IT Security Newsletter

IT Security Newsletter - 2/27/2024

Written by Cadre | Tue, Feb 27, 2024

APT29 revamps its techniques to breach cloud environments

Russian threat actors APT29 are changing their techniques and expanding their targets to access cloud environments, members of the Five Eyes intelligence alliance have warned. APT29 (aka Midnight Blizzard, aka Cozy Bear) is a cyber espionage group believed to be part of the Russian Foreign Intelligence Service (SVR), known for breaching several US government agencies after the supply chain compromise of SolarWinds software. READ MORE...

Back from the dead: LockBit taunts cops, threatens to leak Trump docs

LockBit claims it's back in action just days after an international law enforcement effort seized the ransomware gang's servers and websites, and retrieved more than 1,000 decryption keys to assist victims. The crew's latest leak site, which debuted on Saturday, listed more than a dozen alleged victims including the FBI itself, hospitals, and Georgia's Fulton County, which is still struggling to recover from the intrusion that disrupted its phone, email and other IT systems in late January. READ MORE...

Steel giant ThyssenKrupp confirms cyberattack on automotive division

Steel giant ThyssenKrupp confirms that hackers breached systems in its Automotive division last week, forcing them to shut down IT systems as part of its response and containment effort. ThyssenKrupp AG is one of the world's largest steel producers, employing over 100,000 personnel and having an annual revenue of over $44.4 billion (2022). The firm is a crucial component of the global supply chain of products that use steel as a material across various sectors. READ MORE...

MGM Resorts' cyberattack headache continues as regulators launch investigations

MGM Resorts said federal and state regulators are investigating the company in connection with the September cyberattack that disrupted operations at the hotel and casino firm for days, the company said in a 10-K filing with the Securities and Exchange Commission last week. MGM Resorts warned it could face monetary fines and other actions as a result of the investigations. The company said it is "reasonably possible" it could incur losses in connection with legal proceedings. READ MORE...

Windows security updates could come with fewer reboots beginning later this year

Microsoft is already testing Windows 11 24H2, this fall's big new Windows release. The company has already demonstrated a few new features, like 80Gbps USB4 support and Sudo for Windows, and the new version could also give a significant refresh to the Windows installer for the first time since the Windows Vista days. But there's one big update you might not notice at all. Late last week, Microsoft released "servicing updates" with no new features to Windows Insiders. READ MORE...

Zyxel Patches Remote Code Execution Bug in Firewall Products

Taiwanese networking device maker Zyxel has rolled out patches for multiple defects in its firewall and access point products alongside warnings that unpatched systems are at risk of remote code execution attacks. Zyxel, a company that has struggled with software security problems, documented at least four vulnerabilities that expose businesses to code execution, command injection and denial-of-service exploitation. READ MORE...

UnitedHealth subsidiary Optum hack linked to BlackCat ransomware

A cyberattack on UnitedHealth Group subsidiary Optum that led to an ongoing outage impacting the Change Healthcare payment exchange platform was linked to the BlackCat ransomware group by sources familiar with the investigation. Change Healthcare warned customers on Wednesday that some of its services are offline because of a cybersecurity incident. One day later, UnitedHealth Group said in an SEC 8-K filing that the cyberattack was coordinated by suspected "nation-state" hackers. READ MORE...

Booking[.]com refund request? It might be an Agent Tesla malware attack

Always be wary of opening unsolicited attachments - they might harbour malware. That's a message that is being strongly underlined once again, following the discovery of a cybercrime campaign that is using the cover of travel service providers. Security researchers at Forcepoint say that they have uncovered evidence that malicious hackers are sending out poisoned PDF files, designed to infect recipients' PCs. READ MORE...

10 things to avoid posting on social media - and why

Hundreds of millions of us log on to our favorite social media sites every day. We shop, share photos and news, like posts and comments, send private messages, and much more. In fact, Northern and Western Europe are estimated to have the highest social media penetration rates in the world, at nearly 84% of the population. But our use of these sites is also problematic. Oversharing is a growing problem. At the very least it can annoy your friends and family. At worst, it could result in identity fraud. READ MORE...

Hackers exploit 14-year-old CMS editor on govt, edu sites for SEO poisoning

Threat actors are exploiting a CMS editor discontinued 14 years ago to compromise education and government entities worldwide to poison search results with malicious sites or scams. Open redirects are when websites, whether intentionally or through a flaw, allow arbitrary redirection requests that take users from the original site to an external URL without adequate validation or security checks. READ MORE...

Mowing down demons: DOOM comes to Husqvarna smart lawnmowers

If you ever wanted to play DOOM on a lawnmower, you will soon have your chance with a new software update coming to Husqvarna's robotic line of lawnmowers this spring. The lawnmower company announced last week that owners of the Automower NERA series can now sign up for the new update coming in April. "The legendary 1993 video game DOOM® will be playable on Husqvarna Automower® NERA robotic lawnmower models from April this year," reads a news release on Husqvarna's site. READ MORE...

  • ...in 1860, a campaigning Abraham Lincoln visits the studio of Mathew Brady, sitting for a portrait that would go on to become the first-ever photograph of a U.S. President.
  • ...in 1902, author John Steinbeck ("Of Mice and Men", "The Grapes of Wrath") is born in Salinas, CA.
  • ...in 1942, the U.S. Navy's first aircraft carrier, the USS Langley, is sunk by Imperial Japanese Navy Air Service forces near Java in the South Pacific.
  • ...in 2015, "Star Trek" actor Leonard Nimoy dies at the age of 83 in Los Angeles, CA. He lived long and prospered...