IT Security Newsletter - 4/11/2024
AT&T: Data breach affects 73 million or 51 million customers. No, we won't explain.
AT&T is notifying millions of current or former customers that their account data has been compromised and published last month on the dark web. Just how many millions, the company isn't saying. In a mandatory filing with the Maine Attorney General's office, the telecommunications company said 51.2 million account holders were affected. On its corporate website, AT&T put the number at 73 million. In either event, compromised data included full names, email addresses, mailing addresses, and more. READ MORE...
Sisense breach exposes customers to potential supply chain attack
Sisense, a business analytics software company whose clients make up a who's-who of the business world, recently suffered a compromise that prompted U.S. cybersecurity authorities to issue an alert Thursday warning the firm's customers of the issue. Although the details of the attack are not yet clear, the breach may have exposed hundreds of Sisense's customers to a supply chain attack and provided the attacker with a door into the company's customer networks. READ MORE...
Medusa Gang Strikes Again, Hits Nearly 300 Fort Worth Property Owners
The Medusa ransomware gang claimed responsibility earlier this week for a March cyberattack on Tarrant County Appraisal District and is threatening to leak 218GB of stolen data with a six-day deadline if the $100,000 ransom is not paid. Tarrant County Appraisal District determines property values in Fort Worth, Texas, and released an update informing the public that the personal information of roughly 300 individuals was affected. READ MORE...
Zambia Busts 77 People in China-Backed Cybercrime Operation
Law enforcement in Zambia this week raided a Chinese company that hired unsuspecting young Zambian citizens purportedly for positions at a call center that instead was a front for cybercrime and money laundering. The so-called Golden Top Support services company directed the employees "with engaging in deceptive conversations with unsuspecting mobile users across various platforms such as WhatsApp, Telegram, chatrooms and others, using scripted dialogues," said Zambian DEC director general Nason Banda. READ MORE...
Palo Alto Networks Patches Vulnerabilities Allowing Firewall Disruption
Updates announced this week for Palo Alto Networks' PAN-OS operating system patch several vulnerabilities, including high-severity flaws that can be exploited to disrupt firewalls. Three high-severity vulnerabilities can be exploited for denial-of-service (DoS) attacks. One of them is CVE-2024-3385, which allows an unauthenticated, remote attacker to cause hardware-based firewalls to reboot using specially crafted packets. READ MORE...
Malicious PowerShell script pushing malware looks AI-written
A threat actor is using a PowerShell script that was likely created with the help of an artificial intelligence system such as OpenAI's ChatGPT, Google's Gemini, or Microsoft's CoPilot. The adversary used the script in an email campaign in March that targeted tens of organizations in Germany to deliver the Rhadamanthys information stealer. Researchers at cybersecurity company Proofpoint attributed the attack to a threat actor tracked as TA547, believed to be an initial access broker (IAB). READ MORE...
Schneier: Backdoor in XZ Utils That Almost Happened
Last week, the internet dodged a major nation-state attack that would have had catastrophic cybersecurity repercussions worldwide. It's a catastrophe that didn't happen, so it won't get much attention-but it should. There's an important moral to the story of the attack and its discovery: The security of the global internet depends on countless obscure pieces of software written and maintained by even more obscure unpaid, distractible, and sometimes vulnerable volunteers. READ MORE...
What's going on with the National Vulnerability Database?
The National Vulnerability Database is so overwhelmed with a steadily increasing number of software and hardware flaws that the National Institute of Standards and Technology, which maintains the common vulnerabilities and exposures repository, called for a slight pause to regroup and reprioritize its efforts. NIST scaled back the NVD program in mid-February, and is currently prioritizing analysis of the most significant or actively exploited vulnerabilities. READ MORE...
New Spectre v2 attack impacts Linux systems on Intel CPUs
Researchers have demonstrated the "first native Spectre v2 exploit" for a new speculative execution side-channel flaw that impacts Linux systems running on many modern Intel processors. Spectre V2 is a new variant of the original Spectre attack discovered by a team of researchers at the VUSec group from VU Amsterdam. The researchers also released a tool that uses symbolic execution to identify exploitable code segments within the Linux kernel to help with mitigation. READ MORE...
- ...in 1921, the first radio sports broadcast airs, giving listeners the blow-by-blow commentary for a 10-round-boxing match in Pittsburgh.
- ...in 1961, folk singer Bob Dylan performs in New York City for the first time, opening for John Lee Hooker.
- ...in 1968, President Johnson signs the 1968 Civil Rights Act, providing for equal housing opportunities regardless of race, religion, or national origin.
- ...in 1970, Apollo 13 is launched. Two days later, an equipment malfunction forces the crew to make emergency repairs and ultimately scrubs their planned Moon landing.