IT Security Newsletter - 12/6/2024
U.S. org suffered four month intrusion by Chinese hackers
A large U.S. organization with significant presence in China has been reportedly breached by China-based threat actors who persisted on its networks from April to August 2024. According to Symantec's threat researchers, the operation appeared to focus on intelligence gathering, involving multiple compromised machines and targeting Exchange Servers, likely for email and data exfiltration. READ MORE...
Atrium Health Data Breach Impacts 585,000 People
Healthcare company Atrium Health has notified the US Department of Health and Human Services (HHS) that a recently discovered data breach impacts more than 585,000 individuals. The HHS website does not provide any information regarding the incident, but the notification is likely related to an issue involving online tracking technologies that were present on an Atrium Health patient portal between 2015 and 2019. READ MORE...
Romania's election systems targeted in over 85,000 cyberattacks
A declassified report from Romania's Intelligence Service says that the country's election infrastructure was targeted by more than 85,000 cyberattacks. Threat actors also obtained access credentials for election-related websites and leaked them on a Russian hacker forum less than a week before the first presidential election round. The Romanian Intelligence Service says that on November 19 the IT infrastructure of the country's Permanent Electoral Authority was the target of a cyberattack. READ MORE...
US arrests Scattered Spider suspect linked to telecom hacks
?U.S. authorities have arrested a 19-year-old teenager linked to the notorious Scattered Spider cybercrime gang who is now charged with breaching a U.S. financial institution and two unnamed telecommunications firms. Remington Goy Ogletree (also known online as "remi") breached the three companies' networks using credentials stolen in text and voice phishing messages targeting their employees. READ MORE...
Teenagers leading new wave of cybercrime
Global data breaches show no signs of slowing down as this year has already exceeded 2023 in the number of data breaches and consumers impacted, according to Experian. Today, the world of cyber hacking is not confined to grown ups nor is the fallout. According to the FBI, the average age of someone arrested for cybercrime is 19 vs. 37 for any crime. Many teens will have been recruited into the "business" by more sophisticated fraudsters, who reach them through online gaming, chat and social media. READ MORE...
Windows, macOS users targeted with crypto-and-info-stealing malware
Downloading anything from the internet is a gamble these days: you might think that you are downloading an innocuous app from a legitimate firm but thanks to clever misuse of AI and some social engineering, you can end up with information and cryptocurrency-stealing malware. Case in point: Cado Security Labs researchers have recently reported websites set up to impersonate companies offering a video conferencing app, but serving/pushing the Realst info-stealer. READ MORE...
Trojan-as-a-Service Hits Euro Banks, Crypto Exchanges
A fierce Android remote access Trojan (RAT), dubbed "DroidBot," is using spyware features like keylogging and monitoring, as well as inbound and outbound data transmission, to steal data from banks, cryptocurrency exchanges, and other national organizations. But the real concern cybersecurity analysts have about the DroidBot banking Trojan is its apparent expansion into a full-on malware-as-a-service operation. READ MORE...
Money-Laundering Network Linked To Drugs and Ransomware Disrupted
The UK's National Crime Agency (NCA) has revealed details of Operation Destabilise, a years-long international law enforcement investigation into a giant Russian money laundering enterprise that handled billions of dollars for drug traffickers and ransomware gangs worldwide. The multi-billion dollar Smart and TGR networks are said to have used a complex system of cash handovers and cryptocurrency exchanges to move illicit funds, making it difficult for the authorities to trace. READ MORE...
I-O Data Confirms Zero-Day Attacks on Routers, Full Patches Pending
Japanese device maker I-O Data this week confirmed zero-day exploitation of critical flaws in multiple routers and warned that full patches won't be available for a few weeks. According to a warning from incident responders at JPCERT/CC, the most serious flaw opens the door for a remote attacker to disable the router's firewall, execute commands, or alter configurations. "The developer states that attacks exploiting these vulnerabilities have been observed," according to the JPCERT/CC alert. READ MORE...
Bypass Bug Revives Critical N-Day in Mitel MiCollab
Two new vulnerabilities in Mitel's MiCollab unified communications and collaboration (UCC) platform could help expose gobs of enterprise data. MiCollab is a cross-platform application on mobile devices and desktops that combines instant messaging, SMS, phone calls, video calls, file sharing, remote desktop sharing - really any form of collaboration that occurs within an organization, save talking out loud. READ MORE...
- ...1884, the Washington Monument is completed in Washington, D.C.
- ...in 1865, the Thirteenth Amendment to the U.S. Constitution is ratified, abolishing slavery and involuntary servitude, except as punishment for a crime.
- ...in 1920, jazz pianist and composer Dave Brubeck ("Take Five") is born in Concord, CA.
- ...in 1955, deadpan comedian and writer Steven Wright (Who said: "It's a small world, but I wouldn't want to paint it.") is born in Cambridge, MA.