immediately, following a subsequent breach that exposed password vault data, according to cybersecurity analysts and threat researchers. READ MORE...

Car hackers discover vulnerabilities that could let them hijack millions of vehicles

The vulnerabilities could let attackers remotely track, stop or control a car - even an entire fleet of emergency vehicles. Another could give hackers access to some 15.5 million automobiles, allowing them to send commands to control braking systems. In total, a group of ethical car hackers discovered at least 20 vulnerabilities within the application programming interfaces, or APIs, that automakers rely on so technology inside cars can interact. READ MORE...

CISA Notifies Hitachi Energy Customers of High-Severity Vulnerabilities

The US Cybersecurity and Infrastructure Security Agency (CISA) published advisories last week to inform organizations using Hitachi Energy products about several recently addressed critical and high-severity vulnerabilities. CISA has published three advisories describing security flaws in three products made by energy solutions provider Hitachi Energy. The vendor published its own advisories for the vulnerabilities in December. READ MORE...

Chinese researchers' claimed quantum encryption crack looks unlikely

Briefly this week, it appeared that quantum computers might finally be ready to break 2048-bit RSA encryption, but that moment has passed. The occasion was the publication of an academic paper by no less than two dozen authors affiliated with seven different research institutions in China. The paper suggests that the application of Claus Peter Schnorr's recent factoring algorithm can break asymmetric RSA-2048 encryption. READ MORE...

  • ...in 1890, Czech author and playwright Karel Capek, who coined the word "robot" in his play "R.U.R.", is born in Austria-Hungary.
  • ...in 1923, Spanish aviator Juan de la Cierva makes the first flight in his autogyro, a precursor to the modern helicopter.
  • ...in 1955, character actor J.K. Simmons ("Whiplash", "Spider-Man") is born in Grosse Pointe, MI.
  • ...in 2007, Apple CEO Steve Jobs introduces the first iPhone at a Macworld keynote in San Francisco.