IT Security Newsletter

IT Security Newsletter - 11/25/2024

Written by Cadre | Mon, Nov 25, 2024

Hackers breach US firm over Wi-Fi from Russia in 'Nearest Neighbor Attack'

Russian state hackers APT28 (Fancy Bear/Forest Blizzard/Sofacy) breached a U.S. company through its enterprise WiFi network while being thousands of miles away, by leveraging a novel technique called "nearest neighbor attack." The threat actor pivoted to the target after first compromising an organization in a nearby building within the WiFi range. The attack was discovered on February 4, 2022, when cybersecurity company Volexity detected a server compromise at a customer site in Washington, DC. READ MORE...

Cyberattack Disrupts Systems of Gambling Giant IGT

Gambling and lottery giant International Game Technology (IGT) has taken certain systems offline after falling victim to a cyberattack over the weekend. The incident, the company says, was discovered on November 17, and has disrupted certain parts of its internal IT network. "An unauthorized third party gained access to certain of its systems, and the company has experienced disruptions in portions of its internal information technology systems," IGT said. READ MORE...

Microlise Confirms Data Breach as Ransomware Group Steps Forward

UK-based vehicle tracking solutions provider Microlise confirmed last week that data was stolen from its systems during an October cyberattack. Disclosed on October 31, the incident resulted in a large portion of Microlise's network being disrupted, which impacted tracking systems and panic alarms in the prison vans and courier vehicles of at least two operators, namely DHL and Serco. READ MORE...

Yakuza Victim Data Leaked in Japanese Agency Attack

Japan's web of ruthless Yakuza organized crime syndicates continues to operate, threatening the country's citizens with everything from extortion to gangland murders. Local agencies within communities are set up to help those who get involved with gangsters - but unfortunately, one of them has been hacked, potentially leading to physical safety consequences for the victims. A center in Kumamoto Prefecture said that 2,500 people who have used its counseling services have been impacted. READ MORE...

Faux ChatGPT, Claude API Packages Deliver JarkaStealer

Two Python packages claiming to integrate with popular chatbots actually transmit an infostealer to potentially thousands of victims. Publishing open source packages with malware hidden inside is a popular way to infect application developers, and the organizations they work for or serve as customers. In this latest case, the targets were engineers eager to make the most out of OpenAI's ChatGPT and Anthrophic's Claude generative artificial intelligence (GenAI) platforms. READ MORE...

Spotify, Audible, and Amazon used to push dodgy forex trading sites and more

Spotify and Amazon services have been flooded with bogus listings that push dubious "forex trading" sites, Telegram channels, and suspicious links claiming to offer pirated software according to our friends over at BleepingComputer. Cybercriminals are abusing the options to inject keywords and links into playlist names to make their entries rank high in Google search results. READ MORE...

1,000s of Palo Alto Networks firewalls hijacked as miscreants exploit critical hole

Thousands of Palo Alto Networks firewalls were compromised by attackers exploiting two recently patched security bugs. The intruders were able to deploy web-accessible backdoors to remotely control the equipment as well as cryptocurrency miners and other malware. Roughly 2,000 devices had been hijacked as of Wednesday - a day after Palo Alto Networks pushed a patch for the holes - according to Shadowserver and Onyphe. READ MORE...

Hackers abuse Avast anti-rootkit driver to disable defenses

A new malicious campaign is using a legitimate but old and vulnerable Avast Anti-Rootkit driver to evade detection and take control of the target system by disabling security components. The malware that drops the driver is a variant of an AV Killer of no particular family. It comes with a hardcoded list of 142 names for security processes from various vendors. Since the driver can operate at kernel level, it provides access to critical parts of the operating system. READ MORE...

  • ...in 1914, New York Yankees great Joe DiMaggio, the owner of a still-unsurpassed 56-game hitting streak, is born in Martinez, CA.
  • ...in 1920, actor Ricardo Montalban, best known as the villain Khan on "Star Trek" and Mr. Roarke on "Fantasy Island", is born in Mexico City.
  • ...in 1952, Agatha Christie's mystery play "The Mousetrap" opens in London's West End. It ran continuously for over 68 years, and is the longest-running play in theatrical history.
  • ...in 1963, President John F. Kennedy is buried at Arlington National Cemetery.