IT Security Newsletter - 10/14/2024
Iranian Cyberspies Exploiting Recent Windows Kernel Vulnerability
The Iran-linked cyberespionage group OilRig has been observed intensifying cyber operations against government entities in the Gulf region, cybersecurity firm Trend Micro reports. Also tracked as APT34, Cobalt Gypsy, Earth Simnavaz, and Helix Kitten, the advanced persistent threat (APT) actor has been active since at least 2014, targeting entities in the energy, and other critical infrastructure sectors, and pursuing objectives aligned with those of the Iranian government. READ MORE...
Gryphon Healthcare, Tri-City Medical Center Disclose Significant Data Breaches
Gryphon Healthcare and Tri-City Medical Center last week disclosed separate data breaches in which the personal information of more than 500,000 individuals was stolen. The Houston, Texas-based billing services provider Gryphon is notifying 393,358 individuals of an incident discovered on August 13, 2024, which involved an unnamed partner "that Gryphon provides medical billing services for." READ MORE...
American Water Reconnects Its Network Taps After Cyber Incident
American Water, the largest regulated water and wastewater utility company in the US, is now reconnecting its infrastructures, after taking its systems offline due to a cybersecurity incident it reported on Oct. 7. The company provides drinking water and sewer services to more than 14 million people across 14 states and 18 military installations. In an update on Oct. 10, it reported that there is no evidence to support that the cyber incident impacted its water or wastewater facilities. READ MORE...
Agencies warn about Russian government hackers going after unpatched vulnerabilities
Russian government hackers are targeting known, unpatched vulnerabilities to victimize specific organizations like governments and defense contractors while also scanning the internet for any susceptible systems to attack, U.S. and U.K. cyber agencies said in a joint alert. The threat actors tied to the Russian Foreign Intelligence Service (SVR) "are highly capable of and interested in exploiting software vulnerabilities." READ MORE...
Telekopye transitions to targeting tourists via hotel booking scam
The growing popularity of online marketplaces has attracted fraudsters preying on unsuspecting buyers and sellers, looking to score payment card information rather than to strike a bargain. ESET researchers have found that one such organized scammer network - which uses Telekopye, a toolkit discovered by ESET Research in 2023 - has expanded its operations to target users of popular accommodation booking platforms. READ MORE...
Schools bombarded by nation-state attacks, ransomware gangs, and everyone in between
If we were to draw an infosec Venn diagram, with one circle representing "sensitive info that attackers would want to steal" and the other "limited resources plus difficult-to-secure IT environments," education would sit in the overlap. Schools - including K-12, colleges, and universities - store health and medical records, data belonging to minors, financial information, sensitive research, AI training models and other proprietary IP. READ MORE...
Juniper Networks Patches Dozens of Vulnerabilities
Juniper Networks has released patches for dozens of vulnerabilities in its Junos OS and Junos OS Evolved network operating systems, including multiple flaws in several third-party software components. Fixes were announced for roughly a dozen high-severity security defects impacting components such as the packet forwarding engine (PFE), routing protocol daemon (RPD), routing engine (RE), kernel, and HTTP daemon. READ MORE...
OpenAI confirms threat actors use ChatGPT to write malware
OpenAI has disrupted over 20 malicious cyber operations abusing its AI-powered chatbot, ChatGPT, for debugging and developing malware, spreading misinformation, evading detection, and conducting spear-phishing attacks. The report, which focuses on operations since the beginning of the year, constitutes the first official confirmation that generative mainstream AI tools are used to enhance offensive cyber operations. READ MORE...
Thousands of Fortinet instances vulnerable to actively exploited flaw
More than 86,000 Fortinet instances remain vulnerable to the critical flaw that attackers started exploiting last week, according to Shadowserver's data. The most recent count taken from Sunday put the number of IPs vulnerable to the bug at 86,602 - a slight decrease from 87,930 the day before. The internet security biz's data showed the majority of those appliances are located in Asia (38,778), followed, though not closely, by North America (21,262) and Europe (16,381). READ MORE...
- ...in 1884, George Eastman receives a patent for his paper-strip photographic film.
- ...in 1947, Charles "Chuck" Yeager becomes the first pilot to break the sound barrier, flying the experimental Bell X1 rocket plane.
- ...in 1962, the Cuban Missile Crisis begins, with Soviet-made missiles with nuclear capabilities being spotted by US intelligence in western Cuba.
- ...in 2012, daredevil Felix Baumgartner successfully parachutes from a height of 24 miles, setting multiple world records for both altitude and free-fall velocity.