IT Security Newsletter - 2/20/2024
LockBit, the world's worst ransomware, is down
For the last two years the absolute worst, most prolific, most globally significant "big game" ransomware gang has been LockBit. This evening its position as ransomware's biggest beast is suddenly in doubt, following some non-consensual website redecoration at the hands of the UK's National Crime Agency (NCA). The LockBit dark web site usually hosts the names and data of organisations that refused to pay ransoms. That's been replaced by a message from the NCA. READ MORE...
Cactus Ransomware Group Confirms Hacking Schneider Electric
The Cactus ransomware gang has claimed responsibility for the cyberattack that French industrial giant Schneider Electric disclosed at the end of January. The incident, the company said at the time, was discovered on January 17 and only impacted its Sustainability Business division, resulting in severed access to Resource Advisor and other systems used by the division. READ MORE...
China's Volt Typhoon Hackers Are Exfiltrating Sensitive OT Data
The sophisticated hacker group known as Volt Typhoon could pose a serious threat to organizations that use industrial control systems (ICS) or other operational technology (OT), according to industrial cybersecurity firm Dragos. Dragos' new 2023 ICS/OT Cybersecurity Year in Review report reveals that the company is aware of 21 threat groups whose activities impact or could impact OT, including three that emerged in 2023 and seven others that are still known to be active. READ MORE...
North Korean hackers linked to defense sector supply-chain attack
In an advisory today Germany's federal intelligence agency (BfV) and South Korea's National Intelligence Service (NIS) warn of an ongoing cyber-espionage operation targeting the global defense sector on behalf of the North Korean government. The attacks aim to steal advanced military technology information and help North Korea modernize conventional arms as well as develop new military capabilities. READ MORE...
Critical infrastructure software maker confirms ransomware attack
PSI Software SE, a German software developer for complex production and logistics processes, has confirmed that the cyber incident it disclosed last week is a ransomware attack that impacted its internal infrastructure. The company operates at a global level with a staff of more than 2,000 and specializes in software solutions for major energy suppliers. READ MORE...
Critical ConnectWise ScreenConnect vulnerabilities fixed, patch ASAP!
ConnectWise has fixed two vulnerabilities in ScreenConnect that could allow attackers to execute remote code or directly impact confidential data or critical systems. "There is no evidence that these vulnerabilities have been exploited in the wild, but immediate action must be taken by on-premise partners to address these identified security risks," the company said. READ MORE...
Reddit sells training data to unnamed AI company ahead of IPO
On Friday, Bloomberg reported that Reddit has signed a contract allowing an unnamed AI company to train its models on the site's content, according to people familiar with the matter. The move comes as the social media platform nears the introduction of its initial public offering (IPO), which could happen as soon as next month. Reddit initially revealed the deal, which is reported to be worth $60 million a year, earlier in 2024 to potential investors of an anticipated IPO, Bloomberg said. READ MORE...
Wyze cameras show the wrong feeds to customers. Again.
Last September, we wrote an article about how Wyze home cameras temporarily showed other people's security feeds. As far as home cameras go, we said this is absolutely up there at the top of the "things you don't want to happen" list. Turning your customers into Peeping Tom against their will and exposing other customers' footage is definitely not OK. It's not OK, but yet here we are again. On February 17, TheVerge reported that history had repeated itself. READ MORE...
36% of code generated by GitHub CoPilot contains security flaws
Worryingly, 46% of organizations have persistent, high-severity flaws that constitute 'critical' security debt, putting businesses at serious risk in terms of impact on confidentiality, integrity, and availability. According to the report, 63% of applications have flaws in first-party code, while 70% contain flaws in third-party code imported via third-party libraries. This highlights the importance of testing both types throughout the software development life cycle. READ MORE...
- ...in 1872, the Metropolitan Museum of Art opens in New York City.
- ...in 1927, actor Sidney Poitier ("In the Heat of the Night", "To Sir, With Love") is born in Miami, FL.
- ...in 1960, comedian Joel Hodgson, creator of the TV cult classic "Mystery Science Theater 3000", is born in Stevens Point, WI.
- ...in 1986, the Soviet Union launches the first module of the space station Mir, which would be gradually assembled in orbit over the following 10 years.