IT Security Newsletter - 3/19/2024
Fujitsu finds malware on company systems, investigates possible data breach
Fujitsu Limited, the largest Japanese IT services provider, has announced that several of the company's computers have been compromised with malware, leading to a possible data breach. The company published the security notice late last Friday, and said that after an internal investigation, they found that files containing personal information and customer information might have been compromised/exfiltrated. READ MORE...
Misconfigured Firebase Instances Expose 125 Million User Records
Hundreds of websites misconfigured Google Firebase, leaking more than 125 million user records, including plaintext passwords, security researchers warn. It all started with the hacking of Chattr, the AI hiring system that serves multiple organizations in the US, including fast food chains such as Applebee's, Chick-fil-A, KFC, Subway, Taco Bell, and Wendy's, three security researchers using the online monikers mrbruh, xyzeva, and logykk, explain. READ MORE...
Nations Direct Mortgage Data Breach Impacts 83,000 Individuals
Nations Direct Mortgage has started informing more than 83,000 individuals that their personal information was compromised in a December 2023 data breach. The incident, the lender says in a notification, was identified on December 30 and resulted in unauthorized access to certain systems containing clients' personal information and other Nations Direct data. The compromised information, the company reveals, includes names, addresses, Social Security numbers, and Nations Direct loan numbers. READ MORE...
Chinese APT 'Earth Krahang' Compromises 48 Gov't Orgs on 5 Continents
A previously unidentified Chinese espionage group has managed to breach at least 70 organizations across 23 countries, including 48 in the government space, despite using rather standard-fare tactics, techniques, and procedures (TTPs). "Earth Krahang" doesn't seem to be a high-level military APT. In a new report, researchers from Trend Micro suggested that it may be one wing of iSoon, a private hack-for-hire operation contracted by the Chinese Communist Party (CCP). READ MORE...
North Korea-Linked Group Levels Multistage Cyberattack on South Korea
North Korea-linked threat group Kimsuky has adopted a longer, eight-stage attack chain that abuses legitimate cloud services and employs evasive malware to conduct cyber espionage and financial crimes against South Korean entities. In a campaign dubbed "DEEP#GOSU," which is attributed to the group, the cyber-espionage operators were very much focused on a strategy of "living off the land," using commands to install a variety of .NET assemblies. READ MORE...
Surviving the "quantum apocalypse" with fully homomorphic encryption
In the past few years, an increasing number of tech companies, organizations, and even governments have been working on one of the next big things in the tech world: successfully building quantum computers. These actors see a lot of potential in the technology. Quantum computing spreads across a wide range of disciplines both on the hardware research and application development fronts, including elements of computer science, physics, and mathematics. READ MORE...
- ...in 1918, the US Congress establishes time zones and approves daylight savings time.
- ...in 1928, Irish actor and screenwriter Patrick McGoohan, famous as "Number Six" in the 1960s TV spy series "The Prisoner", is born in New York City.
- ...in 1931, gambling is legalized in Nevada.
- ...in 1979, the US House of Representatives begins broadcasting its proceedings via the cable TV network C-SPAN.