IT Security Newsletter

IT Security Newsletter - 2/8/2024

Written by Cadre | Thu, Feb 8, 2024

Fulton County Court System Still Hobbled by Cyberattack

After Fulton County, Georgia, suffered a cyberattack and subsequent power outage at the end of January, leading to malfunctions in court filings, tax processing, and the court system website, there are concerns of the future of Fulton County court cases and its overall system. Criminal defense attorney Joshua Schiffer noted that his job is becoming more strenuous now that dispositions are being held, causing a backlog in cases. READ MORE...

US Says China's Volt Typhoon Hackers 'Pre-Positioning' for Cyberattacks Against Critical Infrastructure

The US government's cybersecurity agency CISA is ramping up the pressure on defenders to find and remove malware artifacts planted by Volt Typhoon, a Chinese state-backed hacking group that has burrowed deep into thousands of organizations around the world. The CISA advisory includes detailed technical mitigations to harden attack surfaces and the agency recommends that defenders start hunting for similar malicious activity linked to the Chinese hackers. READ MORE...

Data breaches at Viamedis and Almerys impact 33 million in France

Data breaches at two French healthcare payment service providers, Viamedis and Almerys, have now been determined to impact over 33 million people in the country. Viamedis and Almerys provide healthcare and insurance services in France with technological and administrative solutions to facilitate transactions. They manage the sensitive data of policyholders required for granting reimbursements and generally streamline the payment process in France's complex, multi-layered insurance coverage system. READ MORE...

Chinese hackers breached Dutch Ministry of Defense

Chinese state-sponsored hackers have breached the Dutch Ministry of Defense (MOD) last year and deployed a new remote access trojan (RAT) malware to serve as a backdoor. "The effects of the intrusion were limited because the victim network was segmented from the wider MOD networks," the Dutch Military Intelligence and Security Service (MIVD) and the General Intelligence and Security Service (AIVD) noted. READ MORE...

Raspberry Pi Pico cracks BitLocker in under a minute

We're very familiar with the many projects in which Raspberry Pi hardware is used, from giving old computers a new lease of life through to running the animated displays so beloved by retailers. But cracking BitLocker? We doubt the company will be bragging too much about that particular application. The technique was documented in a YouTube video over the weekend, which demonstrated how a Raspberry Pi Pico can be used to gain access to a BitLocker-secured device in under a minute. READ MORE...

Cisco Patches Critical Vulnerabilities in Enterprise Communication Devices

Cisco on Wednesday announced patches for two critical-severity vulnerabilities in its Expressway series devices that could be exploited remotely, without authentication, to launch cross-site request forgery (CSRF) attacks. Impacting the API of Expressway series enterprise communication and collaboration devices and tracked as CVE-2024-20252 and CVE-2024-20254 (CVSS score of 9.6), the two security defects are due to insufficient CSRF protections for the web-based management interface. READ MORE...

Warning from LastPass as fake app found on Apple App Store

Password Manager LastPass has warned about a fraudulent app called "LassPass Password Manager" which it found on the Apple App Store. The app closely mimics the branding and appearance of LastPass, right down to the interface. So, even if the name was a "happy accident" it seems clear that this was a purposeful attempt to trick users installing the fake app. The fake app can be recognized not only by the name, but other misspellings in the screenshots, and the app lists Parvati Patel as the developer. READ MORE...

Facebook ads push new Ov3r_Stealer password-stealing malware

A new password-stealing malware named Ov3r_Stealer is spreading through fake job advertisements on Facebook, aiming to steal account credentials and cryptocurrency. The fake job ads are for management positions and lead users to a Discord URL where a PowerShell script downloads the malware payload from a GitHub repository. Analysts at Trustwave who discovered the malware campaign note that although none of its tactics are novel, it remains a severe threat to many potential victims. READ MORE...

2 million job seekers targeted by data thieves

A cybercriminal group known as ResumeLooters has infiltrated 65 job listing and retail websites, compromising the personal data of over two million job seekers. The group used SQL injection and cross-site scripting (XSS) attacks-both common techniques- to extract the sensitive information from the websites. The attacks primarily focused on the Asia-Pacific (APAC) region, targeting sites in Australia, Taiwan, China, Thailand, India, and Vietnam. READ MORE...

Tooth be told: Toothbrush DDoS attack claim was lost in translation, says Fortinet

After hundreds of media outlets worldwide repeated the false claim that a botnet of three million toothbrushes attacked a Swiss company, the cybersecurity firm at the centre of the story has now issued a statement. Fortinet went on to say that its experts have "not observed Mirai or other IoT botnets target toothbrushes or similar embedded devices." I'm not surprised that journalists might seize the story, and as we've seen, other news outlets repeat it without double-checking its truth. READ MORE...

Patch Now: Critical TeamCity Bug Allows for Server Takeovers

JetBrains has patched a critical security vulnerability in its TeamCity On-Premises server that can allow unauthenticated remote attackers to gain control over an affected server and use it to perform further malicious activity within an organization's environment. TeamCity is a software development lifecycle (SDLC) management platform used by about 30,000 organizations, including several major brands like Citibank, Nike, and Ferrari. READ MORE...

  • ...in 1914, comics writer Bill Finger, who created classic "Batman" villains like the Riddler, the Penguin, and the Joker, is born in Denver, CO.
  • ...in 1937, composer Joe Raposo, known for his work on "Sesame Street" ("Bein' Green", "Sing", "C is for Cookie") is born in Fall River, MA.
  • ...in 1955, attorney and best-selling legal thriller author John Grisham ("A Time To Kill", "The Firm") is born in Jonesboro, AR.
  • ...in 1971, the NASDAQ stock market index opens for the first time.