<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 12/2/2024

SHARE

Top News

Interpol nabs thousands, seizes millions in global cybercrime-busting op

Interpol and its financial supporters in the South Korean government are back with another round of anti-cybercrime arrests via the fifth iteration of Operation HAECHI, this time nabbing more than 5,500 people suspected of scamming and seizing hundreds of millions in digital and fiat currencies. HAECHI V, an operation which ran from July to November of this year, was funded by South Korea but involved cooperation with law enforcement in 40 countries. READ MORE...


T-Mobile Shares More Information on China-Linked Cyberattack

T-Mobile on Wednesday shared additional information on a cyberattack believed to have been conducted by the China-linked threat group Salt Typhoon, but the telecoms firm reiterated that the attack was blocked. It came to light earlier this month that T-Mobile has also been targeted by the Chinese threat group Salt Typhoon in a major cyberespionage campaign targeting several telecommunications companies in the United States. READ MORE...

Breaches

Medical testing company LifeLabs failed to protect customer data, report finds

In 2019, a ransomware attack hit LifeLabs, a Canadian medical testing company. The ransomware encrypted the lab results of 15 million Canadians, and personally identifiable information (PII) of 8.6 million people was stolen. After noticing the attack, LifeLabs informed its customers and the Canadian privacy regulators, which immediately announced an investigation. The privacy commissioners of both British Columbia and Ontario finished writing a report about the incident in 2020. READ MORE...

Hacking

Russian Hacker With $10 Million Bounty on His Head Reportedly Arrested

Russian authorities have reportedly arrested Mikhail Pavlovich Matveev, a 32-year-old man from Russia who is wanted by the United States over his alleged role in ransomware attacks. Russian state-owned news agency RIA Novosti reported last week that local prosecutors had announced charges against a man accused of creating a malicious program, specifically one designed to encrypt the data of commercial organizations. READ MORE...

Malware

Bootkitty: Analyzing the first UEFI bootkit for Linux

Over the past few years, the UEFI threat landscape, particularly that of UEFI bootkits, has evolved significantly. It all started with the first UEFI bootkit proof of concept (PoC) described by Andrea Allievi in 2012, which served as a demonstration of deploying bootkits on modern UEFI-based Windows systems, and was followed with many other PoCs (EfiGuard, Boot Backdoor, UEFI-bootkit). It took several years until the first two real UEFI bootkits were discovered in the wild. READ MORE...


No company too small for Phobos ransomware gang, indictment reveals

The US Department of Justice has charged a Russian national named Evgenii Ptitsyn with selling, operating, and distributing a ransomware variant known as "Phobos" during a four-year cybercriminal campaign that extorted at least $16 million from victims across the world. The government's indictment against Ptitsyn should dispel any notion that ransomware gangs only target the largest, richest, most robust corporations on the planet. READ MORE...

Information Security

FBI, CISA warn of heightened risk of BEC attacks during holiday season

The FBI and Cybersecurity and Infrastructure Security Agency on Tuesday warned businesses to protect themselves against cybercriminals trying to fraudulently divert payments during the holiday season. Threat activity involving fraudulent third parties usually accelerates during the holiday season, the agencies said. Businesses need to be aware of emails from alleged vendors or retailers claiming to change their account numbers. READ MORE...

Exploits/Vulnerabilities

Zabbix urges upgrades after critical SQL injection bug disclosure

Open-source enterprise network and application monitoring provider Zabbix is warning customers of a new critical vulnerability that could lead to full system compromise. Open-source enterprise network and application monitoring provider Zabbix is warning customers of a new critical vulnerability that could lead to full system compromise. Zabbix said three product versions are affected and should be upgraded to the latest available. READ MORE...

On This Date

  • ...in 1823, President James Monroe proclaims American neutrality in future European conflicts, and warns Europe not to interfere in American affairs.
  • ...in 1902, The first working V-8 engine is patented in France by engineer Leon Levavasseur.
  • ...in 1942, physicist Enrico Fermi directs and controls the first nuclear chain reaction in his laboratory at the University of Chicago.
  • ...in 1968, actress and producer Lucy Liu ("Ally McBeal", "Kill Bill") is born in Queens, NY.