IT Security Newsletter

IT Security Newsletter - 10/5/2022

Written by Cadre | Wed, Oct 5, 2022

Hackers maintained deep access inside military organization's network, U.S. officials reveal

U.S. cybersecurity, law enforcement and intelligence officials revealed on Tuesday that sophisticated hackers infiltrated a likely U.S. military contractor and maintained "persistent, long-term" access to their system. The National Security Agency, the Cybersecurity and Infrastructure Security Agency and the FBI released a detailed, joint advisory containing the notification. READ MORE...

Aussie Telco Telstra Breached, Reportedly Exposing 30,000 Employees' Data

Telstra, Australia's largest telecom carrier, reported this week that it was the victim of a data breach - just two weeks after its rival telco Optus reported a cyberattack of its own. According to a Reuters report, Telstra is downplaying the incident, calling it a "small data breach," adding about 30,000 current and former employees dating back to 2017 were compromised. In comparison, Optus suffered a breach of its live database of nearly 10 million customers. READ MORE...

Seattle Woman Gets Probation for Massive Capital One Hack

A former Seattle tech worker convicted of several charges related to a massive hack of Capital One bank and other companies in 2019 was sentenced Tuesday to time served and five years of probation. U.S. District Judge Robert S. Lasnik said sentencing former Amazon software engineer Paige Thompson to time in prison would have been particularly difficult on her "because of her mental health and transgender status," the Department of Justice said in a statement. READ MORE...

Canadian NetWalker Ransomware Affiliate Gets 20-Year Prison Sentence in US

A former Canadian government employee was sentenced to prison in the United States this week for his role in NetWalker ransomware attacks. The man, Sebastien Vachon-Desjardins, 35, of Gatineau, Quebec, pleaded guilty in June 2022 to participating in the ransomware scheme. Initially spotted in 2019, NetWalker was being offered under the ransomware-as-a-service (RaaS) business model and has been used in attacks against tens of organizations worldwide. READ MORE...

New Android malware 'RatMilad' can steal your data, record audio

A new Android spyware named 'RatMilad' was discovered targeting mobile devices in the Middle East, used to spy on victims and steal data. The RatMilad spyware was discovered by mobile security firm Zimperium who warned that the malware could be used for cyber espionage, extortion, or to eavesdrop on victim's conversations. The spyware is distributed through a fake virtual number generator used for activating social media accounts called "NumRent." READ MORE...

Modified version of Tor Browser spies on Chinese users

Cybersecurity biz Kaspersky has spotted a modified version of the Tor Browser it says collects sensitive data on Chinese users. The data collected by the browser itself includes internet history and data entered into website forms, said the threat hunter. More spyware was hidden in an accompanying library that collected further data, including computer name and location, user name, and MAC addresses of network adapters, before sending it to a command and control server. READ MORE...

CISA orders federal agencies to regularly perform IT asset discovery, vulnerability enumeration

A new directive issued by the Cybersecurity and Infrastructure Security Agency (CISA) is ordering US federal civilian agencies to perform regular asset discovery and vulnerability enumeration, to better account for and protect the devices that reside on their networks. "Over the past several years, CISA has been working urgently to gain greater visibility into risks facing federal civilian networks, a gap made clear by the intrusion campaign targeting SolarWinds devices," the agency explained. READ MORE...

TikTok's "secret operation" tracks you even if you don't use it

Consumer Reports (CR), a US-based nonprofit consumer organization, has revealed that TikTok gathers data on people who don't even use the app itself. If this sounds familiar, it's because it's happened before. Meta's near-omnipresence wherever you are online enabled it to gather data on users, even those who don't have Facebook accounts-thanks, in part, to the Facebook "Like" button, a piece of code embedded on most websites. READ MORE...

  • ...in 1921, The World Series is broadcast on radio for the first time.
  • ...in 1947, US President Harry S Truman delivers the first televised White House address.
  • ...in 1962, the first James Bond film, "Dr. No", starring Sean Connery is released in theaters.
  • ...in 1969, "Monty Python's Flying Circus" debuts on BBC One.