IT Security Newsletter

IT Security Newsletter - 3/30/2023

Written by Cadre | Thu, Mar 30, 2023

500k Impacted by Data Breach at Debt Buyer NCB

National accounts receivable management company and debt buyer NCB Management Services has started informing roughly 500,000 individuals that their personal information was compromised in a data breach. An unauthorized party compromised some of NCB's systems on February 1 and gained access to Bank of America credit card accounts information, NCB says. The incident was discovered on February 4, and the data theft was confirmed on March 8. READ MORE...

QNAP warns customers to patch Linux Sudo flaw in NAS devices

Taiwanese hardware vendor QNAP warns customers to secure their Linux-powered network-attached storage (NAS) devices against a high-severity Sudo privilege escalation vulnerability. The flaw (tracked as CVE-2023-22809) was discovered by Synacktiv security researchers, who describe it as a "sudoers policy bypass in Sudo version 1.9.12p1 when using sudoedit." READ MORE...

New AlienFox toolkit steals credentials for 18 cloud services

A new modular toolkit called 'AlienFox' allows threat actors to scan for misconfigured servers to steal authentication secrets and credentials for cloud-based email services. The toolkit is sold to cybercriminals via a private Telegram channel, which has become a typical funnel for transactions among malware authors and hackers. Researchers at SentinelLabs who analyzed AlienFox report that the toolset targets common misconfigurations in popular services like online hosting frameworks. READ MORE...

Trojan-Rigged Tor Browser Bundle Drops Malware

Threat actors are using Trojanized installers for The Onion Router (Tor) browser to distribute clipboard-injector malware that pilfers funds from cryptocurrency accounts and transfers it to their illicit wallets. Researchers from Kaspersky who have been tracking the activity since at least January 2022 have determined the threat actors are mostly targeting users in Russia, a nation that blocked access to Tor's official site in December 2021. READ MORE...

3CX customers targeted via trojanized desktop app

Suspected state-sponsored threat actors have trojanized the official Windows desktop app of the widely used 3CX softphone solution, a number of cybersecurity companies began warning on Wednesday. 3CX is Voice over Internet Protocol (VoIP) private automatic branch exchange (PABX) software that provides video conferencing and live chat capabilities. READ MORE...

Pig butchering scams: The anatomy of a fast-growing threat

Sometimes you have to say things that go without saying: Social media and instant messaging have made staying in touch with friends easier than ever. These days, you're never too far away from people within your social circle - as well as just about everybody else on the planet. What's more, you don't need to guess which time is best suited for a call anymore, as messaging can be more convenient and quieter. READ MORE...

Microsoft Cloud Vulnerability Led to Bing Search Hijacking, Exposure of Office 365 Data

A misconfiguration in Azure Active Directory (AAD) that exposed applications to unauthorized access could have led to a Bing[.]com takeover, according to cybersecurity firm Wiz. Microsoft's AAD, a cloud-based identity and access management (IAM) service, is typically used as the authentication mechanism for Azure App Services and Azure Functions applications. READ MORE...

Fearing "loss of control," AI critics call for 6-month pause in AI development

On Wednesday, the Future of Life Institute published an open letter on its website calling on AI labs to "immediately pause for at least 6 months the training of AI systems more powerful than GPT-4." Signed by Elon Musk and several prominent AI researchers, the letter quickly began to draw attention in the press-and some criticism on social media. Earlier this month, OpenAI released GPT-4, an AI model that can perform compositional tasks and allegedly pass standardized tests at a human level. READ MORE...

  • ...in 1867, U.S. Secretary of State William H. Seward signs a treaty with Russia for the purchase of Alaska for $7.2 million.
  • ...in 1930, actor John Astin, best known as Gomez Addams on "The Addams Family", is born in Baltimore, MD.
  • ...in 1962, rapper MC Hammer ("U Can't Touch This", "2 Legit 2 Quit") is born Stanley Kirk Burrell in Oakland, CA.
  • ...in 1964, the game show Jeopardy! debuts on NBC, hosted by Art Fleming.