IT Security Newsletter - 2/5/2024
Clorox Says Cyberattack Costs Exceed $49 Million
Cleaning products maker Clorox revealed in an SEC filing on Thursday that the damaging cyberattack it suffered last year will cost it tens of millions of dollars. Clorox was forced to shut down many of its systems due to a cyberattack that targeted the company in August 2023. The incident resulted in wide-scale disruptions, including order processing delays and significant product shortages, which impacted sales and earnings. READ MORE...
Airbus App Vulnerability Introduced Aircraft Safety Risk: Security Firm
Hacking an Airbus suite of applications for pilot electronic flight bag (EFB) could have posed a risk to aircraft safety, security consulting and testing firm Pen Test Partners reports. Developed by Airbus-owned IT services company Navblue, the Flysmart+ suite of applications helps pilots conduct performance calculations and access flight operations manuals directly on a tablet, such as an iPad. Pen Test Partners says the app helps "deliver efficient and safe departure and arrival of flights". READ MORE...
FTC slams Blackbaud for "shoddy security" after hacker stole data belonging to thousands of non-profits and millions of people
Data and software services firm Blackbaud's cybersecurity was criticised as "lax" and "shoddy" by the United States Federal Trade Commission (FTC) in a damning post-mortem of the business's February 2020 data breach. According to the FTC, Blackbaud's poor security breach in February 2020 led to a hacker accessing the company's customer databases and stealing personal information of millions of consumers in the United States, Canada, the UK, and the Netherlands. READ MORE...
AnyDesk has been hacked, users urged to change passwords
AnyDesk Software GmbH, the German company behind the widely used (and misused) remote desktop application of the same name, has confirmed they've been hacked and their production systems have been compromised. The statement was published on Friday evening and lacks technical details about the breach. The incident is not related to ransomware, they added. A few hours before AnyDesk's revelation, security researcher Kevin Beaumont pointed to the possibility of AnyDesk having been hacked. READ MORE...
Lurie Children's Hospital took systems offline after cyberattack
Lurie Children's Hospital in Chicago was forced to take IT systems offline after a cyberattack, disrupting normal operations and delaying medical care in some instances. Lurie Children's is a Chicago-based pediatric acute care hospital with 360 beds, 1,665 physicians covering 70 sub-specialties, and 4,000 medical staff and employees. It is one of the most important pediatric hospitals in the country, providing care for over 200,000 children annually. READ MORE...
South African Railways Lost Over $1M in Phishing Scam
South Africa's railway agency lost some 30.6 million rand (US$1.6 million) after the transport network fell victim to a phishing scam. In its annual report, the Passenger Rail Agency of South Africa (PRASA) said that it had recovered just over half of a the total money stolen by the criminals behind the attack. The theft remains the subject of an ongoing investigation. Details about the attack were not disclosed, and the agency did not respond to requests for comment from Dark Reading. READ MORE...
China is hacking Wi-Fi routers for attack on US electrical grid and water supplies, FBI warns
Got two-and-a-half hours to spare? Maybe instead of settling down to watch "Mission: Impossible - Dead Reckoning Part One", you could check out this video where FBI director Christopher Wray warned the US Congress earlier this week of the risks posed by Chinese state-sponsored hackers. As Wray described to the House select committee on the Chinese Communist party, a botnet operated by Volt Typhoon hacking group has been disrupted by law enforcement agencies. READ MORE...
A startup allegedly "hacked the world." Then came the censorship-and now the backlash.
Hacker-for-hire firms like NSO Group and Hacking Team have become notorious for enabling their customers to spy on vulnerable members of civil society. But as far back as a decade ago in India, a startup called Appin Technology and its subsidiaries allegedly played a similar cyber-mercenary role while attracting far less attention. Over the past two years, a collection of people with direct and indirect links to that company have been working to keep it that way. READ MORE...
Critical vulnerability in Mastodon is pounced upon by fast-acting admins
Mastodon has called admins to action following the disclosure of a critical vulnerability affecting the decentralized social network favored by erstwhile Twitter lovers. With a 9.4 severity score, exploiting CVE-2024-23832 potentially allows attackers to take over Mastodon accounts remotely. While very little has been released by way of technical details - allowing admins time to patch before attackers devise exploits. READ MORE...
- ...in 1909, Belgian chemist Leo Baekeland announces the invention of Bakelite, the first synthetic plastic.
- ...in 1919, Hollywood stars Charlie Chaplin, Mary Pickford, Douglas Fairbanks, and director D.W. Griffith start the United Artists Corporation.
- ...in 1922, Reader's Digest begins publication in New York.
- ...in 1971, the Apollo 14 mission makes the third-ever manned landing on the Moon.