IT Security Newsletter - 2/20/2025
Tech investment firm Insight Partners discloses data breach
Insight Partners suffered a data breach in January stemming from what it described as "a sophisticated social engineering attack." In a statement published Tuesday, the private equity and venture capital firm said it initially detected unauthorized access to "certain Insight information systems" on Jan. 16. Insight Partners did not specify what types of systems or data were affected by the cyberattack. READ MORE...
Hackers pose as employers to steal crypto, login credentials
Since early 2024, ESET researchers have been tracking DeceptiveDevelopment, a series of malicious campaigns linked to North Korea-aligned operators. Disguising themselves as software development recruiters, these threat actors lure victims with fake job offers and deliver software projects embedded with infostealing malware. While DeceptiveDevelopment's affiliation remains unconfirmed, its tactics closely mirror those of known North Korea-aligned cyber operations. READ MORE...
US Army soldier linked to Snowflake extortion rampage admits breaking the law
A US Army soldier suspected of hacking AT&T and Verizon has admitted leaking online people's private call records. Cameron John Wagenius informed a federal court in Seattle, Wednesday, he intends to plead guilty [PDF] to two counts of unlawfully transferring confidential phone records, with no plea deal in sight. Last month, prosecutors linked Wagenius with two others accused of stealing data from more than 150 Snowflake cloud accounts in April 2024. READ MORE...
Patch Now: CISA Warns of Palo Alto Flaw Exploited in the Wild
Attackers are actively exploiting an authentication bypass flaw found in the Palo Alto Networks PAN-OS software that lets an unauthenticated attacker bypass authentication of that interface and invoke certain PHP scripts. Both the Cybersecurity Infrastructure and Security Agency (CISA) and security researchers are warning of increasing attacker activity to exploit the flaw, first revealed in a blog post on Feb. 12 as a zero-day flaw by researchers at Searchlight Cyber AssetNote. READ MORE...
Atlassian Patches Critical Vulnerabilities in Confluence, Crowd
Atlassian this week announced the rollout of patches for 12 critical- and high-severity vulnerabilities in its Bamboo, Bitbucket, Confluence, Crowd, and Jira products. The company released fixes for five critical-severity issues in Confluence Data Center and Server and Crowd Data Center and Server that were discovered in third-party dependencies used within the two products. Updates released for Confluence Data Center and Server address two critical flaws in Apache Tomcat. READ MORE...
CISA and FBI: Ghost ransomware breached orgs in 70 countries
CISA and the FBI said attackers deploying Ghost ransomware have breached victims from multiple industry sectors across over 70 countries, including critical infrastructure organizations. Other industries impacted include healthcare, government, education, technology, manufacturing, and more. "Beginning early 2021, Ghost actors began attacking victims whose internet facing services ran outdated versions of software and firmware," said a joint advisory released on Wednesday. READ MORE...
Darcula PhaaS can now auto-generate phishing kits for any brand
The Darcula phishing-as-a-service (PhaaS) platform is preparing to release its third major version, with one of the highlighted features, the ability to create do-it-yourself phishing kits to target any brand. The upcoming release, currently available as a beta, will remove the targeting scope restrictions by offering a finite number of phishing kits and allowing anyone to create their own. READ MORE...
No, you're not fired - but beware of job termination scams
Most of us are in a job or looking for one. Or both. That's largely why employment and work-from-home scams are so popular among cybercriminals (and even some state-aligned threat actors). The schemes typically lure the user by offering amazing job or casual employment opportunities. But in reality, all the scammers usually want is your personal and financial information. However, less-well known is the employment termination scam. READ MORE...
SonicWall authentication flaw under threat of active exploitation
Security researchers warn a critical vulnerability in SonicWall's SonicOS is under active exploitation. The flaw, listed as CVE-2024-53704, is an improper authentication vulnerability in the SSL VPN mechanism, which can allow a remote actor to bypass authentication. SonicWall issued an advisory and patched the vulnerability on Jan. 7. However, researchers from Bishop Fox released a proof-of-concept earlier this month. READ MORE...
- ...in 1872, the Metropolitan Museum of Art opens in New York City.
- ...in 1927, actor Sidney Poitier ("In the Heat of the Night", "To Sir, With Love") is born in Miami, FL.
- ...in 1960, comedian Joel Hodgson, creator of the TV cult classic "Mystery Science Theater 3000", is born in Stevens Point, WI.
- ...in 1986, the Soviet Union launches the first module of the space station Mir, which would be gradually assembled in orbit over the following 10 years.