IT Security Newsletter - 12/21/2023
ESO Solutions Data Breach Impacts 2.7 Million Individuals
ESO Solutions has started notifying 2.7 million individuals that their personal and health information was compromised in a ransomware attack. The incident occurred on September 28 and forced the company, a data and software provider for emergency responders, hospitals, and state and federal agencies, to take systems offline to contain it. The attackers, the company says in an incident notice on its website, accessed and encrypted some of its internal systems. READ MORE...
86% of cyberattacks are delivered over encrypted channels
For the second year in a row, manufacturing was the industry most commonly targeted, with education and government organizations seeing the highest year-over-year increase in attacks. Additionally, malware, which includes malicious web content and malware payloads, continued to dominate over other types of encrypted attacks, with ad spyware sites and cross-site scripting accounting for 78% of all blocked attacks. READ MORE...
Ivanti Patches Dozen Critical Vulnerabilities in Avalanche MDM Product
Ivanti is informing customers about 20 vulnerabilities patched in its Avalanche enterprise mobile device management (MDM) product, including over a dozen flaws that have a 'critical' severity rating. Avalanche is used by many organizations to manage their mobile devices, ensuring that they are secure, accessible and available. The product can be used to manage a wide range of devices, from warehouse scanners to tablets on the retail floor. READ MORE...
Notorious ransomware group tussles with law enforcement, regenerates after takedown
AlphV re-emerged within hours of a law enforcement takedown of its infrastructure on Tuesday, claiming it had "unseized" its data leak site, according to threat researchers' dark web observations. The prolific ransomware group named a new victim organization and updated a post on a previously claimed victim since the FBI and international law enforcement agencies announced the takedown, according to Dark Web Informer. READ MORE...
Something nasty injected login-stealing JavaScript into 50K online banking sessions
IBM Security has dissected some JavaScript code that was injected into people's online banking pages to steal their login credentials, saying 50,000 user sessions with more than 40 banks worldwide were compromised by the malicious software in 2023. Judging by the evidence to hand, it appears the Windows malware DanaBot, or something related or connected to it, infects victims' PCs - typically from spam emails and other means - and then waits for the user to visit their bank website. READ MORE...
Android malware Chameleon disables Fingerprint Unlock to steal PINs
The Chameleon Android banking trojan has re-emerged with a new version that uses a tricky technique to take over devices - disable fingerprint and face unlock to steal device PINs. It does this by using an HTML page trick to acquire access to the Accessibility service and a method to disrupt biometric operations to steal PINs and unlock the device at will. Earlier versions of Chameleon spotted in April this year impersonated Australian government agencies, banks, and cryptocurrency exchanges. READ MORE...
As Namibians Rush to Register SIMs, Major Telco Hoards Biometric Data
This December, citizens of Namibia are faced with a catch-22. In 10 days, more than half of the population of Namibia may lose phone service. As a price for keeping it, the other half has handed over sensitive biometric data to the country's premier telco. The messy story begins with the best of intentions, back around the turn of 2022-2023. In an effort to combat mobile fraud and identity theft, the Namibian government began a yearlong push for all citizens to register their SIM cards. READ MORE...
Four in five Apache Struts 2 downloads are for versions featuring critical flaw
Security vendor Sonatype believes developers are failing to address the critical remote code execution (RCE) vulnerability in the Apache Struts 2 framework, based on recent downloads of the code. The vulnerability, tracked as CVE-2023-50164, is rated 9.8 out of 10 in terms of CVSS severity. It is a logic bug in the framework's file upload feature: if an application uses Struts 2 to allow users to upload files to a server, those folks can abuse the vulnerability. READ MORE...
New phishing attack steals your Instagram backup codes to bypass 2FA
A new phishing campaign pretending to be a 'copyright infringement' email attempts to steal the backup codes of Instagram users, allowing hackers to bypass the two-factor authentication configured on the account. Two-factor authentication is a security feature that requires users to enter an additional form of verification when logging into the account. This verification is usually in the form of one-time passcodes sent via SMS text message or codes from an authentication app. READ MORE...
- ...in 1935, TV talk show host and producer Phil Donahue is born in Cleveland, OH.
- ...in 1937, Disney's "Snow White and the Seven Dwarfs", the first-ever full-length animated feature, premieres in Los Angeles.
- ...in 1948, actor Samuel L. Jackson ("Pulp Fiction", "Unbreakable") is born in Washington, D.C.
- ...in 1968, the Apollo 8 mission launches from Cape Canaveral. It will be the first time that a human-crewed craft reaches the Moon and achieves lunar orbit.