<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 4/1/2024

SHARE

Breaches

AT&T Says Data on 73 Million Customers Leaked on Dark Web

AT&T on Saturday said that data on roughly 73 million current and former customers was exposed on the dark web, including social security numbers and other personal information. According to the telecommunications giant, the data set appears to be from 2019 or earlier, impacting approximately 7.6 million current AT&T account holders and approximately 65.4 million former account holders. READ MORE...


Ivanti-linked breach of CISA potentially affected more than 100,000 individuals

The Cybersecurity and Infrastructure Security Agency notified lawmakers on Friday that the recent breach of its chemical plant security tool that was linked to flawed Ivanti products potentially affected more than 100,000 individuals, triggering disclosure to Congress under a federal cybersecurity law. The size of the breach makes it a "major incident" under the threshold established by the Federal Information Security Management Act. READ MORE...

Hacking

TheMoon Malware Rises Again with Malicious Botnet for Hire

After disappearing for several years, TheMoon has returned with a botnet army around 40,000 strong, made up of hijacked small home and office (SOHO) devices and available for hire as a proxy service for cybercriminals looking to obscure their traffic origins. The cybercrime botnet service, called Faceless, costs less than a dollar per day, according to the researchers at Lumen Technologies' Black Lotus Lab. READ MORE...

Malware

Vultur banking malware for Android poses as McAfee Security app

Security researchers found a new version of the Vultur banking trojan for Android that includes more advanced remote control capabilities and an improved evasion mechanism. Researchers at fraud detection company ThreatFabric first documented the malware in March 2021, and in late 2022, they observed it being distributed over Google Play through dropper apps. At the end of 2023, mobile security platform Zimperium included Vultur in its top 10 most active banking trojans for the year. READ MORE...


DinodasRAT malware targets Linux servers in espionage campaign

Security researchers have observed Red Hat and Ubuntu systems being attacked by a Linux version of the DinodasRAT (also known as XDealer) that may have been operating since 2022. The Linux variant of the malware has not been described publicly, although the first version has been tracked to 2021. Cybersecurity company ESET has previously seen DinodasRAT compromising Windows systems in an espionage campaign dubbed 'Operation Jacana,' that targeted government entities. READ MORE...

Information Security

NYC's government chatbot is lying about city laws and regulations

If you follow generative AI news at all, you're probably familiar with LLM chatbots' tendency to "confabulate" incorrect information while presenting that information as authoritatively true. That tendency seems poised to cause some serious problems now that a chatbot run by the New York City government is making up incorrect answers to some important questions of local law and municipal policy. READ MORE...


India Repatriates Citizens Duped Into Forced Cyber Fraud Labor in Cambodia

India's embassy in Cambodia is working with officials there to rescue and return Indian citizens who were duped by job offers in Cambodia that led to their being forced to work in online fraudulent operations. Some 250 Indian citizens reportedly have been returned to India, according to a Reuters report. Indian news outlets reported that more than 5,000 Indian citizens are being held against their will in Cambodia after moving there for employment. READ MORE...

Exploits/Vulnerabilities

Backdoor found in widely used Linux utility targets encrypted SSH connections

Researchers have found a malicious backdoor in a compression tool that made its way into widely used Linux distributions, including those from Red Hat and Debian. The compression utility, known as xz Utils, introduced the malicious code in versions ??5.6.0 and 5.6.1, according to Andres Freund, the developer who discovered it. There are no known reports of those versions being incorporated into any production releases for major Linux distributions. READ MORE...


Malicious SSH backdoor sneaks into xz, Linux world's data compression library

Red Hat on Friday warned that a malicious backdoor found in the widely used data compression software library xz may be present in instances of Fedora Linux 40 and in the Fedora Rawhide developer distribution. The IT giant said the malicious code, which appears to provide remote backdoor access via OpenSSH and systemd at least, is present in xz 5.6.0 and 5.6.1. The vulnerability has been designated CVE-2024-3094. It is rated 10 out of 10 in CVSS severity. READ MORE...

On This Date

  • ...in 1920, Japanese actor Toshiro Mifune, who starred in numerous films directed by Akira Kurosawa ("Seven Samurai", "Yojimbo"), is born in Qingdao, China.
  • ...in 1929, The yo-yo is introduced in the United States by Louis Marx.
  • ...in 1976, Apple Inc. is formed by Steve Jobs, Steve Wozniak, and Ronald Wayne in Cupertino, CA.
  • ...in 1982, The United States transfers control of the Panama Canal Zone to Panama.