IT Security Newsletter

IT Security Newsletter - 2/1/2023

Written by Cadre | Wed, Feb 1, 2023

Google Fi Users Caught Up in T-Mobile Breach

Google Fi has sent an email to customers to disclose that their account data was included in the more than 37 million customer records stolen from T-Mobile in November 2022. Google Fi is a wireless plan that runs much of its service over T-Mobile networks. Details on Google Fi customers, including phone number, SIM serial card number, and service plan details were among the stolen T-Mobile data. READ MORE...

Attackers used malicious "verified" OAuth apps to infiltrate organizations' O365 email accounts

Malicious third-party OAuth apps with an evident "Publisher identity verified" badge have been used by unknown attackers to target organizations in the UK and Ireland, Microsoft has shared. The attacks were first spotted by Proofpoint researchers in early December 2022, and involved three rogue apps impersonating SSO and online meeting apps. Targets in these organizations who have fallen for the trick effectively allowed these rogue apps to access to their O365 email accounts. READ MORE...

Pig-butchering scam apps sneak into Apple's App Store and Google Play

In the past year, a new term has arisen to describe an online scam raking in millions, if not billions, of dollars per year. It's called "pig butchering," and now even Apple is getting fooled into participating. Researchers from security firm Sophos said on Wednesday that they uncovered two apps available in the App Store that were part of an elaborate network of tools used to dupe people into putting large sums of money into fake investment scams. READ MORE...

PoS malware can block contactless payments to steal credit cards

New versions of the Prilex point-of-sale malware can block secure, NFC-enabled contactless credit card transactions, forcing consumers to insert credit cards that are then stolen by the malware. On a payment terminal, contactless transactions use NFC (Near Field Communication) chips embedded in credit cards and mobile devices to conduct close-proximity payments via credit cards, smartphones, or even smartwatches. READ MORE...

Hackers use new IceBreaker malware to breach gaming companies

Hackers have been targeting online gaming and gambling companies with what appears to be a previously unseen backdoor that researchers have named IceBreaker. The compromise method relies on tricking customer service agents into opening malicious screenshots the threat actor sends under the guise of a user facing a problem. Such attacks have been happening since at least September 2022. The group behind them remains unknown, with indistinct clues pointing to their origin. READ MORE...

Over 29,000 QNAP devices unpatched against new critical flaw

Tens of thousands of QNAP network-attached storage (NAS) devices are waiting to be patched against a critical security flaw addressed by the Taiwanese company on Monday. Remote threat actors can exploit this SQL injection vulnerability (CVE-2022-27596) to inject malicious code in attacks targeting Internet-exposed and unpatched QNAP devices. QNAP also assigned this bug a CVSS base score of 9.8/10 and said it could be abused in low-complexity attacks by unauthenticated malicious actors. READ MORE...

Critical VMware RCE Vulnerabilities Targeted by Public Exploit Code

Three security vulnerabilities affecting VMware's vRealize Log Insight platform now have public exploit code circulating, offering a map for cybercriminals to follow to weaponize them. These include two critical unauthenticated remote code execution (RCE) bugs. The vRealize Log Insight platform (which is transitioning its name to Aria Operations) provides intelligent log management "for infrastructure and applications in any environment," according to VMware. READ MORE...

Unpatched Econolite Traffic Controller Vulnerabilities Allow Remote Hacking

A researcher has discovered two potentially serious vulnerabilities affecting Econolite traffic controllers. Exploitation of the security flaws can have serious real-world impact, but they remain unpatched. Cyber offensive researcher Rustam Amin informed the US Cybersecurity and Infrastructure Security Agency (CISA) that he had identified critical and high-severity vulnerabilities in Econolite EOS, a traffic controller software. READ MORE...

  • ...in 1865, President Abraham Lincoln signs the Thirteenth Amendment to the US Constitution, abolishing slavery and involuntary servitude, except as punishment for a crime.
  • ...in 1893, Thomas Edison finishes construction of the first motion picture studio, nicknamed the "Black Maria", in New Jersey.
  • ...in 1942, comedian and medieval historian Terry Jones ("Monty Python's Flying Circus") is born in Wales, United Kingdom.
  • ...in 1964, the Beatles have their first #1 hit single in the US with "I Want To Hold Your Hand."