IT Security Newsletter - 4/18/2024
Mandiant: Notorious Russian hacking unit linked to breach of Texas water facility
The potent and enduring Russian military intelligence hacking operation known as Sandworm was likely responsible for attacks on water utilities in the United States, Poland and a small water mill in France, researchers with Google's Mandiant said Wednesday. Wednesday's report concludes that Sandworm is behind a set of online personas that have been linked to a string of recent attacks on critical infrastructure, including a water system in Texas. READ MORE...
180k Impacted by Data Breach at Michigan Healthcare Organization
Michigan healthcare organization Cherry Street Services (Cherry Health) has started notifying over 180,000 individuals that their personal information was compromised in a ransomware attack. The incident occurred on December 21, 2023, and resulted in the disruption of certain systems, suggesting that file-encrypting ransomware might have been involved. Cherry Health initially disclosed the attack in early January. READ MORE...
FIN7 targets American automaker's IT staff in phishing attacks
The financially motivated threat actor FIN7 targeted a large U.S. car maker with spear-phishing emails for employees in the IT department to infect systems with the Anunak backdoor. According to researchers at BlackBerry, the attack happened late last year and relied on living-off-the-land binaries, scripts, and libraries (LoLBas). The threat actor focused on targets with high level privileges, luring them with links to a malicious URL impersonating the legitimate Advanced IP Scanner tool. READ MORE...
Cybercriminals pose as LastPass staff to hack password vaults
LastPass is warning of a malicious campaign targeting its users with the CryptoChameleon phishing kit that is associated with cryptocurrency theft. CryptoChameleon is an advanced phishing kit that was spotted earlier this year, targeting Federal Communications Commission (FCC) employees using custom-crafted Okta single sign-on (SSO) pages. According to researchers at mobile security company Lookout, campaigns using this phishing kit also targeted multiple cryptocurrency platforms. READ MORE...
Ivanti Releases Fixes for More Than 2 Dozen Vulnerabilities
Ivanti has released 27 fixes for various reported vulnerabilities in its 2024 first-quarter release. None of the vulnerabilities are being actively exploited, according to the vendor. The company recommends users download the Avalanche installer and update to the latest version of Avalanche 6.4.3, which will, in turn, apply all the fixes listed in the update. READ MORE...
Cheap ransomware for sale on dark web marketplaces is changing the way hackers operate
Since June 2023, Sophos X-Ops has discovered 19 junk gun ransomware variants - cheap, independently produced, and crudely constructed - on the dark web. The developers of these junk gun variants are attempting to disrupt the traditional affiliate-based ransomware-as-a-service (RaaS) model that has dominated the ransomware racket for nearly a decade. Instead of selling or buying ransomware to or as an affiliate, attackers create and sell unsophisticated variants for a one-time cost. READ MORE...
Kremlin-backed actors spread disinformation ahead of US elections
Kremlin-backed actors have stepped up efforts to interfere with the US presidential election by planting disinformation and false narratives on social media and fake news sites, analysts with Microsoft reported Wednesday. The analysts have identified several unique influence-peddling groups affiliated with the Russian government seeking to influence the election outcome, with the objective in large part to reduce US support of Ukraine and sow domestic infighting. READ MORE...
- ...in 1775, Paul Revere and other riders alert the colonial militia to the approach of British forces, on the eve of the battles of Lexington and Concord.
- ...in 1906, the San Francisco earthquake and resulting fires destroy over 80% of the city, making it one of the worst natural disasters in American history.
- ...in 1938, Superman debuts in Action Comics #1, making him the first original superhero character to appear in a comic book.
- ...in 1953, actor Rick Moranis ("Little Shop of Horrors", "Honey, I Shrunk the Kids") is born in Toronto, Canada.