IT Security Newsletter - 10/17/2024
Two accused of DDoSing some of the world's biggest tech companies
Federal authorities have charged two Sudanese nationals with running an operation that performed tens of thousands of distributed denial of service (DDoS) attacks against some of the world's biggest technology companies, as well as critical infrastructure and government agencies. The service, branded as Anonymous Sudan, directed powerful and sustained DDoSes against Big Tech companies, including Microsoft, OpenAI, Riot Games, PayPal, Steam, Hulu, Netflix, Reddit, GitHub, and Cloudflare. READ MORE...
Volkswagen monitoring data dump threat from 8Base ransomware crew
The 8Base ransomware crew claims to have stolen a huge data dump of Volkswagen files and is threatening to publish them, but the German car giant appears to be unconcerned. The extortionists, who first came to light in 2022, posted a warning on their dark web page claiming to have detailed files stolen from Volkswagen, amongst others. The group says it has stolen "a huge amount of confidential information." READ MORE...
Iranian hackers are going after critical infrastructure sector passwords, agencies caution
Iranian hackers are aggressively trying to crack passwords in the health care, government, information technology, energy and engineering sectors, an advisory from U.S., Canadian and Australian cyber agencies said Wednesday. The "brute force" attacks - which take a variety of forms - date to October of last year, according to the FBI, the Cybersecurity and Infrastructure Security Agency, the National Security Agency, the Communications Security Establishment Canada, with other agencies. READ MORE...
Brazilian police claim they've cuffed serial cybercrook behind FBI and Airbus attacks
Brazilian police are being cagey with the details about the arrest of a person suspected to be responsible for various high-profile data thefts. The policia federal, aka the "PF," seized the suspect on Wednesday, noting they were being held in connection to online assaults on the FBI's InfraGard, Airbus, the US Environmental Protection Agency (EPA), and the PF itself. The arrested individual wasn't named, although people didn't have to pull a muscle to make the connection to USDoD. READ MORE...
F5 BIG-IP Updates Patch High-Severity Elevation of Privilege Vulnerability
F5 on Wednesday published its October 2024 quarterly security notification, describing two vulnerabilities addressed in BIG-IP and BIG-IQ enterprise products. Updates released for BIG-IP address a high-severity security defect tracked as CVE-2024-45844. Affecting the appliance's monitor functionality, the bug could allow authenticated attackers to elevate their privileges and make configuration changes. READ MORE...
Cisco Patches High-Severity Vulnerabilities in Analog Telephone Adapters
Cisco on Wednesday announced patches for eight vulnerabilities in the firmware of ATA 190 series analog telephone adapters, including two high-severity flaws leading to configuration changes and cross-site request forgery (CSRF) attacks. Impacting the web-based management interface of the firmware and tracked as CVE-2024-20458, the first bug exists because specific HTTP endpoints lack authentication. READ MORE...
North Korean hackers use newly discovered Linux malware to raid ATMs
In the beginning, North Korean hackers compromised the banking infrastructure running AIX, IBM's proprietary version of Unix. Next, they hacked infrastructure running Windows. Now, the state-backed bank robbers have expanded their repertoire to include Linux. The malware, tracked under the name FASTCash, is a remote access tool that gets installed on payment switches inside compromised networks that handle payment card transactions. READ MORE...
Tor Browser and Firefox users should update to fix actively exploited vulnerability
Mozilla has announced a security fix for its Firefox browser which also impacts the closely related Tor Browser. The new version fixes one critical security vulnerability which is reportedly under active exploitation. To address the flaw, both Mozilla and Tor recommend that users update their browsers to the most current versions available. Firefox users that have automatic updates enabled should have the new version available as soon or shortly after they open the browser. READ MORE...
Quishing attacks are targeting electric car owners: Here's how to slam on the brakes
Many countries and regions across the world have been moving quickly on electric cars in recent years. Around 14 million new cars were registered in 2023 alone, a 35% annual increase which brings the worldwide total to over 40 million. But with new technology comes new threats. Ever alert to fresh money-making opportunities, criminal groups are blending physical and virtual-world threats to steal drivers' payment details. READ MORE...
Chinese Researchers Tap Quantum to Break Encryption
Researchers at China's Shanghai University have demonstrated how quantum mechanics could pose a realistic threat to current encryption schemes even before full-fledged quantum computers become available. The researchers' paper describes how they developed a working RSA public key cryptography attack using D-Wave's Advantage quantum computer. Specifically, the researchers used the computer to successfully factor a 50-bit integer into its prime factors. READ MORE...
- ...in 1814, a vat of fermenting porter at London's Horse Shoe Brewery bursts, releasing over a million liters of liquid in what came to be known as the London Beer Flood.
- ...in 1914, writer Jerry Siegel, who co-created Superman with collaborator Joe Shuster, is born in Cleveland, OH.
- ...in 1931, organized crime boss Al Capone, known as "Public Enemy No. 1", is finally convicted on 22 counts of tax evasion.
- ...in 1933, Due to rising anti-Semitism and anti-intellectualism in Hitler's Germany, Albert Einstein immigrates to the U.S., making his home in Princeton, NJ.