<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 12/5/2023

SHARE

Breaches

Payments processor Tipalti investigating ransomware attack

Accounts payable software vendor Tipalti said it's investigating a ransomware attack that prolific threat group AlphV claimed responsibility for on Saturday. "Over the past weekend, a ransomware group claimed that they allegedly gained access to confidential information belonging to Tipalti and its customers," Tipalti said in a Monday post on X, the social media site formerly known as Twitter. Tipalti did not respond to an inquiry for more information. READ MORE...


Hackers stole ancestry data of 6.9 million users, 23andMe finally confirmed

It has now been confirmed that an additional 6.9 million 23andMe users had ancestry data stolen after hackers accessed thousands of accounts by likely reusing previously leaked passwords. 23andMe previously disclosed in a Securities and Exchange Commission filing that 0.1 percent of users-approximately 14,000, TechCrunch estimated-had accounts accessed by hackers using compromised passwords. READ MORE...

Hacking

North Korean Hackers Have Stolen Over $3 Billion in Cryptocurrency: Report

North Korean threat actors are believed to have stolen more than $3 billion in cryptocurrency to date, according to a report from threat intelligence firm Recorded Future. Collectively tracked as the Lazarus Group, the North Korean hackers specialize in cryptocurrency-related intrusions, mainly relying on spear-phishing emails to trick victims into authorizing malicious scripts and downloading malware. READ MORE...


New Threat Actor 'AeroBlade' Targeted US Aerospace Firm in Espionage Campaign

Over the past year, a previously unknown threat actor has been observed launching cyberattacks against an aerospace organization in the United States, cybersecurity firm BlackBerry reports. Dubbed AeroBlade, the adversary first targeted the organization in September 2022, as part of a 'testing phase', and then again in July 2023, with updated tools. The two campaigns used lure documents named the same, delivered a reverse shell as the final payload, and used the same IP address for the command-and-control (C&C) server. READ MORE...

Software Updates

Two new versions of OpenZFS fix long-hidden corruption bug

The bug that was very occasionally corrupting data on file copies in OpenZFS 2.2.0 has been identified and fixed, and there's a fix for the previous OpenZFS release too. The OpenZFS development team have put out not one but two new releases of the open-source cross-platform filesystem for Linux and FreeBSD. Version 2.2.2 fixes the problem that showed up in the latest version, which is included in FreeBSD 14 as well as several Linux distros, including Ubuntu 23.10. READ MORE...

Malware

Russian hacker pleads guilty to Trickbot malware conspiracy

A 40-year-old Russian man faces a lengthy prison sentence in the United States after pleading guilty to his involvement in the distribution and development of the notorious Trickbot malware. The US Department of Justice announced that Vladimir Dunaev, from Amur Oblast in the far east of Russia, was an integral member of the criminal Trickbot group, which became infamous for its sophisticated information-stealing Trojan that defrauded innocent internet users for years. READ MORE...


BlackCat ransomware crims threaten to directly extort victim's customers

The AlphV/BlackCat ransomware group said it plans to "go direct" to the clients of a firm it allegedly attacked to extort them, claiming to have infiltrated the systems of accounting software vendor Tipalti. BlackCat claims it has had access to Tipalti's systems since September 8 and alleges that since then it has managed to exfiltrate more than 265GB of "confidential" data belonging to the company, its employees, and its clients. Tipalti said it is "thoroughly" investigating the gang's claims. READ MORE...

Information Security

Meta AI Models Cracked Open With Exposed API Tokens

Researchers recently were able to get full read and write access to Meta's Bloom, Meta-Llama, and Pythia large language model (LLM) repositories, in a troubling demonstration of the supply chain risks to organizations using these repositories to integrate LLM capabilities into their applications and operations. The access would have allowed an adversary to silently poison training data in these widely used LLMs, steal models and data sets, and potentially execute other malicious activities. READ MORE...

Science & Culture

Schneier: The Internet Enabled Mass Surveillance. AI Will Enable Mass Spying.

Spying and surveillance are different but related things. If I hired a private detective to spy on you, that detective could hide a bug in your home or car, tap your phone, and listen to what you said. At the end, I would get a report of all the conversations you had and the contents of those conversations. If I hired that same private detective to put you under surveillance, I would get a different report: where you went, whom you talked to, what you purchased, what you did. READ MORE...

On This Date

  • ...in 1890, Austrian-American director Fritz Lang, best known for making the classics "Metropolis" and "M", is born in Vienna.
  • ...in 1933, the 21st Amendment to the US Constitution is ratified, overturning the 18th Amendment and ending the nationwide prohibition on alcohol.
  • ...in 1969, the original four-node ARPANET network is established. It later becomes the first to use TCP/IP protocols, the basis of our modern Internet.
  • ...in 2014, NASA launches the first flight test of the Orion MPCV (Multi-Purpose Crew Vehicle), which is currently being used in the unmanned Artemis I mission.