<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 4/2/2024

SHARE

Top News

Prudential Financial Data Breach Impacts 36,000

Insurance giant Prudential Financial has started notifying more than 36,000 individuals that their personal information was compromised in a data breach in early February 2024. Initially disclosed in mid-February in a regulatory filing with the US Securities and Exchange Commission, the incident occurred on February 4 and was identified one day later. At the time, Prudential said that the attackers accessed systems containing company administrative and user data. READ MORE...

Breaches

Nearly 3M people hit in Harvard Pilgrim healthcare data theft

Nearly a year on from the discovery of a massive data theft at healthcare biz Harvard Pilgrim, and the number of victims has now risen to nearly 2.9 million people in all US states. Pilgrim's problems were first admitted last year after a March ransomware infection that affected systems tied to the health services firm's commercial and Medicare Advantage plans. While the intrusion occurred on March 28, 2023, it wasn't discovered until April 17. READ MORE...


Yacht retailer MarineMax discloses data breach after cyberattack

MarineMax, self-described as one of the world's largest recreational boat and yacht retailers, says attackers stole employee and customer data after breaching its systems in a March cyberattack. The Florida-based yacht seller said in a March 12 SEC filing that it didn't store sensitive data in the compromised systems. Still, on Monday, a new 8-K filing revealed that the malicious actors gained access and stole personal data belonging to an undisclosed number of individuals. READ MORE...


OWASP discloses data breach caused by wiki misconfiguration

The OWASP Foundation has disclosed a data breach after some members' resumes were exposed online due to a misconfiguration of its old Wiki web server. Short for Open Worldwide Application Security Project, OWASP is a nonprofit foundation launched in December 2001 and focuses on software security. It now has tens of thousands of members and more than 250 chapters that organize educational and training conferences worldwide. READ MORE...

Malware

Free VPN apps turn Android phones into criminal proxies

Researchers at HUMAN's Satori Threat Intelligence have discovered a disturbing number of VPN apps that turn users' devices into proxies for cybercriminals without their knowledge, as part of a camapign called PROXYLIB. Cybercriminals and state actors like to send their traffic through other people's devices, known as proxies. This allows them to use somebody else's resources to get their work done, it masks the origin of their attacks so they are less likely to get blocked. READ MORE...

Information Security

Heartbleed is 10 Years Old - Farewell Heartbleed, Hello QuantumBleed!

The infamous Heartbleed bug turned ten years old on April 1. If we don't act now, it will happen again courtesy of quantum computing - but this time it could be worse. The Heartbleed bug in OpenSSL was independently discovered by Codenomicon and Google in March 2014. Google reported it to OpenSSL on April 1, 2014. OpenSSL apparently wished to delay full disclosure to give time for fixes to be developed. READ MORE...

Exploits/Vulnerabilities

Red Hat warns of backoor in widely used Linux utility

Red Hat disclosed the discovery of malicious code in the latest versions of XZ Utils that could be exploited by threat actors to gain unauthorized access, the open source software vendor said in a Friday blog post. The data compression software utility is used in most Linux distributions. Fedora Linux 40 beta builds 5.6.0 and 5.6.1 contain two affected versions of xz libraries, Red Hat said in a Saturday update. READ MORE...


XZ Utils Backdoor Implanted in Carefully Executed, Multiyear Supply Chain Attack

A newly discovered backdoor in XZ Utils, a data compression utility present in nearly all Linux distributions, has revived the ghosts of previous major software-supply chain security scares such as the Log4Shell vulnerability and the attack on SolarWinds. The backdoor is embedded in an XZ library called liblzma and gives remote attackers a way to bypass secure shell (sshd) authentication and then gain complete access to an affected system. READ MORE...

On This Date

  • ...in 1889, inventor Charles M. Hall is given a patent for his method of extracting aluminum, allowing for large-scale production.
  • ...in 1917, President Woodrow Wilson asks Congress for a declaration of war on Germany and the U.S. enters WWI.
  • ...in 1941, radio host Barret Eugene Hansen, AKA "Dr. Demento," who introduced generations of listeners to classic novelty and comedy records, is born in Minneapolis, MN.
  • ...in 1947, country singer/songwriter Emmylou Harris ("Together Again", "Sweet Dreams") is born in Birmingham, AL.