<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 11/10/2022

SHARE

Breaches

Having refused to pay ransom, health insurer Medibank sees customer data posted online by hackers

A ransomware gang has begun to publish data on the dark web stolen from Australia's largest health insurer Medibank. The leaking of Mediabank's client data comes shortly after the company announced it would not pay a ransom to the extortionists. Curiously, the hackers have released details of insured customers, sorted into two files bearing the label "naughty-list" and "good-list." READ MORE...


Ransomware Gang Offers to Sell Files Stolen From Continental for $50 Million

A notorious ransomware group is offering to sell files allegedly stolen from German car parts giant Continental for $50 million. Continental reported in August that it had been targeted in a cyberattack that resulted in hackers accessing some of its systems. The company said at the time that the attack had been "averted" and that business activities were not affected. READ MORE...

Hacking

New hacking group uses custom 'Symatic' Cobalt Strike loaders

A previously unknown Chinese APT (advanced persistent threat) hacking group dubbed 'Earth Longzhi' targets organizations in East Asia, Southeast Asia, and Ukraine. The threat actors have been active since at least 2020, using custom versions of Cobalt Strike loaders to plant persistent backdoors on victims' systems. According to a new Trend Micro report, Earth Longzhi has similar techniques, tactics, and procedures as 'Earth Baku,' both considered subgroups of the state-backed hacking group APT41. READ MORE...

Software Updates

Emergency code execution patch from Apple - but not an 0-day

No sooner had we stopped to catch our breath after reviewing the latest 62 patches (or 64, depending on how you count) dropped by Microsoft on Patch Tuesday…than Apple's latest security bulletins landed in our inbox. This time there were just two reported fixes: for mobile devices running the latest iOS or iPadOS, and for Macs running the latest macOS incarnation, version 13, better known as Ventura. READ MORE...

Malware

New StrelaStealer malware steals your Outlook, Thunderbird accounts

A new information-stealing malware named 'StrelaStealer' is actively stealing email account credentials from Outlook and Thunderbird, two widely used email clients. This behavior deviates from most info-stealers, which attempt to steal data from various data sources, including browsers, cryptocurrency wallet apps, cloud gaming apps, the clipboard, etc. The previously unknown malware was discovered by analysts at DCSO CyTec. READ MORE...


Malicious Python Package Relies on Steganography

Check Point Research has detected a malicious open source code package that uses steganography to hide malicious code inside image files. The malicious package was available on PyPI, a package index widely used by Python developers. After being notified of it, PyPI's maintainers have removed the malicious package. The malicious package, apicolor, looks like one of many development packages available on PyPI. READ MORE...

Exploits/Vulnerabilities

Lenovo driver goof poses security risk for users of 25 notebook models

More than two dozen Lenovo notebook models are vulnerable to malicious hacks that disable the UEFI secure-boot process and then run unsigned UEFI apps or load bootloaders that permanently backdoor a device, researchers warned on Wednesday. At the same time that researchers from security firm ESET disclosed the vulnerabilities, the notebook maker released security updates for 25 models, including ThinkPads, Yoga Slims, and IdeaPads. READ MORE...


Analysis of Russian Cyberspy Attacks Leads to Discovery of Windows Vulnerability

An analysis of the numerous LDAP queries that Russian cyberespionage group APT29 had made to the Active Directory system has led to the discovery of a vulnerability in Windows' 'credential roaming' functionality. Also referred to as Cozy Bear, the Dukes, and Yttrium, APT29 is a Russian cyberespionage group likely sponsored by the Russian Foreign Intelligence Service (SVR). READ MORE...

On This Date

  • ...in 1891, Carl Stalling, the composer and arranger for hundreds of "Looney Tunes" and "Merrie Melodies" cartoons, is born in Lexington, MO.
  • ...in 1928, film composer Ennio Morricone ("A Fistful of Dollars", "Cinema Paradiso") is born in Rome, Italy.
  • ...in 1969, "Sesame Street" made its debut on the National Education Television network, the precursor to PBS.
  • ...in 1983, Microsoft introduces Windows 1.0.