<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 2/23/2024

SHARE

Top News

$15 million bounty offered for information on leaders of notorious Lockbit ransomware gang

A huge reward is being offered for information leading to the identification or location of any of the leaders of the LockBit ransomware gang. The bounty offer comes from the US State Department, following this week's disruption of the criminal organisation's activities. LockBit, which has been operating since 2020, has targeted thousands of victims around the globe, causing the loss of billions of dollars in both ransom payments and recovery. READ MORE...


Operation Texonto: Information operation targeting Ukrainian speakers in the context of the war

ESET products and research have been protecting Ukrainian IT infrastructure for years. Since the start of the war in February 2022, we have prevented and investigated a significant number of attacks launched by Russia-aligned groups. Even though our main focus remains on analyzing threats involving malware, we have found ourselves investigating an information operation or psychological operation (PSYOP) trying to raise doubts in the minds of Ukrainians and Ukrainian speakers abroad. READ MORE...

Breaches

Eye Care Services Firm Faces Lawsuit Over Data Breach Impacting 2.3 Million

Eye care practice management firm American Vision Partners faces a class action lawsuit over a recently disclosed data breach impacting more than two million of its customers' patients. Medical Management Resource Group, which does business as American Vision Partners, revealed in early February that it had detected unauthorized access to its network on November 14, 2023. American Vision Partners provides administrative services to 120 ophthalmology practices in Arizona, Texas, New Mexico and Nevada. READ MORE...


Cyberattack downs pharmacies across America

IT provider Change Healthcare has confirmed it shut down some of its systems following a cyberattack, disrupting prescription orders and other services at pharmacies across the US. The technology outfit is one of the largest in the country of its kind, and is used by pharmacists to check patients' eligibility for treatments and process orders for medication given their insurance situation, among many other things. READ MORE...

Hacking

 

U-Haul says hacker accessed customer records using stolen creds

U-Haul has started informing customers that a hacker used stolen account credentials to access an internal system for dealers and team members to track customer reservations. The breach exposed customer records that include personal information but payment details have not been impacted. U-Haul is an American company that rents moving equipment and storage space for 'do-it-yourself' customer needs. It offers trucks, trailers, and other equipment and services for moving household goods. READ MORE...


Iran-Backed Charming Kitten Stages Fake Webinar Platform to Ensnare Targets

Conflicts in the Middle East, Ukraine, and other areas of simmering geopolitical tensions have made policy experts the latest target of cyber operations conducted by state-sponsored groups. An Iran-linked group - known as Charming Kitten, CharmingCypress, and APT42 - recently targeted Middle East policy experts in the region as well as in the US and Europe, using a phony webinar platform to compromise its targeted victims, incident response services firm Volexity stated in an advisory. READ MORE...

Malware

Everything you need to know about IP grabbers

A common message that any user of a social platform like Discord might see sometimes are warnings about IP grabbers being included as links in messages on various servers. For someone who probably had never heard of IP grabbers before, they would probably not think much about it, but the name itself should be a dead giveaway of what they are about - that is "grabbing," or acquiring, one's IP address. While this might seem innocuous at first, IP addresses can be very valuable. READ MORE...


Threat Actors Quick to Abuse 'SSH-Snake' Worm-Like Tool

Approximately 100 organizations have had their SSH credentials stolen using a recently released open source pentesting tool that has worm-like capabilities, cloud security firm Sysdig reports. The tool, called SSH-Snake and developed by Australian security researcher Joshua Rogers, was released in January to enable automatic network traversal using SSH keys harvested from the local systems. SSH-Snake, the developer says, is a Bash script intended to find SSH keys on systems. READ MORE...

Information Security

AT&T Says the Outage to Its US Cellphone Network Was Not Caused by a Cyberattack

AT&T said the hourslong outage to its U.S. cellphone network Thursday appeared to be the result of a technical error, not a malicious attack. The outage knocked out cellphone service for thousands of its users across the U.S. starting early Thursday before it was restored. AT&T blamed the incident on an error in coding, without elaborating. "Based on our initial review, we believe that today's outage was caused by the application and execution of an incorrect process," the Dallas-based company said. READ MORE...

On This Date

  • ...in 1861, President-elect Abraham Lincoln arrives in Washington amid secrecy and tight security, following a thwarted assassination attempt in Baltimore.
  • ...in 1893, Rudolf Diesel receives a German patent for his compression-ignition engine, known today as the diesel engine.
  • ...in 1945, AP photographer Joe Rosenthal takes a Pulitzer-winning shot of six US Marines raising the US flag atop Mt. Suribachi in the Battle of Iwo Jima.
  • ...in 1954, a group of children in Pittsburgh, PA are the first to receive the new polio vaccine, developed by Dr. Jonas Salk of the University of Cincinnati.