<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 3/17/2023



Latitude cyberattack leads to data theft at two service providers

Latitude Financial Services (Latitude) has disclosed a data breach after suffering a cyberattack, causing the company to shut down internal and customer-facing systems. Latitude is one of Australia's largest personal loans provider and the country's largest non-bank consumer credit lender. A subsidiary of Deutsche Bank and KKE, the firm provides a broad spectrum of consumer finance services, including unsecured personal loans, credit cards, car loans, personal insurance, and interest-free retail finance. READ MORE...

Wawa to pay up to $28.5M in data breach settlement

Convenience retailer Wawa has committed to pay up to $28.5 million to settle negligence claims stemming from a data breach that occurred in 2019, according to filings made in the U.S District Court, Eastern District of Pennsylvania. Most of the settlement made with the three credit unions involved in the lawsuit will reimburse them for money spent canceling and replacing payment cards because of the breach, as well as losses from payment card fraud, according to the filings. READ MORE...


Scammers target Cloudflare CEO with Silicon Valley Bank-themed spearphishing

When Silicon Valley Bank collapsed last week, tech executives panicked. Without access to funds deposited with SVB, many were unsure they'd be able to pay bills or make payroll. Fear set in - and scammers pounced. In the days since the bank's meltdown, digital con artists have bombarded SVB customers with attempts to steal business information, credentials and financial data necessary to carry out wire fraud. One of their biggest targets: Cloudflare CEO Matthew Prince. READ MORE...


US Government Warns Organizations of LockBit 3.0 Ransomware Attacks

The Federal Bureau of Investigation (FBI), the Cybersecurity and Information Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) this week issued an alert on the LockBit 3.0 ransomware operation. Since January 2020, LockBit has functioned based on the ransomware-as-a-service (RaaS) model, targeting a broad range of businesses and critical infrastructure entities and using a variety of tactics, techniques, and procedures (TTPs). READ MORE...

Got Conti? Here's the ransomware cure to avoid paying up

Good news for ransomware victims: Kaspersky security researchers say they've cracked the Conti ransomware code and released a decryptor tool after uncovering leaked data belonging to the notorious Russian crime group. This latest leak contained 258 private keys, source code and some pre-compiled decryptors, and the Kaspersky team used it to develop a new version of its public decryptor. READ MORE...


Google finds 18 zero-day vulnerabilities in Samsung Exynos chipsets

Project Zero, Google's zero-day bug-hunting team, discovered and reported 18 zero-day vulnerabilities in Samsung's Exynos chipsets used in mobile devices, wearables, and cars. The Exynos modem security flaws were reported between late 2022 and early 2023. Four of the eighteen zero-days were identified as the most serious, enabling remote code execution from the Internet to the baseband. READ MORE...

Here's how Chinese cyber spies exploited a critical Fortinet bug

Suspected Chinese spies have exploited a critical Fortinet bug, and used custom networking malware to steal credentials and maintain network access, according to Mandiant security researchers. Fortinet fixed the path transversal vulnerability in FortiOS, tracked as CVE-2022-41328, earlier this month. So get patching, if you haven't already. A few days later, the vendor released a more detailed analysis. READ MORE...

Science & Culture

Free data-center heat is allegedly saving a struggling public pool $24K a year

A public pool in the UK is expected to save £20,000 (about $24,000) and cut carbon emissions by 25.8 tons annually by warming a 25 m and children's pool with waste heat from a data center from startup Deep Green. Data center owners have long tried to limit the impact of heat emanating from their machines, with some going as far as to submerge servers in water and others finding ways to redirect waste heat so it can warm larger areas, like buildings and communities. READ MORE...

Moon-gate: Samsung fans are mad about AI-processed photos of the moon

If you take a photo of the moon on a Samsung device, it will return a detailed photo of the moon. Some people are mad about this. The issue is that Samsung's software fakes some details the camera can't really see, leading a Reddit user called ibreakphotos to accuse the company of "faking" moon photos. The user's post claims to be able to trick Samsung's moon detection, and it went viral enough that Samsung's press site had to respond. READ MORE...

On This Date

  • ...in 1905, Albert Einstein finishes his scientific paper detailing his quantum theory of light, which was universally rejected until later experiments led to its acceptance.
  • ...in 1948, science fiction author William Gibson, whose 1984 novel "Neuromancer" helped popularize the concept of cyberspace, is born in Conway, SC.
  • ...in 1959, Tenzin Gyatso, the 14th Dalai Lama, flees Tibet for India, where he lives in exile to this day.
  • ...in 1969, Golda Meir becomes the first female Prime Minister of Israel.