<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 10/18/2024

SHARE

Top News

FBI arrest Alabama man suspected of hacking SEC's X account

An Alabama man was arrested today by the FBI for his suspected role in hacking the SEC's X account to make a fake announcement that Bitcoin ETFs were approved. The Department of Justice said that 25-year-old Eric Council, of Alabama, and conspirators conducted a SIM-swap attack to take over the identity of the person in charge of SEC's X account. The SEC's X account was hacked on January 9th, 2024, to tweet that it had finally approved Bitcoin ETFs to be listed on stock exchanges. READ MORE...

Breaches

Troubled US insurance giant hit by extortion after data leak

US insurance provider Globe Life, already grappling with legal troubles, now faces a fresh headache: an extortion attempt involving stolen customer data. In a report to the US Securities and Exchange Commission published today, Globe Life said it was recently contacted by an unknown threat actor asking for money in exchange for not publishing "certain information held and used by the Company and its independent agents." READ MORE...


Omni Family Health Data Breach Impacts 470,000 Individuals

California network of health centers Omni Family Health is notifying close to 470,000 individuals that their personal information was stolen in a cyberattack earlier this year. The data breach, Omni says, was discovered on August 7, after learning that threat actors had posted on the dark web data allegedly stolen from its network. The leaked information, the healthcare provider says, pertains to current and former patients and employees. READ MORE...

Hacking

Brazil Arrests 'USDoD,' Hacker in FBI Infragard Breach

Brazilian authorities reportedly have arrested a 33-year-old man on suspicion of being "USDoD," a prolific cybercriminal who rose to infamy in 2022 after infiltrating the FBI's InfraGard program and leaking contact information for 80,000 members. More recently, USDoD was behind a breach at the consumer data broker National Public Data that led to the leak of Social Security numbers and other personal information for a significant portion of the U.S. population. READ MORE...


Undercover North Korean IT workers now steal data, extort employers

North Korean IT professionals who trick Western companies into hiring them are stealing data from the organization's network and asking for a ransom to not leak it. Dispatching IT workers to seek employment at companies in wealthier nations is a tactic that North Korea has been using for years as a means to obtain privileged access for cyberattacks or to generate revenue for the country's weapons programs. READ MORE...

Malware

Israeli orgs targeted with wiper malware via ESET-branded emails

Attackers have tried to deliver wiper malware to employees at organizations across Israel by impersonating cybersecurity company ESET via email. The attack took the form of a phishing email ostensibly sent by the "Eset Advanced Threat Defense Team", warning that state-backed hackers have tried compromising the target's device(s). The email was posted on ESET Security Forum's on October 8 by a recipient asking for confirmation that it was a phishing attempt. READ MORE...

Information Security

Internet Archive Slowly Revives After DDoS Barrage

The Internet Archive, a nonprofit digital library website, is beginning to come back online after a data breach and distributed denial-of-service (DDoS) attacks, prompting a week of its systems going offline. Founded in 1996 by Brewster Kahle, the archive offers users free access to a historical Web collection, known as the Wayback Machine. This including access to more than 150 billion webpages, nearly 250,000 movies, 500,000 audio items, and more. READ MORE...


Hong Kong Crime Ring Swindles Victims Out of $46M

Hong Kong police arrested 27 people Monday for their involvement in a deepfake scam operation, stealing $46 million from the scam's victims. The scammers used AI face-swapping technology to create female personas for online dating, using tools to alter their appearance and voices. They then contacted their victims via social media platforms using these AI-generated photos of people with made-up personalities, occupations, and backgrounds. READ MORE...

Exploits/Vulnerabilities

Redbox easily reverse-engineered to reveal customers' names, zip codes, rentals

Since Redbox went bankrupt, many have wondered what will happen to those red kiosks and DVDs. Another question worth examining is: What will happen to all the data stored inside the Redboxes? Redbox parent company Chicken Soup for the Soul filed for Chapter 7 bankruptcy in June and is in the process of liquidating its assets. Meanwhile, stores with Redboxes are eager to remove the obsolete hardware. READ MORE...


Microsoft: macOS Vulnerability Potentially Exploited in Adware Attacks

Microsoft on Thursday warned of a recently patched macOS vulnerability potentially being exploited in adware attacks. The issue, tracked as CVE-2024-44133, allows attackers to bypass the operating system's Transparency, Consent, and Control (TCC) technology and access user data. Apple addressed the bug in macOS Sequoia 15 in mid-September by removing the vulnerable code, noting that only MDM-managed devices are affected. READ MORE...

On This Date

  • ...in 1851, Herman Melville's novel "Moby-Dick" is first published as "The Whale."
  • ...in 1867, The Alaska territory is formally transferred to the U.S. from Russian control.
  • ...in 1954, Texas Instruments announces the development of the first transistor radio.
  • ...in 1967, the Soviet Venera 4 probe reaches Venus, becoming the first spacecraft to measure the atmosphere of another planet.