<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 3/20/2023

SHARE

Breaches

NBA alerts fans of a data breach exposing personal information

The NBA (National Basketball Association) is notifying fans of a data breach after some of their personal information, "held" by a third-party newsletter service, was stolen. The NBA is a global sports and media organization that manages five professional sports leagues, including the NBA, WNBA, Basketball Africa League, NBA G League, and NBA 2K League. NBA programming and games are broadcasted worldwide, in over 215 countries and territories, spanning over 50 languages. READ MORE...


Hitachi Energy Blames Data Breach on Zero-Day as Ransomware Gang Threatens Firm

Sustainable energy giant Hitachi Energy has blamed a data breach affecting employees on the exploitation of a recently disclosed zero-day vulnerability in Fortra's GoAnywhere managed file transfer (MFT) software. In a press release published on Friday, Hitachi Energy said the Cl0p ransomware gang targeted the GoAnywhere product and may have gained unauthorized access to employee data in some countries. READ MORE...


Latitude Financial Services Data Breach Impacts 300,000 Customers

Australian financial services company Latitude Financial Services is notifying roughly 300,000 customers that their personal information might have been compromised in a data breach. A subsidiary of Deutsche Bank and KKE operating since 2015 and headquartered in Melbourne, Latitude is the largest non-bank lender of consumer credit in Australia, also offering services in New Zealand, under the brand Gem Finance. READ MORE...

Hacking

Feds Charge NY Man as BreachForums Boss "Pompompurin"

The U.S. Federal Bureau of Investigation (FBI) this week arrested a New York man on suspicion of running BreachForums, a popular English-language cybercrime forum where some of the world biggest hacked databases routinely show up for sale. The forum's administrator "Pompompurin" has been a thorn in the side of the FBI for years, and BreachForums is widely considered a reincarnation of RaidForums, a remarkably similar crime forum that the FBI infiltrated and dismantled in 2022. READ MORE...


Vessels claiming to be Chinese warships are messing with passenger planes

Australian airline Qantas issued standing orders to its pilots last week advising them that some of its fleet experienced interference on VHF stations from sources purporting to be the Chinese Military. The Register has confirmed the reports. The interference has been noticed in the western Pacific and South China Sea. Qantas has advised its crew to continue their assigned path and report interference to the controlling air traffic control authority. READ MORE...

Malware

New 'HinataBot' botnet could launch massive 3.3 Tbps DDoS attacks

A new malware botnet was discovered targeting Realtek SDK, Huawei routers, and Hadoop YARN servers to recruit devices into DDoS (distributed denial of service) swarm with the potential for massive attacks. The new botnet was discovered by researchers at Akamai at the start of the year, who caught it on their HTTP and SSH honeypots, seen exploiting old flaws such as CVE-2014-8361 and CVE-2017-17215. READ MORE...


BianLian ransomware crew goes 100% extortion after free decryptor lands

The BianLian gang is ditching the encrypting-files-and-demanding-ransom route and instead is going for full-on extortion. Cybersecurity firm Avast's release in January of a free decryptor for BianLian victims apparently convinced the miscreants that there was no future for them on the ransomware side of things and that pure extortion was the way to go. READ MORE...

Exploits/Vulnerabilities

Microsoft Outlook Vulnerability Could Be 2023's 'It' Bug

Microsoft recently patched a zero-day vulnerability under active exploit in Microsoft Outlook, identified as CVE-2023-23397, which could enable an attacker to perform a privilege escalation, accessing the victim's Net-NTLMv2 challenge-response authentication hash and impersonating the user. Now it's becoming clear that CVE-2023-23397 is dangerous enough to become the most far-reaching bug of the year, security researchers are warning. READ MORE...

On This Date

  • ...in 1916, Albert Einstein publishes his general theory of relativity, providing the basis for the current description of gravitation in modern physics.
  • ...in 1923, The Arts Club of Chicago hosts the first showing of Pablo Picasso's art in the United States.
  • ...in 1928, TV personality and Presbyterian minister Fred Rogers, the creator and host of "Mister Rogers' Neighborhood", is born in Latrobe, PA.
  • ...in 1957, film director and actor Shelton Jackson Lee, AKA Spike Lee ("Do The Right Thing", "Malcolm X") is born in Atlanta, GA.