<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 11/27/2023

SHARE

Top News

UK, Korea Warn of DPRK Supply Chain Attacks Involving Zero-Day Flaws

The UK National Cyber Security Centre (NCSC) and Korea's National Intelligence Service (NIS) have issued a fresh warning on Democratic People's Republic of Korea (DPRK) state-sponsored hackers targeting government, financial, and defense organizations via software supply chain attacks. As part of the observed supply chain attacks, the DPRK threat actors employed zero-day and n-day vulnerabilities, and exploited multiple flaws in series "to precisely attack a specific target", NCSC and NIS note in the alert. READ MORE...


Shadowy hacking group targeting Israel shows outsized capabilities

A hacking campaign displaying what researchers say is some of the most advanced publicly known tradecraft targeting Israel in recent years is showing signs of active development and evolution, a troubling development that has so far blended into the noise of near constant cyber operations targeting Israel. There's been no shortage of cyberattacks of varying severity targeting Israeli institutions, but the tradecraft and capabilities displayed by the so-far unattributed group is far more sophisticated. READ MORE...

Breaches

Welltok data breach exposes data of 8.5 million US patients

Healthcare SaaS provider Welltok is warning that a data breach exposed the personal data of nearly 8.5 million patients in the U.S. after a file transfer program used by the company was hacked in a data theft attack. Welltok works with health service providers across the U.S., maintaining online wellness programs, holding databases with personal patient data, generating predictive analytics, and supporting healthcare needs like medication adherence and pandemic response. READ MORE...


General Electric investigates claims of cyber attack, data theft

General Electric is investigating claims that a threat actor breached the company's development environment in a cyberattack and leaked allegedly stolen data. General Electric (GE) is an American multinational company with divisions in power, renewable energy, and aerospace industries. Earlier this month, a threat actor named IntelBroker attempted to sell access to General Electric's "development and software pipelines" for $500 on a hacking forum. READ MORE...

Hacking

Hackers Hijack Industrial Control System at US Water Utility

The Municipal Water Authority of Aliquippa in Pennsylvania has confirmed that hackers took control of a system associated with a booster station over the weekend, but said there was no risk to the water supply. The company provides water and sewer services to more than 6,600 customers in Aliquippa and portions of Hopewell, Raccoon and Potter Townships. The compromised system is associated with a booster station that monitors and regulates water pressure for Raccoon and Potter Townships. READ MORE...


BlackCat claims it is behind Fidelity National Financial ransomware shakedown

Fortune 500 insurance biz Fidelity National Financial (FNF) has confirmed that it has fallen victim to a "cybersecurity incident." The announcement came in the form of an 8-K filing with the Securities and Exchange Commission (SEC) on Tuesday, saying it had been forced to shut down a number of systems, disrupting various areas of the business. FNF recorded more than $11 billion in total revenue in 2022 and is one of the largest underwriters to the real estate and mortgage industries in the US. READ MORE...


Leader of pro-Russia DDoS crew Killnet 'unmasked' by Russian state media

Cybercriminals working out of Russia go to great lengths to conceal their real identities, and you won't ever find the state trying to unmask them either - as long as they keep supplying the attacks on Axis nations. It's the reason why we found it so amusing that of all the ways the identity of an organized cybercrime gang leader could be revealed, it was Russian state media that may have recently outed someone of note. READ MORE...

Information Security

Your voice is my password

The recent theft of my voice brought me to a new fork in the road in terms of how AI already has the potential of causing social disruption. I was so taken aback by the quality of the cloned voice (and in that extremely clever, yet comedic, style by one of my colleagues) that I decided to use the same software for "nefarious" purposes and see how far I could go in order to steal from a small business - with permission, of course! Spoiler alert: it was surprisingly easy to carry out and took hardly any time at all. READ MORE...

Exploits/Vulnerabilities

CitrixBleed worries mount as nation state, criminal groups launch exploits

Criminal threat groups and nation-state actors are exploiting a critical vulnerability in Citrix Netscaler ADC and Netscaler Gateway to launch attacks, the Cybersecurity and Infrastructure Security Agency and FBI warned on Tuesday. Affiliates of LockBit 3.0 exploited the vulnerability - dubbed CitrixBleed by researchers - to gain access into Boeing's parts and distribution unit and exfiltrate data, as part of a suspected ransomware attack, according to federal authorities. READ MORE...


Windows Hello fingerprint authentication can be bypassed on popular laptops

Researchers have found several weaknesses in Windows Hello fingerprint authentication on Dell Inspiron 15, Lenovo ThinkPad T14, and Microsoft Surface Pro X laptops. Microsoft's Offensive Research and Security Engineering (MORSE) asked the researchers to evaluate the security of the top three fingerprint sensors embedded in laptops. They found vulnerabilities that allowed them to completely bypass Windows Hello authentication on all three. READ MORE...


Thousands of routers and cameras vulnerable to new 0-day attacks by hostile botnet

Miscreants are actively exploiting two new zero-day vulnerabilities to wrangle routers and video recorders into a hostile botnet used in distributed denial-of-service attacks, researchers from networking firm Akamai said Thursday. Both of the vulnerabilities, which were previously unknown to their manufacturers and to the security research community at large, allow for the remote execution of malicious code when the affected devices use default administrative credentials, according to an Akamai post. READ MORE...

On This Date

  • ...in 1896, Richard Strauss's composition "Also sprach Zarathustra" (best known from "2001: A Space Odyssey") is first performed in Frankfurt.
  • ...in 1924, the first ever Macy's Thanksgiving Parade is held in New York City.
  • ...in 1940, actor and martial artist Bruce Lee ("Enter the Dragon", "The Green Hornet") is born in San Francisco.
  • ...in 1942, psychedelic rock musician and guitar legend Jimi Hendrix ("Hey Joe", "Purple Haze") is born in Seattle.