<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 3/27/2023

SHARE

Breaches

Procter & Gamble confirms data theft via GoAnywhere zero-day

Consumer goods giant Procter & Gamble has confirmed a data breach affecting an undisclosed number of employees after its GoAnywhere MFT secure file-sharing platform was compromised in early February. While the company didn't say who was behind the security breach, this is part of an ongoing spree of extortion demands linked to the Clop ransomware gang's attacks targeting Fortra GoAnywhere secure storage servers worldwide. READ MORE...


GitHub Suspends Repository Containing Leaked Twitter Source Code

Social media platform Twitter on Friday sent a copyright violation notice to code hosting service GitHub to request the removal of a repository that contained Twitter source code. Twitter, now owned by Elon Musk following last year's $44 billion takeover deal, was looking to take down a public repository owned by GitHub user 'FreeSpeechEnthusiast'. According to Twitter, the repository illegally hosted "proprietary source code for Twitter's platform and internal tools". READ MORE...

Hacking

The FBI's BreachForums bust is causing 'chaos in the cybercrime underground'

On March 16, 2022, about a month after the FBI took down a popular online forum for buying and selling stolen data known as RaidForums, another criminal marketplace quickly sprung up to take its place. The title of first post on the new forum known as BreachForums simply said "Welcome." Over the next year, the forum administered by "pompompurin" would post hacked data related to approximately 14 billion people globally, according to the FBI, and become one of the most prolific cybercrime forums in the world. READ MORE...

Malware

Emotet malware distributed as fake W-9 tax forms from the IRS

A new Emotet phishing campaign is targeting U.S. taxpayers by impersonating W-9 tax forms allegedly sent by the Internal Revenue Service and companies you work with. Emotet is a notorious malware infection distributed through phishing emails that in the past contained Microsoft Word and Excel documents with malicious macros that install the malware. READ MORE...

Information Security

ChatGPT leaks bits of users' chat history

New gadgets and software come with new bugs, especially if they're rushed. We can see this very clearly in the race between tech giants to push large language models (LLMs) like ChatGPT and its competitors out the door. In the most recently revealed LLM bug, ChatGPT allowed some users to see the titles of other users' conversations. LLMs are huge deep-neural-networks, which are trained on the input of billions of pages of written material. READ MORE...

Exploits/Vulnerabilities

Inaudible ultrasound attack can stealthily control your phone, smart speaker

American university researchers have developed a novel attack called "Near-Ultrasound Inaudible Trojan" (NUIT) that can launch silent attacks against devices powered by voice assistants, like smartphones, smart speakers, and other IoTs. The team of researchers consists of professor Guenevere Chen of the University of Texas in San Antonio (UTSA), her doctoral student Qi Xia, and professor Shouhuai Xu of the University of Colorado (UCCS). READ MORE...


Tesla Model 3 Hacked in Less Than 2 Minutes at Pwn2Own Contest

Researchers from France-based pen-testing firm Synacktiv demonstrated two separate exploits against the Tesla Model 3 this week at the Pwn2Own hacking contest in Vancouver. The attacks gave them deep access into subsystems controlling the vehicle's safety and other components. One of the exploits involved executing what is known as a time-of-check-to-time-of-use (TOCTTOU) attack on Tesla's Gateway energy management system. READ MORE...


Critical WooCommerce Payments Vulnerability Leads to Site Takeover

A critical vulnerability in the open-source WooCommerce Payments plugin for WordPress could allow attackers to impersonate any user on the site and potentially take over site administrator accounts. Developed by Automattic and installed on more than 500,000 websites, the WooCommerce Payments plugin is a fully integrated payment solution for WooCommerce that provides transaction management directly from the store's dashboard. READ MORE...

Science & Culture

In Memoriam - Gordon Moore, who put the more in "Moore's Law"

Gordon Moore, co-founder of Intel, has died at 94. Academically, Moore was both a chemist and physicist, earning a Bachelor's degree in chemistry from the University of California at Berkeley in 1950, and a Doctorate in physical chemistry and physics from the California Institute of Technology in 1954. After a brief interlude as a researcher at Johns Hopkins University in Maryland, Moore returned to his native San Francisco in 1956 to work for the co-inventor of the transistor, William Shockley. READ MORE...

On This Date

  • ...in 1836, English engineer and businessman Henry Royce is born in Sussex. He later teams with C.S. Rolls to found Rolls-Royce Ltd.
  • ...in 1958, Nikita Khrushchev becomes the Chairman of the Council of Ministers of the Soviet Union, or Premier.
  • ...in 1963, film director and screenwriter Quentin Tarantino ("Pulp Fiction", "Kill Bill") is born in Knoxville, TN.
  • ...in 1971, Canadian actor Nathan Fillion ("Firefly", "Castle") is born in Edmonton, Alberta.