IT Security Newsletter - 3/1/2023
iPhone users targeted in phone AND data theft campaign
When is an iPhone theft not just an iPhone theft? When the user's Apple ID and more, goes with it. That's what the Wall Street Journal reports has been happening over recent months. The paper interviewed a handful of people who fell victim to old-school phone theft while out in a bar. But it wasn't just the phone that was taken.. In minutes, they were also denied access to their Apple accounts and everything attached to them, including photos, videos, contacts, notes, and more. READ MORE...
Hackers Claim They Breached T-Mobile More Than 100 Times in 2022
Three different cybercriminal groups claimed access to internal networks at communications giant T-Mobile in more than 100 separate incidents throughout 2022, new data suggests. In each case, the goal of the attackers was the same: Phish T-Mobile employees for access to internal company tools, and then convert that access into a cybercrime service that could be hired to divert any T-Mobile user's text messages and phone calls to another device. READ MORE...
Dish: Someone snatched our data, if you're wondering why our IT systems went down
Dish has confirmed what everyone was suspecting, given the ongoing downtime experienced by some of its systems, that the US telco was hit by criminal hackers. In a filing today to America's financial watchdog about the snafu, Dish confirmed "the outage was due to a cyber-security incident," though it didn't share any details as to what the incident was, nor did the broadband biz directly answer our questions to that end when asked. READ MORE...
Several Law Firms Targeted in Malware Attacks
In January and February 2023, six law firms were targeted with the GootLoader and SocGholish malware in two separate campaigns, cybersecurity firm eSentire reports. Targeting law firm employees, the first campaign aimed to infect victims' devices with GootLoader, a malware family known for downloading the GootKit remote access trojan (RAT), REvil ransomware, or the Cobalt Strike implant. READ MORE...
US Marshals Ransomware Hit Is 'Major' Incident
The US Marshals Service (USMS), which is tasked with hunting down fugitives and administering the Witness Security Program, was hit with a "major" ransomware incident and data breach in mid-February, officials said. Despite the ransomware element, USMS's fugitive-hunting operations have continued in the wake of the cyberattack, officials said. However, on Feb. 17, unidentified cyberattackers absconded with a treasure trove of important data, according to Drew Wade, a Justice Department spokesperson. READ MORE...
BlackLotus UEFI bootkit: Myth confirmed
The number of UEFI vulnerabilities discovered in recent years and the failures in patching them or revoking vulnerable binaries within a reasonable time window hasn't gone unnoticed by threat actors. As a result, the first publicly known UEFI bootkit bypassing the essential platform security feature - UEFI Secure Boot - is now a reality. In this blogpost we present the first public analysis of this UEFI bootkit. READ MORE...
YouTube video causes Pixel phones to instantly reboot
Did you ever see that movie The Ring? People who watched a cursed, creepy video would all mysteriously die in seven days. Somehow Google seems to have re-created the tech version of that, where the creepy video is this clip of the 1979 movie Alien, and the thing that dies after watching it is a Google Pixel phone. As noted by the user 'OGPixel5" on the Google Pixel subreddit, watching this specific clip on a Google Pixel 6, 6a, or Pixel 7 will cause the phone to instantly reboot. READ MORE...
CISA warns of hackers exploiting ZK Java Framework RCE flaw
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added CVE-2022-36537 to its "Known Exploited Vulnerabilities Catalog" after threat actors began actively exploiting the remote code execution (RCE) flaw in attacks. "ZK Framework AuUploader servlets contain an unspecified vulnerability that could allow an attacker to retrieve the content of a file located in the web context," mentions CISA's description of the flaw. READ MORE...
Google Cloud Platform allows data exfiltration without a (forensic) trace
Attackers can exfiltrate company data stored in Google Cloud Platform (GCP) storage buckets without leaving obvious forensic traces of the malicious activity in GCP's storage access logs, Mitiga researchers have discovered. In short, the main problem is that GCP's basic storage logs - which are, by the way, not enabled by default - use the same description/event (objects.get) for different types of access. READ MORE...
- ...in 1803, Ohio becomes the 17th state of the United States.
- ...in 1944, The Who lead singer Roger Daltrey ("My Generation", "Pinball Wizard") is born in London, England.
- ...in 1990, games publisher Steve Jackson Games is raided by the U.S. Secret Service, after their cyberpunk role-playing game is mistaken for an actual hacking guide.
- ...in 1998, James Cameron's "Titanic" becomes the first motion picture to gross over $1 billion worldwide.