<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 11/1/2023

SHARE

Top News

SEC sues SolarWinds and CISO, says they ignored flaws that led to major hack

The US Securities and Exchange Commission sued SolarWinds Corp. and Chief Information Security Officer Timothy Brown yesterday, alleging that they concealed security failures that led to a nearly two-yearlong cyberattack known as "Sunburst." The attack, reportedly carried out by Russian hackers, inserted malicious code into SolarWinds network-management software used by thousands of customers, including US government agencies and private companies. READ MORE...


India's biggest data breach? Hacking gang claims to have stolen 815 million people's personal information

The personal information of more than 815 million people in India has reportedly been leaked online. According to local media reports, hackers have offered for sale the personally identifiable information (PII) - including that found on Aadhaar identity cards - belonging to hundreds of millions of Indian residents. A threat actor calling themselves "pwn0001" posted on the Breach Forums black hat hacking site said that they had the records of 815 million people available. READ MORE...

Breaches

Ace holed: Hardware store empire felled by cyberattack

Ace Hardware appears to have been the latest organization to succumb to a cyberattack, judging by its website and a message from CEO John Venhuizen. The site today warns that the retailer-owned cooperative is unable to process online orders. A memo from Venhuizen indicates the problem is serious. In a note sent to Ace retailers this week, Venhuizen said: "On Sunday morning, we detected a cybersecurity incident that is impacting the majority of our IT systems. READ MORE...


British Library knocked offline by weekend cyberattack

The British Library has been hit by a major IT outage affecting its website and many of its services following a "cyber incident" that impacted its systems on Saturday, October 28. The ongoing outage also affects other services, including our phone lines and onsite library services in London and Yorkshire. The British Library's facilities, including Reading Rooms for personal study, are still operational, and collection items requested on or before October 26 are accessible onsite. READ MORE...

Hacking

Now Russians accused of pwning JFK taxi system to sell top spots to cabbies

For a period of two years between September 2019 and September 2021, two Americans and two Russians allegedly compromising the taxi dispatch system at John F. Kennedy International Airport in New York to sell cabbies a place at the front of the dispatch line. The two Russian nationals, Aleksandr Derebenetc and Kirill Shipulin, were indicted by a grand jury for conspiring to commit computer intrusions, the US Justice Department said on Tuesday. They remain at large. READ MORE...


'Prolific Puma' Hacker Gives Cybercriminals Access to .us Domains

A thriving link-shortening service is providing cyberattackers and scammers with top-level .us domains, helping them make their phishing campaigns just a bit less detectable. In a report published this week, researchers from Infoblox named the threat actor behind the operation "Prolific Puma." In the past 18 months, Prolific Puma has generated as many as 75,000 unique domain names, often circumventing regulations to provide seedy criminals with URLs that end in a .us. READ MORE...

Malware

Avast confirms it tagged Google app as malware on Android phones

Czech cybersecurity company Avast confirmed that its antivirus SDK has been flagging a Google Android app as malware on Huawei, Vivo, and Honor smartphones since Saturday. On affected devices, users were warned to immediately uninstall the Google app because it could secretly send SMS messages, download and install other apps, or steal their sensitive information. Others saw a different alert, telling them that the Google app was a trojan that could provide remote access to their device. READ MORE...


Malware 'Meal Kits' Serve Up No-Fuss RAT Attacks

A rise in the availability of malware "meal kits" for less than $100 is fueling a surge in campaigns using remote access Trojans (RATs), which are often embedded in seemingly legitimate Excel and PowerPoint files attached to emails. That's according to HP Wolf Security, which published its "Q3 2023 Threat Insights Report" today, observing a significant spike in Excel files with DLLs infected with the Parallax RAT. READ MORE...

Information Security

Global cybersecurity workforce grows, but still confronts shortfall of 4M people

The global cybersecurity workforce grew 8.7% to reach 5.5 million people in 2023, the highest number on record, according to the 2023 ISC2 Global Workforce Study. However, the industry still confronts a record gap of 4 million industry professionals - a total of 9.5 million qualified workers are necessary to adequately safeguard the world's digital assets, according to the report. READ MORE...

On This Date

  • ...in 1512, Michelangelo's ceiling of the Sistine Chapel is exhibited to the public for the first time.
  • ...in 1870, the National Weather Service (then called the Weather Bureau) issues its first meteorological forecast.
  • ...in 1963, the Arecibo Observatory in Puerto Rico is opened. Before being decommissioned in 2020, it was the home of the world's largest radio telescope.
  • ...in 1982, Honda becomes the first Asian automobile company to manufacture cars in the United States, with the opening of its Marysville, OH factory.