IT Security Newsletter - 2/2/2023
Ransomware Leads to Nantucket Public Schools Shutdown
For the second day in a row, public schools on the tiny island of Nantucket remained closed Wednesday as administrators scrambled to cope with a ransomware attack on its computer systems. According to published reports, Nantucket's five public schools shut its doors to students and teachers after a data encryption and extortion attack prompted staff to shut down the internet along with all student and staff devices - including phones and security cameras. READ MORE...
Lazarus Group Rises Again, to Gather Intelligence on Energy, Healthcare Firms
Security researchers on Feb. 2 reported that they have detected a cyberattack campaign by the North Korean Lazarus Group, targeting medical research and energy organizations for espionage purposes. The attribution was made by threat intelligence analysts for WithSecure, which discovered the campaign while running down an incident against a customer it suspected was a ransomware attack. Further investigation helped them uncover evidence that it was part of a wider state-sponsored campaign. READ MORE...
New HeadCrab malware infects 1,200 Redis servers to mine Monero
New stealthy malware designed to hunt down vulnerable Redis servers online has infected over a thousand of them since September 2021 to build a botnet that mines for Monero cryptocurrency. Discovered by Aqua Security researchers Nitzan Yaakov and Asaf Eitani, who dubbed it HeadCrab, the malware has so far ensnared at least 1,200 such servers, which are also used to scan for more targets online. READ MORE...
New DDoS-as-a-Service platform used in recent attacks on hospitals
A new DDoS-as-a-Service (DDoSaaS) platform named 'Passion' was seen used in recent attacks by pro-Russian hacktivists against medical institutions in the United States and Europe. A DDoS (distributed denial of service) attack is when threat actors send many requests and garbage traffic to a target server to overwhelm the server and cause it to stop responding to legitimate requests. READ MORE...
The emergence of trinity attacks on APIs
When it comes to attacks against application programming interfaces (APIs), the building blocks that provide access to many of our applications, the OWASP API Top Ten is seen as definitive - and rightly so. Compiled in 2019 based on a risk analysis conducted by an OWASP working party as well as the in the field experience of security practitioners, the list acts as a bible to developers and security professionals alike. But it very clearly delineates between each of the attack types. READ MORE...
50% of organizations have indirect relationships with 200+ breached fourth-party vendors
98 percent of organizations have vendor relationships with at least one third-party that has experienced a breach in the last two years, according to SecurityScorecard and The Cyentia Institute. The study also found that 50 percent of organizations have indirect relationships with at least 200 breached fourth-party vendors in the last two years. "An organizations' attack surface spans beyond just the technology that they own or control, " said Aleksandr Yampolskiy, CEO of SecurityScorecard. READ MORE...
Vulnerabilities could let hackers remotely shut down EV chargers, steal electricity
Two vulnerabilities in a commonly used networking protocol for electric vehicle chargers could allow hackers to remotely shut down charging stations or manipulate docking stations to recharge for free, according to a report from cybersecurity firm Saiflow. A fix for the vulnerabilities is available, but Tiberg-Shachar pointed out that the burgeoning EV industry has been slow to deploy the update. READ MORE...
Password-stealing "vulnerability" reported in KeePass - bug or feature?
It's been a newsworthy few weeks for password managers - those handy utilities that help you come up with a different password for every website you use, and then to keep track of them all. At the end of 2022, it was the turn of LastPass to be all over the news, when the company finally admitted that a breach it suffered back in August 2022 did indeed end up with customers' password vaults getting stolen from the cloud service where they were backed up. READ MORE...
Paper: Stable Diffusion "memorizes" some images, sparking privacy concerns
On Monday, a group of AI researchers from Google, DeepMind, UC Berkeley, Princeton, and ETH Zurich released a paper outlining an adversarial attack that can extract a small percentage of training images from latent diffusion AI image synthesis models like Stable Diffusion. It challenges views that image synthesis models do not memorize their training data and that training data might remain private if not disclosed. READ MORE...
- ...in 1848, The Treaty of Guadelupe Hidalgo formally ends the Mexican War.
- ...in 1876, the National League of Professional Baseball Clubs, which comes to be more commonly known as the National League (NL), is formed.
- ...in 1922, James Joyce's serialised novel "Ulysses" is published in its first collected edition in Paris.
- ...in 1949, actor Brent Spiner, best known as Lt. Cmdr Data on "Star Trek: The Next Generation", is born in Houston, TX.