<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 4/19/2024


Top News

'Large volume' of data stolen from UN agency after ransomware attack

A large volume of United Nations Development Programme data related to staffers and other internal operations was stolen and posted to a ransomware website in late March, the agency announced this week. The UNDP issued a statement Tuesday saying that "local IT infrastructure in UN City, Copenhagen, was targeted," and that a "data extortion actor had stolen data which included certain human resources and procurement information." READ MORE...


Frontier Communications Shuts Down Systems Following Cyberattack

Telecommunications giant Frontier Communications on Thursday informed the Securities and Exchange Commission (SEC) that certain systems were shut down following a cyberattack. The incident, the company said in a regulatory filing with the SEC, was identified on April 14, when a third-party "gained unauthorized access to portions of its information technology environment". READ MORE...

Ransomware feared as IT 'issues' force Octapharma Plasma to close 150+ centers

Octapharma Plasma has blamed IT "network issues" for the ongoing closure of its 150-plus centers across the US. It's feared a ransomware infection may be the root cause of the medical firm's ailment. "All centers are experiencing network issues and are currently closed," according to a banner across the top of the company's website. One source familiar with the situation, however, told The Register Octapharma Plasma fell to a BlackSuit ransomware infection on Monday. READ MORE...


Cybercriminals threaten to leak all 5 million records from stolen database of high-risk individuals

The World-Check database used by businesses to verify the trustworthiness of users has fallen into the hands of cybercriminals. The Register was contacted by a member of the GhostR group on Thursday, claiming responsibility for the theft. The authenticity of the claims was later verified by a spokesperson for the London Stock Exchange Group (LSEG), which maintains the database. READ MORE...

840-bed hospital in France postpones procedures after cyberattack

The Hospital Simone Veil in Cannes (CHC-SV) has announced that it was targeted by a cyberattack on Tuesday morning, severely impacting its operations and forcing staff to go back to pen and paper. CHC-SV is an important medical establishment in France, particularly in the region of Cannes. With a capacity of 869 beds, it handles 150,000 outpatient and 50,000 emergency room visits, performs 9,000 surgeries, and assists in 1,500 births annually. READ MORE...


Akira Ransomware Made Over $42 Million in One Year: Agencies

Since early 2023, Akira ransomware has made over 250 victims worldwide and received more than $42 million in ransom payments, according to CISA, the FBI, Europol, and the Netherlands' National Cyber Security Centre (NCSC-NL). Akira ransomware operators have been observed targeting organizations in various industries, including services and goods, manufacturing, education, construction, critical infrastructure, finance, healthcare, and legal sectors. READ MORE...

Fake cheat lures gamers into spreading infostealer malware

A new info-stealing malware linked to Redline poses as a game cheat called 'Cheat Lab,' promising downloaders a free copy if they convince their friends to install it too. Redline is a powerful information-stealing malware capable of harvesting sensitive information from infected computers, including passwords, cookies, autofill information, and cryptocurrency wallet information. The malware is very popular among cybercriminals and is spread worldwide using diverse distribution channels. READ MORE...

Information Security

'MagicDot' Windows Weakness Allows Unprivileged Rootkit Activity

A known issue associated with the DOS-to-NT path conversion process in Windows opens up significant risk for businesses by allowing attackers to gain rootkit-like post-exploitation capabilities to conceal and impersonate files, directories, and processes. That's according to Or Yair, security researcher at SafeBreach, who outlined the issue during a session here this week. He also detailed four different vulnerabilities related to the issue, which he dubbed "MagicDot." READ MORE...


Palo Alto Networks warns firewall exploits are spreading

Palo Alto Networks and security researchers said a growing number of attackers are targeting a command injection vulnerability in the PAN-OS operating system, which powers the security vendor's firewall products. "Palo Alto Networks is aware of an increasing number of attacks that leverage the exploitation of this vulnerability," the company's Unit 42 threat intelligence team said in a Tuesday update on its original threat brief. READ MORE...

Cisco Warns of Massive Surge in Password-Spraying Attacks on VPNs

Cisco Talos this week warned of a massive increase in brute-force attacks targeting VPN services, SSH services, and Web application authentication interfaces. In its advisory, the company described the attacks as involving the use of generic and valid usernames to try and gain initial access to victim environments. The targets of these attacks appear to be random and indiscriminate and not restricted to any industry sector or geography, Cisco said. READ MORE...

On This Date

  • ...in 1764, the British Parliament bans the American colonies from printing paper money, to limit inflation for British merchants.
  • ...in 1946, actor Tim Curry ("The Rocky Horror Picture Show", Stephen King's "It", "Clue") is born in Cheshire, England.
  • ...in 1971, the Soviet Union launches Salyut 1, the first space station to be placed in Earth orbit.
  • ...in 1987, "The Simpsons" first appears as a series of animated shorts shown on "The Tracey Ullman Show."