IT Security Newsletter

IT Security Newsletter - 4/5/2023

Written by Cadre | Wed, Apr 5, 2023

Law Firm for Uber Loses Drivers' Data to Hackers in Yet Another Breach

A law firm representing Uber Technologies has notified an unknown number of its drivers that sensitive data, including their names and Social Security numbers, has been stolen by cyberattackers. It's the third data breach in six months for the ride-share giant. Law firm Genova Burns LLC, based in Newark, NJ, first noticed suspicious activity at the end of January, and - after an investigation by outside specialists - discovered that its systems had been compromised. READ MORE...

Notorious stolen credential warehouse Genesis Market seized by FBI

A notorious source of stolen credentials, genesis.market, has had its website seized by the FBI. Security vendor Sophos has identified genesis.market as "an invitation-only marketplace" from which buyers can acquire "stolen credentials, cookies, and digital fingerprints that are gathered from compromised systems." Sophos described the stolen data souk as an initial access broker (IAB) - a business that compromises systems and services, steals data, and sells it. READ MORE...

eFile Tax Return Software Found Serving Up Malware

An IRS-approved software service for filing taxes electronically, eFile.com, was found to be delivering JavaScript malware just at the height of tax-return season. eFile.com, which was used as a conduit for filing more than 66 million tax returns in 2022, was flagged by users and researchers alike. The malicious file existed on the website for weeks - named "popper.js," it was being loaded by nearly every page on the website. READ MORE...

New Rorschach ransomware is the fastest encryptor seen so far

Following a cyberattack on a U.S.-based company, malware researchers discovered what appears to be a new ransomware strain with "technically unique features," which they named Rorschach. Among the capabilities observed is the encryption speed, which, according to tests from the researchers, would make Rorschach the fastest ransomware threat today. The analysts found that the hackers deployed the malware on the victim network after leveraging a weakness in a threat detection and incident response tool. READ MORE...

ALPHV ransomware exploits Veritas Backup Exec bugs for initial access

An ALPHV/BlackCat ransomware affiliate was observed exploiting three vulnerabilities impacting the Veritas Backup product for initial access to the target network. The ALPHV ransomware operation emerged in December 2021 and is considered to be run by former members of the Darkside and Blackmatter programs that shut down abruptly to escape law enforcement pressure. Mandiant tracks the ALPHV affiliate as 'UNC4466' and notes that the method is a deviation from the typical intrusion. READ MORE...

Can ChatGPT bash together some data-stealing code? With the right prompts, sure

A Forcepoint staffer has blogged about how he used ChatGPT to craft some code that exfiltrates data from an infected machine. At first, it sounds bad, but in reality, it's nothing an intermediate or keen beginner programmer couldn't whack together themselves anyway. His experiment does, to some extent, highlight how the code-suggesting unreliable chatbot, built by OpenAI and pushed by Microsoft, could be used to cut some corners in malware development or automate the process. READ MORE...

Open garage doors anywhere in the world by exploiting this "smart" device

A market-leading garage door controller is so riddled with severe security and privacy vulnerabilities that the researcher who discovered them, Sam Sabetan, is advising anyone using one to immediately disconnect it until they are fixed. Each $80 device, used to open and close garage doors and control home security alarms and smart power plugs, employs the same easy-to-find universal password to communicate with Nexx servers. READ MORE...

Einstein tilings - the amazing "Hat" shape that never repeats!

Mathematics is a complex and esoteric field that underpins science and engineering, notably including the disciplines of cryptography and cybersecurity. Penrose tilings, if you've ever met them, were figured out by Sir Roger Penrose in the 1970s, and dealt with fascinating and unusual ways of covering surfaces in combinations of shapes. The question has lingered ever since: Can you find a single shape, a single tile, that can be laid down repeatedly to cover an infinite surface without ever repeating? READ MORE...

  • ...in 1792, President Washington exercises the very first veto of a bill passed by Congress. A changed version is passed five days later as the Apportionment Act of 1792.
  • ...in 1917, crime and horror writer Robert Bloch, best known as the author of "Psycho", is born in Chicago, IL.
  • ...in 1984, Kareem Abdul-Jabbar breaks Wilt Chamberlain's all-time career scoring record. He would go on to score 38,387 points before retiring in 1989.
  • ...in 1987, the Fox television network airs its first prime-time lineup, starting with "Married With Children" and "The Tracey Ullman Show."