<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 11/13/2023

SHARE

Breaches

For Maine, the MOVEit attack is personal

Maine disclosed one of the most extensive U.S. state-affiliated MOVEit breaches to date, one that's representative of a compromise of its entire population. "Maine has determined that this incident has impacted approximately 1.3 million individuals, with the type of data affected differing from person to person," the state said Thursday. Maine's estimated population was 1,385,000 as of July 2022, according to the U.S. Census Bureau. READ MORE...


Operations at Major Australian Ports Significantly Disrupted by Cyberattack

DP World, Australia's largest container terminal and supply chain operator, has been hit by a cyberattack that resulted in significant disruptions at several major Australian ports. In response to the attack, DP World disconnected its systems from the internet and shut down land operations at ports in Sydney, Melbourne, Fremantle and Brisbane. Ships could still unload their containers, but the incident has prevented freight from leaving the port. READ MORE...

Hacking

Ransomware Group Leaks Files Allegedly Stolen From Boeing

The notorious LockBit ransomware group has leaked gigabytes of files allegedly stolen from the systems of aerospace giant Boeing. LockBit recently named Boeing on its leak website, claiming that "a tremendous amount of sensitive data" has been stolen, but later removed the company from its site, saying that negotiations had started. Boeing was later once again added to the LockBit website and data allegedly stolen from its systems has now been leaked, indicating that the company has refused to pay a ransom. READ MORE...


Hackers breach healthcare orgs via ScreenConnect remote access

Security researchers are warning that hackers are targeting multiple healthcare organizations in the U.S. by abusing the ScreenConnect remote access tool. Threat actors are leveraging local ScreenConnect instances used by Transaction Data Systems (TDS), a pharmacy supply chain and management systems solution provider present in all 50 states. Researchers at managed security platform Huntress spotted the attacks and report seeing them on endpoints from two distinct healthcare organizations. READ MORE...

Information Security

It's Still Easy for Anyone to Become You at Experian

In the summer of 2022, KrebsOnSecurity documented the plight of several readers who had their accounts at big-three consumer credit reporting bureau Experian hijacked after identity thieves simply re-registered the accounts using a different email address. Sixteen months later, Experian clearly has not addressed this gaping lack of security. I know that because my account at Experian was recently hacked, and the only way I could recover access was by recreating the account. READ MORE...

Exploits/Vulnerabilities

In a first, cryptographic keys protecting SSH connections stolen in new attack

For the first time, researchers have demonstrated that a large portion of cryptographic keys used to protect data in computer-to-server SSH traffic are vulnerable to complete compromise when naturally occurring computational errors occur while the connection is being established. Underscoring the importance of their discovery, the researchers used their findings to calculate the private portion of almost 200 unique SSH keys they observed in public Internet scans taken over the past seven years. READ MORE...


'CitrixBleed' Linked to Ransomware Hit on China's State-Owned Bank

The disruptive ransomware attack on the world's largest bank this week, the PRC's Industrial and Commercial Bank of China (ICBC), may be tied to a critical vulnerability that Citrix disclosed in its NetScaler technology last month. The situation highlights why organizations need to immediately patch against the threat if they haven't done so already. The so-called "CitrixBleed" vulnerability affects multiple on-premises versions of Citrix NetScaler ADC and NetScaler Gateway application delivery platforms. READ MORE...

On This Date

  • ...in 1850, author Robert Louis Stevenson ("Treasure Island", "Strange Case of Dr Jekyll and Mr Hyde") is born in Edinburgh, Scotland.
  • ...in 1934, TV and film producer and director Garry Marshall ("Happy Days", "Pretty Woman") is born in the Bronx, NYC.
  • ...in 1940, Disney's animated tribute to classical music "Fantasia" is released.
  • ...in 1982, the Vietnam Veterans Memorial wall is dedicated in Washington, D.C.