IT Security Newsletter - 5/18/2023
Dallas courts still closed 2 weeks post-ransomware attack
Multiple critical services remain down two weeks after Dallas was hit by a ransomware attack that caused widespread outages to city services. The city's municipal court still can't access payments and all court hearings, trials and jury duty have been canceled until further notice. While computers are back online in police vehicles, the rest of the Dallas Police Department's systems remain unavailable. READ MORE...
Access to Energy Sector ICS/OT Systems Offered on Hacker Forums
Threat actors have been offering access to energy sector organizations, including industrial control systems (ICS) and other operational technology (OT) systems, according to a new report from Searchlight Cyber. The UK-based threat intelligence company has conducted an analysis of posts published between February 2022 and February 2023 on cybercrime forums, dark web sites, and marketplaces, and found many offers for initial access into the environments of energy sector organizations. READ MORE...
Millions of Smartphones Distributed Worldwide With Preinstalled 'Guerrilla' Malware
A threat actor has control over millions of smartphones distributed worldwide thanks to a piece of malware that has been preinstalled on the devices, Trend Micro warned. It has been known for several years that smartphones, particularly budget devices, may be shipped with shady firmware that can give companies or other entities access to user data. One of the best known operations involved Triada, an advanced trojan installed on Android devices whose existence came to light in 2016. READ MORE...
MalasLocker ransomware targets Zimbra servers, demands charity donation
A new ransomware operation is hacking Zimbra servers to steal emails and encrypt files. However, instead of demanding a ransom payment, the threat actors claim to require a donation to charity to provide an encryptor and prevent data leaking. The ransomware operation, dubbed MalasLocker by BleepingComputer, began encrypting Zimbra servers towards the end of March 2023, with victims reporting in both the BleepingComputer and Zimbra forums that their emails were encrypted. READ MORE...
Google is going to delete your data forever, if you haven't logged into your account for two years
A new blog post by Google describes their new policy on dealing with inactive accounts - and it's an important read for anyone who doesn't regularly login. Google argues that overlooked accounts often don't have two-factor authentication enabled, or use old or reused passwords that may have been compromised by cybercriminals. In fact, Google claims that its own research has found that abandoned accounts are "at least 10x less likely than active accounts to have 2-step-verification set up." READ MORE...
Meet "AI", your new colleague: could it expose your company's secrets?
Chatbots powered by large language models (LLMs) are not just the world's new favorite pastime. The technology is increasingly being recruited to boost workers' productivity and efficiency, and given its increasing capabilities, it's poised to replace some jobs entirely, including in areas as diverse as coding, content creation, and customer service. Many companies have already tapped into LLM algorithms, and chances are good that yours will likely follow suit in the near future. READ MORE...
'Strictly limit' remote desktop - unless you like catching BianLian ransomware
The FBI and friends have warned organizations to "strictly limit the use of RDP and other remote desktop services" to avoid BianLian infections and the ransomware gang's extortion attempts that follow the data encryption. In a 19-page joint alert [PDF] issued Tuesday, the FBI warned admins about the extortion crew's indicators of compromise along with its tactics, techniques and procedures observed as recently as March. READ MORE...
FTC says popular fertility app gave advertisers pregnancy data without permission
Makers of the popular fertility tracking app Premom repeatedly deceived users by sharing sensitive information that included health data to third parties without users' permission, a new Federal Trade Commission complaint alleges. The agency's investigation found that Easy Healthcare, which developed the app, violated its direct promises to users by improperly disclosing sensitive data indicating sexual and reproductive health information, including pregnancy status, to the marketing firm AppsFlyer and Google. READ MORE...
Cisco warns of critical switch bugs with public exploit code
Cisco warned customers today of four critical remote code execution vulnerabilities with public exploit code affecting multiple Small Business Series Switches. All four security flaws received almost maximum severity ratings with CVSS base scores of 9.8/10. Successful exploitation allows unauthenticated attackers to execute arbitrary code with root privileges on compromised devices. READ MORE...
- ...in 1950, composer/visual artist Mark Mothersbaugh, best known as lead singer for the new wave band Devo, is born in Akron, OH.
- ...in 1955, actor and international action star Chow Yun-fat ("Hard Boiled", "Crouching Tiger, Hidden Dragon") is born in Hong Kong.
- ...in 1969, the Apollo 10 mission is launched, a final test run of orbit and landing systems before the historic Apollo 11 landing two months later.
- ...in 1991, chemist Helen Sharman becomes the first Briton to orbit space on the Soyuz TM-12 mission.