<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 11/22/2022



California County Says Personal Information Compromised in Data Breach

The County of Tehama, California, has started informing employees, recipients of services, and affiliates that their personal information might have been compromised in a data breach. The incident, Tehama County says, was identified on April 9, but the investigation into the matter stretched to August 19, when it was determined that personally identifiable information (PII) was compromised. READ MORE...


Hackers steal $300,000 in DraftKings credential stuffing attack

Sports betting company DraftKings said today that it would make whole customers affected by a credential stuffing attack that led to losses of up to $300,000. The statement follows an early Monday morning tweet saying that DraftKings was investigating reports [1, 2, 3, 4] of customers experiencing issues with their accounts. The common denominator for all accounts that got hijacked seems to be an initial $5 deposit followed by the attackers withdrawing as much as possible from the victims' linked bank accounts. READ MORE...

Luna Moth's Novel, Malware-Free Extortion Campaign Takes Flight

Researchers have spotted a threat actor that has managed to extort hundreds of thousands of dollars over the last few months from mostly small and midsize businesses - without using any encryption tools or malware. Instead, the attacker - dubbed Luna Moth (aka the "Silent" ransomware group) has been using an array of legitimate tools and a technique dubbed "call-back phishing." The tactic is to steal sensitive data from victim organizations and use it as leverage to extort money from them. READ MORE...


US offshore oil and gas installation at 'increasing' risk of cyberattack

The US Government Accountability Office (GAO) has warned that the time to act on securing the US's offshore oil and natural gas installations is now because they are under "increasing" and "significant risk" of cyberattack. A report to Congress looked at a network of "more than 1,600 offshore oil and gas facilities," which the federal watchdog pointed out produce a "significant" amount of America's domestic oil and gas. READ MORE...

Software Updates

Microsoft Releases Out-of-Band Update After Security Patch Causes Kerberos Issues

Microsoft has released an out-of-band update after learning that a recent Windows security patch started causing Kerberos authentication issues. The Patch Tuesday updates released on November 8 addressed CVE-2022-37966, a privilege escalation vulnerability affecting Windows Server. This high-severity flaw can allow an attacker who can collect information about the targeted system to gain admin privileges. READ MORE...

Information Security

Two Estonians arrested for running $575M crypto Ponzi scheme

Two Estonian nationals were arrested in Estonia, on Sunday, after being indicted in the U.S. for running a massive cryptocurrency Ponzi scheme that led to more than $575 million in losses. The defendants, 37-year-olds Sergei Potapenko and Ivan Turõgin, are accused of defrauding hundreds of thousands of victims together with four other co-conspirators residing in Estonia, Belarus, and Switzerland between December 2013 and August 2019. READ MORE...

How social media scammers buy time to steal your 2FA codes

Phishing scams that try to trick you into putting your real password into a fake site have been around for decades. As regular Naked Security readers will know, precautions such as using a password manager and turning on two-factor authentication (2FA) can help to protect you against phishing mishaps, because: Password managers associate usernames and passwords with specific web pages. This makes it hard for password managers to betray you to bogus websites by mistake. READ MORE...

On This Date

  • ...in 1958, actress Jamie Lee Curtis ("Halloween", "A Fish Called Wanda") is born in Santa Monica, CA.
  • ...in 1965, actor Mads Mikkelsen ("Casino Royale", "Hannibal") is born in Copenhagen, Denmark.
  • ...in 1968, The Beatles release a self-titled double album, popularly known as "The White Album" for its minimal cover design.
  • ...in 1995, Disney releases the Pixar movie "Toy Story", the first full-length animated feature film made entirely with computer-generated imagery.