IT Security Newsletter - 3/5/2024
American Express admits card data exposed and blames third party
A security failure at a third-party vendor exposed an untold number of American Express card numbers, expiry dates, and other data to persons unknown. "We became aware that a third-party service provider engaged by numerous merchants experienced unauthorized access to its system," Amex chief privacy officer Anneke Covell wrote in a letter [PDF] to customers at the end of last month, alerting them to the snafu. READ MORE...
Hundreds of orgs targeted with emails aimed at stealing NTLM authentication hashes
A threat actor specializing in establishing initial access to target organizations' computer systems and networks is using booby-trapped email attachments to steal employees' NTLM hashes. NT LAN Manager (NTLM) hashes contain users' (encoded) passwords. According to the researchers, in late February 2024 the threat actor (marked as TA577) sent out tens of thousands of emails targeting employees of hundreds of organizations around the world. READ MORE...
BlackCat ransomware turns off servers amid claim they stole $22 million ransom
The ALPHV/BlackCat ransomware gang has shut down its servers amid claims that they scammed the affiliate responsible for the attack on Optum, the operator of the Change Healthcare platform, of $22 million. While BlackCat's data leak blog has been down since Friday, BleepingComputer had confirmed that negotiation sites were still active over the weekend. Today, BleepingComputer confirmed the ransomware operations negotiation sites are now shut down as well. READ MORE...
Hikvision Patches High-Severity Vulnerability in Security Management System
Chinese video surveillance equipment manufacturer Hikvision has announced patches for two vulnerabilities in its security management system HikCentral Professional. The most important of these flaws is CVE-2024-25063, a high-severity bug that could lead to unauthorized access to certain URLs. The bug affects HikCentral Professional version 2.5.1 and below. HikCentral Professional is used to manage video, access control, alarm detection and other security systems. READ MORE...
ScreenConnect flaws exploited to drop new ToddlerShark malware
The North Korean APT hacking group Kimsuky is exploiting ScreenConnect flaws, particularly CVE-2024-1708 and CVE-2024-1709, to infect targets with a new malware variant dubbed ToddlerShark. Kimsuky (aka Thallium and Velvet Chollima) is a North Korean state-sponsored hacking group known for cyber espionage attacks on organizations and governments worldwide. The threat actors are exploiting authentication bypass and remote code execution flaws disclosed on February 20, 2024. READ MORE...
GhostLocker 2.0 Haunts Businesses Across Middle East, Africa & Asia
Cybercriminals have developed an enhanced version of the infamous GhostLocker ransomware that they are deploying in attacks across the Middle East, Africa, and Asia. Two ransomware groups, GhostSec and Stormous, have joined forces in the attack campaigns with double-extortion ransomware attacks using the new GhostLocker 2.0 to infect organizations in Lebanon, Israel, South Africa, Turkey, Egypt, India, Vietnam, and Thailand, as well as other locations. READ MORE...
Seoul Spies Say North Korea Hackers Stole Semiconductor Secrets
North Korean hackers have allegedly stolen South Korean microchip manufacturing technology secrets, prompting the National Intelligence Service (NIS) in Seoul to call for better cyber defenses. Reports say the NIS accused North Korean cybercrime groups of compromising the servers of two separate (so far unnamed) microchip manufacturers in South Korea and stealing semiconductor designs and facility photos. READ MORE...
Critical Vulnerability Exposes TeamCity Servers to Takeover
JetBrains on Monday released patches for two authentication bypass vulnerabilities in the build management server TeamCity, including a critical-severity flaw leading to full compromise. Tracked as CVE-2024-27198 (CVSS score of 9.8) and CVE-2024-27199 (CVSS score of 7.3), the security defects impact the web component of TeamCity and exist because of an alternative path and a path traversal issue, respectively. READ MORE...
Hackers exploited Windows 0-day for 6 months after Microsoft knew of it
Hackers backed by the North Korean government gained a major win when Microsoft left a Windows zero-day unpatched for six months after learning it was under active exploitation. Even after Microsoft patched the vulnerability last month, the company made no mention that the North Korean threat group Lazarus had been using the vulnerability since at least August to install a stealthy rootkit on vulnerable computers. READ MORE...
- ...in 1770, British troops fatally shoot five American civilians in Boston, a key event leading to the American Revolution.
- ...in 1910, Japanese businessman Momofuku Ando, the inventor of instant ramen noodles, is born in Taiwan.
- ...in 1946, Winston Churchill uses the phrase "Iron Curtain" to describe Soviet domination of Eastern Europe, in a speech at Westminster College in Fulton, MO.
- ...in 1955, stage magician and author Penn Jillette, of the comedy magic act Penn & Teller, is born in Greenfield, MA.