IT Security Newsletter - 3/4/2024
US prescription market hamstrung for 9 days (so far) by ransomware attack
Nine days after a Russian-speaking ransomware syndicate took down the biggest US health care payment processor, pharmacies, health care providers, and patients were still scrambling to fill prescriptions for medicines, many of which are lifesaving. On Thursday, UnitedHealth Group accused a notorious ransomware gang known both as AlphV and Black Cat of hacking its subsidiary, Optum. Optum provides a nationwide network called Change Healthcare, which allows health care providers to manage customer payments and more. READ MORE...
LockBit's contested claim of fresh ransom payment suggests it's been well hobbled
The infamous LockBit ransomware gang has been busy in the ten days since an international law enforcement operation took down many of its systems. But despite its posturing, the gang might have suffered more than it's letting on. While there have been plenty of revelations - and disappointments - since law enforcement seized LockBit's website and disrupted its operations on February 20, the gang has done anything but vanish. READ MORE...
Golden Corral Data Breach Impacts 180,000 Employees
US restaurant chain Golden Corral is informing roughly 180,000 individuals that their personal information was stolen in a data breach. The incident, the company says, was identified on August 15, 2023, and led to the disruption of certain corporate operations. The investigation that ensued determined that a threat actor accessed certain systems and "acquired certain data relating to current and former employees and beneficiaries between August 11, 2023 until August 15, 2023". READ MORE...
ALPHV website goes down amid growing fallout from Change Healthcare attack
The website used by the ransomware group believed to be responsible for the breach of one of the United States's largest health care payment processors went down Friday amid reports that the incident has put major financial pressure on medical providers and made it difficult for consumers to get the medicine they need. It's not yet clear why the website for ALPHV, also known as BlackCat, was down Friday afternoon. READ MORE...
Predator spyware endures even after widespread exposure, analysis shows
When researchers and journalists published a sweeping investigation last year detailing the technical infrastructure and sale and distribution of the spyware known as "Predator," the number of servers used to deliver the tool quickly plummeted. The investigation seemed to indicate that naming and shaming firms engaged in the operation of digital tools used to violate human rights could disrupt such technology. READ MORE...
Researchers create AI worms that can spread from one system to another
As generative AI systems like OpenAI's ChatGPT and Google's Gemini become more advanced, they are increasingly being put to work. Startups and tech companies are building AI agents and ecosystems on top of the systems that can complete boring chores for you: think automatically making calendar bookings and potentially buying products. But as the tools are given more freedom, it also increases the potential ways they can be attacked. READ MORE...
Ahead of Super Tuesday, US elections face existential and homegrown threats
Two US intelligence bigwigs last week issued stark warnings about foreign threats to American election integrity and security - and the nation's ability to counter these adversaries. "This election cycle, the US will face more adversaries, moving at a faster pace, and enabled by new technology," warned FBI director Christopher Wray, speaking at the Intelligence and National Security Alliance breakfast on Thursday. READ MORE...
Content farm impersonates 60+ major news outlets, like BBC, CNN, CNBC
BleepingComputer has discovered a content farm operating some 60+ domains named after popular media outlets, including the BBC, CNBC, CNN, Forbes, Huffington Post, Reuters, The Guardian, and Washington Post, among others. These "news" websites, which we were able to trace to their proprietor in India, repost articles from credible media and research organizations without attribution. READ MORE...
Someone is hacking 3D printers to warn owners of a security flaw
Do you have an Anycubic Kobra 2 Pro/Plus/Max 3D printer? Did you know it has a security vulnerability? If you answered "yes" to both those questions, then chances are that I can guess just how you found out your 3D printer was vulnerable to hackers. My bet is that you might have learnt about the problem after seeing a strange message displayed on your device, claiming that it had been hacked. READ MORE...
CISA warns of Microsoft Streaming bug exploited in malware attacks
CISA ordered U.S. Federal Civilian Executive Branch (FCEB) agencies to secure their Windows systems against a high-severity vulnerability in the Microsoft Streaming Service (MSKSSRV.SYS) that's actively exploited in attacks. The security flaw (tracked as CVE-2023-29360) is due to an untrusted pointer dereference weakness that enables local attackers to gain SYSTEM privileges in low-complexity attacks that don't require user interaction. READ MORE...
- ...in 1745, Revolutionary War general Casimir Pulaski, recognized as "the father of the American cavalry", is born in Warsaw, Poland.
- ...in 1789, the first Congress of the United States meets, putting the US Constitution into effect for the first time.
- ...in 1922, F.W. Murnau's silent horror film "Nosferatu" (an early unauthorized adaptation of Bram Stoker's "Dracula") premieres in Berlin.
- ...in 1977, the first ever CRAY 1 supercomputer is shipped to Los Alamos Laboratories in New Mexico.