<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 11/6/2023

SHARE

Top News

Critical Atlassian Bug Exploit Now Available, Immediate Patching Needed

Proof of concept (PoC) exploit code for a critical vulnerability that Atlassian disclosed in its Confluence Data Center and Server technology has become publicly available, heightening the need for organizations using the collaboration platform to immediately apply the company's fix for it. ShadowServer, which monitors the Internet for malicious activity, on Nov. 3 reported that it observed attempts to exploit the Atlassian vulnerability from at least 36 unique IP addresses over the last 24 hours. READ MORE...


Okta hit by another breach, this one stealing employee data from 3rd-party vendor

Identity and authentication management provider Okta has been hit by another breach, this one against a third-party vendor that allowed hackers to steal personal information for 5,000 Okta employees. The compromise was carried out in late September against Rightway Healthcare, a service Okta uses to support employees and their dependents in finding health care providers and plan rates. An unidentified threat actor gained access to Rightway's network and made off with an eligibility census file. READ MORE...

Breaches

A Cyber Breach Delays Poll Worker Training in Mississippi's Largest County Before the Statewide Vote

Election officials in Mississippi's most populous county had to scramble to complete required poll worker training after an early September breach involving county computers. In Hinds County, such training is typically completed by early October before a November general election, according to Election Commissioner Shirley Varnado. Instead, office staff members worked right up to Thursday's deadline to finish the training after Varnado said they were unable to access their computers for about three weeks. READ MORE...


Medical research data from Advarra stolen after SIM swap

Clinical research company Advarra has reportedly been compromised after a SIM swap on one of their executives. SIM swapping, also known as SIM jacking, is the act of illegally taking over a target's cell phone number. This can be done in a number of ways, but one of the most common methods involves tricking the target's phone carrier into porting the phone number to a new SIM which is under the control of the attacker. READ MORE...


81K people's sensitive info feared stolen from Hilb after email inboxes ransacked

Hilb Group has warned more than 81,000 people that around the start of 2023 criminals broke into the work email accounts of its employees and may have stolen a bunch of sensitive personal information. The financial biz handles property, casualty, and employee benefits insurance and advisory services at more than 130 locations across 22 US states. The Hilb Group did not immediately respond to The Register's inquiries about the extent of the intrusion nor how the thieves were able to get at such personal info. READ MORE...

Hacking

American Airlines pilot union hit by ransomware attack

Allied Pilots Association (APA), a labor union representing 15,000 American Airlines pilots, disclosed a ransomware attack that hit its systems on Monday. The APA union was founded in 1963 and is currently the largest independent pilots' trade union in the world. "On October 30, we experienced a cybersecurity incident. Upon discovery of the incident, we immediately took steps to secure our network. Our IT team, with the support of outside experts, continues to work nonstop to restore our systems," the union said. READ MORE...


Ace Hardware Still Reeling From Weeklong Cyberattack

Ace Hardware has yet to recover many of its IT systems five days into a cyberattack that affected 196 servers and more than 1,000 network devices. Ace President and CEO John Venhuizen sent a letter to franchise owners on Monday morning, which was shared by a third-party contractor on Reddit. In it, Venhuizen explained that "many of our key operating systems, including ACENET, our Warehouse Management Systems, and the Care Center's phone system have been interrupted or suspended." READ MORE...

Information Security

US Sanctions Russian National for Helping Ransomware Groups Launder Money

The US Department of the Treasury's Office of Foreign Assets Control (OFAC) on Friday announced sanctions against Ekaterina Zhdanova, a Russian national allegedly involved in money laundering for ransomware affiliates and Russian elites. Zhdanova, the US Treasury says, uses virtual currency exchange transfers, fraudulent accounts and purchases, and connections to international money launderers to aid her clients in moving funds. READ MORE...


Who's Behind the SWAT USA Reshipping Service?

Last week, KrebsOnSecurity broke the news that one of the largest cybercrime services for laundering stolen merchandise was hacked recently, exposing its internal operations, finances and organizational structure. In today's Part II, we'll examine clues about the real-life identity of "Fearless," the nickname chosen by the proprietor of the SWAT USA Drops service. Based in Russia, SWAT USA recruits people in the United States to reship packages containing pricey electronics that are purchased with stolen credit cards. READ MORE...

Exploits/Vulnerabilities

Apache ActiveMQ vulnerability used in ransomware attacks

On the 27 October, the Apache Software Foundation (ASF) announced a very serious vulnerability in Apache ActiveMQ that can be used to achieve remote code execution (RCE). The Cybersecurity and Infrastructure Security Agency has now added this vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. This means that Federal Civilian Executive Branch (FCEB) agencies need to remediate this vulnerability by November 11, 2023. READ MORE...


QNAP warns of critical command injection flaws in QTS OS, apps

QNAP Systems published security advisories for two critical command injection vulnerabilities that impact multiple versions of the QTS operating system and applications on its network-attached storage (NAS) devices. The first flaw is being tracked as CVE-2023-23368 and has a critical severity rating of 9.8 out of 10. It is a command injection vulnerability that a remote attacker can exploit to execute commands via a network. READ MORE...

On This Date

  • ...in 1860, Abraham Lincoln is elected as the 16th president of the United States.
  • ...in 1917, Bolsheviks led by Vladimir Lenin launch a nearly bloodless coup d'État against Russia's ineffectual Provisional Government.
  • ...in 1947, "Meet the Press" debuts on the NBC. It continues to hold the record as the longest-running television program in history.
  • ...in 1958, comedian and puppeteer Trace Beaulieu, best known as the original voice of Crow T. Robot on "Mystery Science Theater 3000", is born in Minneapolis, MN.