IT Security Newsletter - 4/23/2024
UnitedHealth admits breach could 'cover substantial proportion of people in America'
UnitedHealth Group, the parent of ransomware-struck Change Healthcare, delivered some very unwelcome news for customers today as it continues to recover from the massively expensive side and disruptive digital break-in. "Based on the initial targeted data sampling to date, the company has found files containing protected health information and personally identifiable information, which could cover a substantial proportion of people in America," it said in a statement. READ MORE...
Nespresso Domain Serves Up Steamy Cup of Phish, No Cream or Sugar
A phishing campaign exploiting a bug in Nespresso's website has been able to evade detection by taking advantage of security tools that fail to look for malicious nested or hidden links. The campaign starts with a phishing email that appears to have been sent from an employee with Bank of America, with a message to "please check your recent [Microsoft] sign-in activity." If a target clicks, they are then directed to a legitimate but infected URL controlled by Nespresso. READ MORE...
Russian FSB Counterintelligence Chief Gets 9 Years in Cybercrime Bribery Scheme
The head of counterintelligence for a division of the Russian Federal Security Service (FSB) was sentenced last week to nine years in a penal colony for accepting a USD $1.7 million bribe to ignore the activities of a prolific Russian cybercrime group that hacked thousands of e-commerce websites. The protection scheme was exposed in 2022 when Russian authorities arrested six members of the group, which sold millions of stolen payment cards at flashy online shops like Trump's Dumps. READ MORE...
ToddyCat APT Is Stealing Data on 'Industrial Scale'
An advanced persistent threat (APT) group known as ToddyCat is collecting data on an industrial scale from government and defense targets in the Asia-Pacific region. Researchers from Kaspersky tracking the campaign described the threat actor this week as using multiple simultaneous connections into victim environments to maintain persistence and to steal data from them. They also discovered a set of new tools that ToddyCat is using to enable data collection from victim systems and browsers. READ MORE...
Windows vulnerability reported by the NSA exploited to install Russian malware
Kremlin-backed hackers have been exploiting a critical Microsoft vulnerability for four years in attacks that targeted a vast array of organizations with a previously undocumented tool, the software maker disclosed Monday. When Microsoft patched the vulnerability in October 2022-at least two years after it came under attack by the Russian hackers-the company made no mention that it was under active exploitation. READ MORE...
GitLab affected by GitHub-style CDN flaw allowing malware hosting
BleepingComputer recently reported how a GitHub flaw, or possibly a design decision, is being abused by threat actors to distribute malware using URLs associated with Microsoft repositories, making the files appear trustworthy. It now turns out, GitLab is also affected by this issue and could be abused in a similar manner. While most of the malware-associated activity was based around the Microsoft GitHub URLs, this "flaw" could be abused with any public repository on GitHub or GitLab. READ MORE...
Misconfigured cloud server leaked clues of North Korean animation scam
A misconfigured cloud server that used a North Korean IP address has led to the discovery that film production studios including the BBC, Amazon, and HBO Max could be inadvertently hiring workers from the hermit kingdom for animation projects. The server - which according to think tank Stimson Center is no longer being utilized - was discovered by the author of NK Internet blog, Nick Roy, in late 2023. READ MORE...
People doubt their own ability to spot AI-generated deepfakes
23% of Americans said they recently came across a political deepfake they later discovered to be fake, according to McAfee. The actual number of people exposed to political and other deepfakes is expected to be much higher given many Americans are not able to decipher what is real versus fake, thanks to the sophistication of AI technologies. Misinformation and disinformation emerged as key concerns for Americans. READ MORE...
Microsoft DRM Hack Could Allow Movie Downloads From Popular Streaming Services
Microsoft's PlayReady content access and protection technology is affected by vulnerabilities that could allow rogue subscribers to illegally download movies from popular streaming services, according to Poland-based cybersecurity research company AG Security Research. The research was conducted over a period of several months by Adam Gowdiak, founder and CEO of AG Security Research, formerly known as Security Explorations, which is now the name of the firm's research lab. READ MORE...
Siemens Industrial Product Impacted by Exploited Palo Alto Firewall Vulnerability
The recently disclosed Palo Alto Networks firewall vulnerability tracked as CVE-2024-3400, which has been exploited in attacks for at least one month, has been found to impact one of Siemens' industrial products. In an advisory published late last week, Siemens revealed that its Ruggedcom APE1808 devices configured with a Palo Alto Networks virtual next-generation firewall (NGFW) could be affected by CVE-2024-3400. READ MORE...
- ...in 1858, German physicist and Nobel laureate Max Planck, the originator of quantum theory, is born in Kiel, Germany.
- ...in 1914, Weeghman Park in Chicago hosts its first-ever baseball game. Thirteen years later, the park was renamed Wrigley Field.
- ...in 1936, early rock singer/songwriter Roy Orbison ("Only the Lonely", "Oh, Pretty Woman") is born in Vernon, TX.
- ...in 1985, Coca-Cola releases the ill-fated "New Coke" to a negative response from consumers; three months later, the old formula is back in stores.