<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 12/28/2022

SHARE

Breaches

After LastPass hack, only its master passwords remain uncompromised

LastPass on Thursday conceded customer data is significantly compromised as fallout grows from a previously disclosed breach in August. An unknown threat actor accessed and copied a cloud-based backup of customer vault data, including encrypted passwords, usernames and form-filled data, CEO Karim Toubba said in a blog post. The master password is not stored or maintained by LastPass, according to Toubba. READ MORE...


Ransomware attack at Louisiana hospital impacts 270,000 patients

The Lake Charles Memorial Health System (LCMHS) is sending out notices of a data breach affecting thousands of people who have received care at one of its medical centers. LCMHS is the largest medical complex in Lake Charles, Louisiana, comprising a 314-bed hospital, a 54-bed women's hospital, a 42-bed behavioral health hospital, and a primary care clinic for uninsured citizens. READ MORE...


BTC[.]com lost $3 million worth of cryptocurrency in cyberattack

BTC[.]com, one of the world's largest cryptocurrency mining pools, announced it was the victim of a cyberattack that resulted in the theft of approximately $3 million worth of crypto assets belonging to both customers and the company. According to its mining pool tracker, BTC[.]com is the seventh largest cryptocurrency mining pool, with 2.66% of the network's total hashrate. READ MORE...

Hacking

Hackers steal $8 million from users running trojanized BitKeep apps

Multiple BitKeep crypto wallet users reported that their wallets were emptied during Christmas after hackers triggered transactions that didn't require verification. BitKeep is a decentralized multi-chain web3 DeFi wallet supporting over 30 blockchains, 76 mainnets, 20,000 decentralized applications, and more than 223,000 assets. It's used by over eight million people in 168 countries for asset management and transaction handling. READ MORE...


North Korean Hackers Created 70 Fake Bank, Venture Capital Firm Domains

North Korea's BlueNoroff hackers have updated their arsenal and delivery techniques in a new wave of attacks targeting banks and venture capital firms, cybersecurity firm Kaspersky reports. Part of Lazarus, a hacking group linked to the North Korean government, BlueNoroff is financially motivated and has been blamed for numerous cyberattacks targeting banks, cryptocurrency firms, and other financial institutions. READ MORE...

Trends

Reported phishing attacks have quintupled

The third quarter of 2022, APWG observed 1,270,883 total phishing attacks - is the worst quarter for phishing that APWG has ever observed. The total for August 2022 was 430,141 phishing sites, the highest monthly total ever reported to APWG. Over recent years, reported phishing attacks submitted to APWG have more than quintupled since the first quarter of 2020, when APWG observed 230,554 attacks. READ MORE...

Information Security

2022 in review: 10 of the year's biggest cyberattacks

The past year has seen the global economy lurch from one crisis to another. As COVID-19 finally began to recede in many regions, what replaced it has been rising energy bills, soaring inflation and a resulting cost-of-living crisis - some of it spurred by Russia's invasion of Ukraine. Ultimately, these developments have opened the door to new opportunities for financially-motivated and state-backed threat actors. READ MORE...

Exploits/Vulnerabilities

Critical "10-out-of-10" Linux kernel SMB hole - should you worry?

Just before the Christmas weekend - in fact, at about the same time that beleaguered password management service LastPass was admitting that, yes, your password vaults were stolen by criminals after all - we noticed a serious-sounding Linux kernel vulnerability that hit the news. The alerts came from Trend Micro's Zero Day Initiative (ZDI), probably best known for buying up zero-day security bugs via the popular Pwn2Own competitions. READ MORE...

On This Date

  • ...in 1895, German physicist Wilhelm Roentgen publishes a paper describing his discovery of a new type of radiation, which later will be known as x-rays.
  • ...in 1933, "Star Trek" actress and singer Nichelle Nichols (Lt. Uhura) is born in Robbins, IL.
  • ...in 1969, computer programmer and principal developer of the Linux kernel Linus Torvalds is born in Helsinki, Finland.
  • ...in 1973, the Endangered Species Act is signed into law by President Richard Nixon.