<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 11/20/2023

SHARE

Top News

Scattered Spider Casino Hackers Evade Arrest in Plain Sight

Threat intelligence analysts, incident responders, and federal law enforcement alike all seem to know all about the threat group with an array of monikers - The Com, Scattered Spider, Muddled Libra, UNC3944, Starfraud, and Octo Tempest, among others. So why is the group (which was behind the MGM Resorts and Caesars Entertainment hacks) still successfully attacking US organizations with impunity, with no disruptions to date? READ MORE...

Breaches

Stanley Steemer hack breached data of almost 67K customers

Stanley Steemer International was the target of an external hack that impacted almost 67,000 customers, according to a consumer breach notification posted Wednesday with the Maine Attorney General's office. The Dublin, Ohio-based carpet cleaning company said it originally detected suspicious activity on March 6. After an initial investigation, the company determined the attackers gained access to its systems starting Feb. 10 and acquired certain records after lingering inside the company's network. READ MORE...


Yamaha Motor Confirms Data Breach Following Ransomware Attack

The personal information of employees was stolen in a ransomware attack targeting a Philippines subsidiary of Yamaha Motor. The incident, the Japanese mobility and industrial giant says, occurred on October 25, and only impacted one server managed by Yamaha Motor Philippines, the company's motorcycle manufacturing and sales subsidiary in the country. The server, Yamaha Motor says, "was accessed without authorization by a third party and hit by a ransomware attack." READ MORE...

Hacking

US Teen Pleads Guilty to Credential Stuffing Attack on Fantasy Sports Website

Wisconsin teenager Joseph Garrison has pleaded guilty to his involvement in a scheme to access user accounts at a fantasy sports and betting website. According to court documents, on November 18, 2022, Garrison launched a credential stuffing attack against the betting site, obtaining access to approximately 60,000 user accounts. The defendant and others then stole about $600,000 from approximately 1,600 victim accounts. READ MORE...


Rhysida ransomware gang: We attacked the British Library

The Rhysida ransomware group says it's behind the highly disruptive October cyberattack on the British Library, leaking a snippet of stolen data in the process. A low-res image shared to its leak site appears to show a handful of passport scans, along with other documents, some of which display the format of HMRC employment documents. Rhysida started an auction for the stolen data with a deadline for bids ending just before 0800 UTC on November 27. READ MORE...

Malware

Lumma Stealer malware now uses trigonometry to evade detection

The Lumma information-stealing malware is now using an interesting tactic to evade detection by security software - the measuring of mouse movements using trigonometry to determine if the malware is running on a real machine or an antivirus sandbox. Lumma (or LummaC2) is a malware-as-a-service information stealer rented to cybercriminals for a subscription between $250 and $1,000. READ MORE...

Information Security

Morgan Stanley Fined $6.5 Million for Exposing Customer Information

Morgan Stanley has agreed to a $6.5 million settlement over insecurely disposing of hardware containing unencrypted personal information. Through negligent internal data security practices, the multinational investment bank and financial services company potentially exposed the personal information of millions of customers, the Florida Attorney General's Office says. An investigation into the company uncovered that it did not properly erase unencrypted personal information stored on devices. READ MORE...

Exploits/Vulnerabilities

Russian hackers use Ngrok feature and WinRAR exploit to attack embassies

After Sandworm and APT28 (known as Fancy Bear), another state-sponsored Russian hacker group, APT29, is leveraging the CVE-2023-38831 vulnerability in WinRAR for cyberattacks. APT29 is tracked under different names (UNC3524,/NobleBaron/Dark Halo/NOBELIUM/Cozy Bear/CozyDuke, SolarStorm) and has been targeting embassy entities with a BMW car sale lure. The CVE-2023-38831 security flaw affects WinRAR versions before 6.23. READ MORE...

On This Date

  • ...in 1900, cartoonist Chester Gould, creator of the long-running "Dick Tracy" comic strip, is born in Pawnee, OK.
  • ...in 1924, scientist/mathematician Benoit Mandelbrot, known for his work with fractal geometry, is born in Warsaw, Poland.
  • ...in 1945, the Nuremberg trials concerning Nazi war crimes during WWII begin in Germany.
  • ...in 1963, actress Ming-Na Wen ("Mulan", "ER", "Agents of S.H.I.E.L.D.") is born in Coloane, Macau.