<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 10/31/2024

SHARE

Breaches

Mystic Valley Elder Services Data Breach Impacts 87,000 People

Mystic Valley Elder Services, a Massachusetts-based non-profit that provides health and other services to the elderly and people with disabilities, has suffered a data breach impacting many individuals. The intrusion was detected by Mystic Valley Elder Services (MVES) in early April and an investigation was immediately launched. The investigation revealed a few months later that the attacker may have stolen files containing personal information. READ MORE...

Hacking

Sophos mounted counter-offensive operation to foil Chinese attackers

Sophos conducted defensive and counter-offensive operation over the last five years with multiple interlinked nation-state adversaries based in China targeting perimeter devices, including Sophos Firewalls. The attackers used a series of campaigns with novel exploits and customized malware to embed tools to conduct surveillance, sabotage and cyberespionage as well as overlapping tactics, tools and procedures with well-known Chinese nation-state groups including Volt Typhoon, APT31 and APT41. READ MORE...

Software Updates

QNAP patches second zero-day exploited at Pwn2Own to get root

QNAP has released security patches for a second zero-day bug exploited by security researchers during last week's Pwn2Own hacking contest. This critical SQL injection (SQLi) vulnerability, tracked as CVE-2024-50387, was found in QNAP's SMB Service and is now fixed in versions 4.15.002 or later and h4.15.002 and later. The zero-day flaw was patched one week after allowing YingMuo to get a root shell and take over a QNAP TS-464 NAS device at Pwn2Own Ireland 2024. READ MORE...

Malware

Vishing, Mishing Go Next-Level With FakeCall Android Malware

A new variant of a sophisticated malware that helps attackers carry out advanced voice and mobile phishing (aka vishing and mishing) attacks against Android users has evolved with new capabilities that extend their control over compromised devices to commit further malicious activities. FakeCall, a malware that's been tracked by various research groups since at least 2022, conducts the attacks by tricking victims into calling fraudulent phone numbers controlled by the attacker. READ MORE...


North Korean hackers pave the way for Play ransomware

North Korean state-sponsored hackers - Jumpy Pisces, aka Andariel, aka Onyx Sleet - have been spotted burrowing into enterprise systems, then seemingly handing matters over to the Play ransomware group. The ransomware attack was investigated by Palo Alto Networks' Unit 42 in September 2024, and they determined that North Korean hackers gained access to a host using a compromised users account and tried to install custom malware. READ MORE...

Information Security

Norton Report Reveals Nearly Half of US Consumers Were Targeted by a Scam While Online Shopping

oliday shopping is in full swing, with over 60% of Americans ready to click "add to cart" for most of their purchases this holiday season. But it's not just shoppers gearing up - scammers are, too. Nearly half (48%) of U.S. consumers report being targeted by a scam while holiday shopping online, according to the 2024 Norton Cyber Safety Insights Report: Holiday. Additionally, more than half (53%) of Americans are worried about Black Friday and Cyber Monday shopping scams. READ MORE...

Exploits/Vulnerabilities

Yahoo Discloses NetIQ iManager Flaws Allowing Remote Code Execution

Yahoo's Paranoid vulnerability research team has identified nearly a dozen flaws in OpenText's NetIQ iManager product, including some that could have been chained for unauthenticated remote code execution. NetIQ iManager is an enterprise directory management tool that enables secure remote access to network administration utilities and content. Patches for these vulnerabilities were released with updates rolled out in April, and Yahoo has now disclosed the details. READ MORE...

On This Date

  • ...in 1803, Congress ratifies the purchase of the entire Louisiana area in North America, adding territory to the U.S. which will eventually become 13 more states.
  • ...in 1914, the University of Cincinnati adopts its mascot, the Bearcat, inspired by a nickname given to star UC fullback Leonard Baehr.
  • ...in 1941, After 14 years of work, the Mount Rushmore National Memorial is completed.
  • ...in 1998, Iraq announces it will no longer cooperate with United Nations weapons inspectors.