<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 10/19/2022

SHARE

Breaches

Verizon notifies prepaid customers their accounts were breached

Verizon warned an undisclosed number of prepaid customers that attackers gained access to Verizon accounts and used exposed credit card info in SIM swapping attacks. "We determined that between October 6 and October 10, 2022, a third party actor accessed the last four digits of the credit card used to make automatic payments on your account," Verizon said in an alert published this week. READ MORE...

Hacking

Hackers target Asian casinos in lengthy cyberespionage campaign

A hacking group named 'DiceyF' has been observed deploying a malicious attack framework against online casinos based in Southeast Asia since at least November 2021. According to a new report by Kaspersky, the DiceyF APT group does not appear to be targeting financial gains from the casinos but instead conducting stealthy cyberespionage and intellectual property theft. READ MORE...

Malware

Ransom Cartel linked to notorious REvil ransomware operation

Researchers have linked the relatively new Ransom Cartel ransomware operation with the notorious REvil gang based on code similarities in both operations' encryptors. REvil reached its pinnacle of success in the first half of 2021, compromising thousands of companies in a Kaseya MSP supply-chain attack, demanding a $50 million payment from computer maker Acer, and extorting Apple using stolen blueprints of non-yet-released devices. READ MORE...


Warning: "FaceStealer" iOS and Android apps steal your Facebook login

Earlier this month, security researchers from Meta found 400 malicious Android and iOS apps designed to steal user Facebook login credentials. Such mobile malware, which Malwarebytes detects typically as Android/Trojan.Spy.Facestealer, usually arrives as an app disguised as a useful or entertaining tool. But before the app can be fully used, it asks users to login to their accounts, at which point their usernames and passwords are sent to the fraudsters. READ MORE...

Information Security

Krebs on Security: How Card Skimming Disproportionally Affects Those Most In Need

When people banking in the United States lose money because their payment card got skimmed at an ATM, gas pump or grocery store checkout terminal, they may face hassles or delays in recovering any lost funds, but they are almost always made whole by their financial institution. Yet, one class of Americans - those receiving food assistance benefits via state-issued prepaid debit cards - are particularly exposed to losses from skimming scams, and usually have little recourse to do anything about it. READ MORE...


FBI: Looking for Biden's student loan forgiveness? Watch out for these scams

In what can only be described as inevitable, the FBI is warning those eligible for student loan debt relief to keep an eye out for scammers trying to take advantage of President's Biden program. The White House announced limited student loan debt forgiveness in August, with qualifying individuals and joint filers each able to get up to $10,000 of student loan debt forgiven, or double that amount if the person was awarded Pell grants for low-income students. READ MORE...

Exploits/Vulnerabilities

Thermal cameras could help reveal your password

Thermal imaging cameras detect heat energy, a helpful tool for engineers when hunting for thermal insulation gaps in buildings. But did you know that such devices can now aid in password theft? Because these devices are sold a lot cheaper than they used to, pretty much anyone can get their hands on them. And anyone with a thermal imaging device could be a potential password thief. READ MORE...


'Fully undetectable' Windows backdoor gets detected

SafeBreach Labs says it has detected a novel fully undetectable (FUD) PowerShell backdoor, which calls into question the accuracy of threat naming. More significantly, the malware may backdoor your Windows system by masquerading as part of the update process. Tomer Bar, director of security research at SafeBreach, explains in an advisory that the software nasty and associated command-and-control (C2) backend appear to have been developed by a competent unknown miscreant. READ MORE...

On This Date

  • ...in 1789, John Jay is sworn in as the first Chief Justice of the United States.
  • ...in 1945, actor John Lithgow ("Terms of Endearment", "3rd Rock from the Sun") is born in Rochester, NY.
  • ...in 1962, professional boxer Evander Holyfield is born in Atmore, AL.
  • ...in 1987, stock markets around the world crashed in what became known as "Black Monday."