IT Security Newsletter - 2/15/2024
LockBit claims ransomware attack on Fulton County, Georgia
The LockBit ransomware gang claims to be behind the recent cyberattack on Fulton County, Georgia, and is threatening to publish "confidential" documents if a ransom is not paid. Fulton County has a population of a little over one million and it is the largest county in Georgia and the home of the state capital, Atlanta. The hackers breached the county's systems during the last weekend of January, causing widespread IT outages that impact phone, court, and tax systems. READ MORE...
Prudential Financial finds cybercrims lurking inside its IT systems
Prudential Financial, the second largest life insurance company in the US and eight largest worldwide, is dealing with a digital break-in that exposed some internal company and customer records to a criminal group. The Fortune Global 500 and Fortune 500 org provides a range of services including insurance, retirement planning, fund management services and more to retail and institutional investors. It has $1.4 trillion worth of assets under management across the US, Asia, Europe, and Latin America. READ MORE...
U.S. Internet Leaked Years of Internal, Customer Emails
The Minnesota-based Internet provider U.S. Internet Corp. has a business unit called Securence, which specializes in providing filtered, secure email services to businesses, educational institutions and government agencies worldwide. But until it was notified last week, U.S. Internet was publishing more than a decade's worth of its internal email - and that of thousands of Securence clients - in plain text out on the Internet and just a click away for anyone with a Web browser. READ MORE...
AlphV claims hit on Canada's Trans-Northern Pipelines
Trans-Northern Pipelines confirmed it's aware of and responding to the AlphV ransomware group's alleged attack against its systems. Operations are not currently impacted and an investigation is underway, a company spokesperson said Tuesday. "We did experience a cybersecurity incident in November of 2023 that impacted some of our internal systems, but we've continued to safely operate our pipeline systems themselves," the spokesperson told Cybersecurity Dive. READ MORE...
Chipmaker Patch Tuesday: AMD and Intel Patch Over 100 Vulnerabilities
Chipmakers AMD and Intel on Tuesday announced patches for a total of over 100 vulnerabilities, including 21 high-severity bugs leading to privilege escalation, code execution, or denial-of-service (DoS). AMD published five advisories detailing vulnerabilities in embedded processors, processors, SEV firmware, and UltraScale and UltraScale+ FPGA series devices. The chipmaker addressed 20 bugs in its embedded processors, including seven high-severity flaws. READ MORE...
North Korea running malware-laden gambling websites as-a-service
North Korea's latest money-making venture is the production and sale of gambling websites that come pre-infected with malware, according to South Korea's National Intelligence Service (NIS). The Service on Wednesday identified South Korean cyber crime organizations as buyers of the sites. Reports allege that the North Korean faction responsible for this effort is an IT organization affiliated with the hermit kingdom's secretive Office 39 known as "Gyeongheung." READ MORE...
Russian APT Turla Wields Novel Backdoor Malware Against Polish NGOs
Russia-sponsored advanced persistent threat group (APT) Turla is now targeting Polish NGOs in a cyberespionage campaign that uses a freshly developed backdoor with modular capabilities, signaling an expansion of the scope of its attacks against supporters of the Ukrainian war effort. According to a Cisco Talos blog post published today on Turla, the backdoor used in the attacks, dubbed "TinyTurla-NG," has functionalities very much like the APT's known custom malware. READ MORE...
AI-powered romantic chatbots are a privacy nightmare
You shouldn't trust any answers a chatbot sends you. And you probably shouldn't trust it with your personal information either. That's especially true for "AI girlfriends" or "AI boyfriends," according to new research. An analysis of 11 so-called romance and companion chatbots, published on Wednesday by the Mozilla Foundation, has found a litany of security and privacy concerns with the bots. READ MORE...
Deepfakes in the global election year of 2024: A weapon of mass deception?
Fake news has dominated election headlines ever since it became a big story during the race for the White House back in 2016. But eight years later, there's an arguably bigger threat: a combination of disinformation and deepfakes that could fool even the experts. Chances are high that recent examples of election-themed AI-generated content were harbingers of what's likely to come on a larger scale. READ MORE...
Zoom Patches Critical Vulnerability in Windows Applications
Video messaging giant Zoom on Tuesday announced patches for seven vulnerabilities in its desktop and mobile applications, including a critical-severity bug in Windows software. The critical issue, tracked as CVE-2024-24691 (CVSS score of 9.6), is described as an improper input validation that could allow an attacker with network access to escalate privileges. The video messaging company also resolved a high-severity escalation of privilege defect in these Windows applications. READ MORE...
New critical Microsoft Outlook RCE bug is trivial to exploit
Microsoft says remote unauthenticated attackers can trivially exploit a critical Outlook security vulnerability that also lets them bypass the Office Protected View. Discovered by Check Point vulnerability researcher Haifei Li and tracked as CVE-2024-21413, this bug leads to remote code execution (RCE) when opening emails with malicious links using a vulnerable Microsoft Outlook version. READ MORE...
- ...in 1909, humanitarian Hermine "Miep" Gies, who helped hide Anne Frank's family during WWII, is born in Vienna, Austria.
- ...in 1946, ENIAC, the world's first electronic general-purpose computer, is dedicated at the University of Pennsylvania.
- ...in 1954, cartoonist Matt Groening, the creator of "The Simpsons" and "Futurama", is born in Portland, OR.
- ...in 2001, the first draft of the complete human genome is published in the journal "Nature".