<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 2/26/2024

SHARE

Top News

Prescription orders delayed as US pharmacies grapple with "nation-state" cyber attack

Prescription orders across the United States are reportedly being delayed after a cyber attack impacted a healthcare technology firm that supplies services to pharmacies, including CVS Health. Change Healthcare says that it experienced a "cyber security issue" on Wednesday 21 February, that caused it to experience "enterprise-wide connectivity issues" and forced it to shut down systems. It later confirmed that the "network interruption" it was experiencing was related to a "cyber security issue." READ MORE...


FBI's LockBit Takedown Postponed a Ticking Time Bomb in Fulton County, Ga.

The FBI's takedown of the LockBit ransomware group last week came as LockBit was preparing to release sensitive data stolen from government computer systems in Fulton County, Ga. But LockBit is now regrouping, and the gang says it will publish the stolen Fulton County data on March 2 unless paid a ransom. Court watchers say teaser documents published by the crime gang suggest a total leak of the Fulton County data could put lives at risk and jeopardize a number of other criminal trials. READ MORE...

Breaches

U-Haul tells 67K customers that cyber-crooks drove away with their personal info

U-Haul is alerting tens of thousands of folks that miscreants used stolen credentials to break into one of its systems and access customer records that contained some personal data. A U-Haul spokesperson told The Register that about 67,000 customers in the United States and Canada were affected, but declined to answer other questions about the security snafu. The intrusion happened on December 5, according to letters going out this week to those affected. READ MORE...


Insomniac Games alerts employees hit by ransomware data breach

Sony subsidiary Insomniac Games is sending data breach notification letters to employees whose personal information was stolen and leaked online following a Rhysida ransomware attack in November. The California-based video game developer has been part of Sony Interactive Entertainment's Worldwide Studios division (now known as PlayStation Studios) after being acquired by Sony in August 2019. READ MORE...

Hacking

LockBit Ransomware Gang Resurfaces With New Site

The LockBit ransomware operators launched a new leak site over the weekend, claiming they restored their infrastructure following a law enforcement takedown and invited affiliates to re-join the operation. On February 19, LockBit was severely disrupted by law enforcement in North America, Europe, and Asia, which seized 34 servers, took over the group's Tor-based leak sites, froze cryptocurrency accounts, and harvested technical information on the RaaS. READ MORE...

Software Updates

Joomla! patches XSS flaws that could lead to remote code execution

On February 20, Joomla! posted details about four vulnerabilities it had fixed in its Content Management System (CMS), and one in the Joomla! Framework that affects the CMS. Joomla! is an open-source CMS that's been around since 2005, and has been one of the most popular CMS platforms by market share for much of that time. Many companies, from small outfits to large enterprises, use a CMS in some form to manage their websites. READ MORE...

Malware

LockBit extorted billions of dollars from victims, fresh leaks suggest

Authorities digging into LockBit's finances believe the group may have generated more than $1 billion in ransom fees over its four-year lifespan. That's according to the latest leak published today on LockBit's blog, now under the control of Operation Cronos, who analyzed 30,000 cryptocurrency addresses obtained after accessing and shuttering the ransomware group's systems this week. READ MORE...


Pikabot returns with new tricks up its sleeve

After a short hiatus, Pikabot is back, with significant updates to its capabilities and components and a new delivery campaign. Pikabot is a loader - a type of malware whose primary function is to serve as a delivery mechanism for other malware. It first appeared in early 2023 and has been widely used by threat actors to deliver payloads such as Cobalt Strike or various ransomware. After the disruption of the Quakbot botnet, Pikabot emerged as an alternative. READ MORE...

Information Security

AT&T's botched network update caused Thursday's major wireless outage

AT&T said a botched update related to a network expansion caused the wireless outage that disrupted service for many mobile customers this past Thursday. "Based on our initial review, we believe that today's outage was caused by the application and execution of an incorrect process used as we were expanding our network, not a cyber attack," AT&T said on its website last night. "We are continuing our assessment of today's outage to ensure we keep delivering the service that our customers deserve." READ MORE...


Vending machine error reveals secret face image database of college students

Canada-based University of Waterloo is racing to remove M&M-branded smart vending machines from campus after outraged students discovered the machines were covertly collecting facial-recognition data without their consent. The scandal started when a student using the alias SquidKid47 posted an image on Reddit showing a campus vending machine error message displayed after the machine failed to launch a facial recognition application. READ MORE...

Exploits/Vulnerabilities

ConnectWise ScreenConnect faces new attacks involving LockBit ransomware

Threat groups are escalating malicious activity against vulnerable ConnectWise ScreenConnect instances, according to security researchers. Sophos warns that LockBit ransomware is being deployed by affiliate hackers. Exploitation of a critical authentication bypass vulnerability, CVE-2024-1709, is widespread, according to Shadowserver. There are more than 8,200 vulnerable instances exposed to the internet and 643 IPs have been observed launching attacks. READ MORE...

On This Date

  • ...in 1919, President Woodrow Wilson signs an act of Congress establishing Grand Canyon National Park.
  • ...in 1928, early rock 'n' roll musician Antoine "Fats" Domino ("Ain't That A Shame", "Blueberry Hill") is born in New Orleans, LA.
  • ...in 1929, President Calvin Coolidge signs an executive order establishing Grand Teton National Park in Wyoming.
  • ...in 1932, singer-songwriter Johnny Cash ("I Walk the Line", "Ring of Fire") is born in Kingsland, AR.