<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 4/9/2024

SHARE

Top News

DOJ-Collected Information Exposed in Data Breach Affecting 340,000

Economic analysis and litigation support firm Greylock McKinnon Associates, Inc. (GMA) is notifying over 340,000 individuals that their personal and medical information was compromised in a year-old data breach. The incident was detected on May 30, 2023, but it took the firm roughly eight months to investigate and determine what type of information was compromised and to identify the impacted individuals. READ MORE...

Breaches

Omni Hotels & Resorts hit by cyberattack

Omni Hotels & Resorts properties were affected by a cyberattack, which the hotel company has been responding to since March 29, Omni shared Wednesday. Upon learning about the issue, Omni shut down its systems to protect its data, resulting in a nationwide outage that began this past weekend. Most of these systems have since been restored, the company said. READ MORE...


Puppies, kittens, data at risk after 'cyber incident' at veterinary giant

First, they came for hospitals, then it was charities and cancer centers. Now, cyber scumbags are coming for the puppies and kittens. CVS Group, the company behind one of the UK's largest chains of vet practices, announced a "cyber incident" on Monday, hinting at the possibility of data theft and clinical care at some of its practices being affected. READ MORE...


Home Depot Hammered by Supply Chain Data Breach

A hacking forum leak has led Home Depot to confirm that its employee data was compromised via a third-party software vendor. Home Depot did not identify the breached software-as-a-service (SaaS) vendor but said an error exposed the names, corporate IDs, and email addresses of a "small sample" of its employees, according to reports. Now up for sale on the Dark Web, this is the type of data that could be used to fuel targeted phishing cyberattacks. READ MORE...

Hacking

Vietnamese Cybercrime Group CoralRaider Nets Financial Data

A newcomer cybercrime group linked to Vietnam has targeted individuals and organizations in Asia, attempting to steal social media account information and user data. CoralRaider, which first appeared in late 2023, relies heavily on social engineering and legitimate services for data exfiltration, and it develops custom tools for loading malware onto victim systems. Yet the group has also made some rookie mistakes, such as inadvertently infecting their own systems, which exposed their activities. READ MORE...

Software Updates

ICS Patch Tuesday: Siemens Addresses Palo Alto Networks Product Vulnerabilities

Industrial giants Siemens and Schneider Electric have published their Patch Tuesday advisories for April 2024, informing customers about the vulnerabilities found in their ICS products over the past month. Siemens published eight new advisories covering a total of roughly 80 vulnerabilities. One advisory covers nearly 50 flaws found in the company's Telecontrol Server Basic product, particularly in third-party components. READ MORE...

Malware

New Latrodectus loader steps in for Qbot

New (down)loader malware called Latrodectus is being leveraged by initial access brokers and it looks like it might have been written by the same developers who created the IcedID loader. "[Latrodectus] was first observed being distributed by TA577, an IAB known as a prolific Qbot distributor prior to the malware's disruption in 2023. TA577 used Latrodectus in at least three campaigns in November 2023 before reverting to Pikabot," Proofpoint and Team Cymru researchers noted. READ MORE...

Exploits/Vulnerabilities

D-Link tells customers to sunset actively exploited storage devices

Attackers are scanning and actively exploiting a command injection and hardcoded credential backdoor vulnerability in D-Link network area storage devices, researchers at Shadowserver said Monday in a post on X, the site formerly known as Twitter. There is no patch available for CVE-2024-3273, nor is one coming. D-Link advised owners of the four affected products to retire and replace the devices as they have reached end of life and are no longer supported. READ MORE...

On This Date

  • ...in 1865, Gen. Robert E. Lee surrenders to Ulysses S. Grant at Appomattox Court House in Virginia, ending the American Civil War
  • ...in 1898, singer, actor, and social activist Paul Robeson ("Show Boat", ) is born in Princeton, New Jersey.
  • ...in 1928, musical satirist and mathematician Tom Lehrer, known for such novelty songs as "The Elements" and "The Vatican Rag", is born in New York City.
  • ...in 1992, former Panamanian dictator Manuel Noriega is found guilty by a U.S. Federal Court of drug and racketeering charges, and sentenced to 30 years in prison.