IT Security Newsletter

IT Security Newsletter - 5/21/2024

Written by Cadre | Tue, May 21, 2024

OmniVision Says Personal Information Stolen in Ransomware Attack

Semiconductor manufacturing giant OmniVision Technologies has disclosed a data breach following a ransomware attack it suffered in September 2023. In a notification letter to the impacted individuals, a copy of which was submitted to the California Attorney General's Office, the company revealed that the incident was discovered on September 30, 2023, after certain systems were encrypted by malware. READ MORE...

DoJ Shakes Up North Korea's Widespread IT Freelance Scam Operation

The North Korean government has dispatched thousands of tech-savvy workers to China, Russia, and other countries in Eastern Europe, Southeast Asia, and Africa to infiltrate freelance networks and find jobs where they have access to sensitive data and systems, according to new warnings from the FBI, the US Department of State, and the US Treasury Department. On May 16, the US Department of Justice announced the indictment of five people in the operation. READ MORE...

Researchers call out QNAP for dragging its heels on patch development

Infosec boffins say they were forced to go public after QNAP failed to fix various vulnerabilities that were reported to it months ago. Researchers at watchTowr said on Friday that they drilled into QNAP's QTS, QuTSCLoud, and QTS hero operating systems and found 15 vulnerabilities, with only four of the holes receiving patches. Six of the remaining 11 bugs were accepted and validated by QNAP, and all have CVEs assigned to them, but the vendor still hasn't released patches. READ MORE...

New BiBi Wiper version also destroys the disk partition table

A new version of the BiBi Wiper malware is now deleting the disk partition table to make data restoration harder, extending the downtime for targeted victims. BiBi Wiper attacks on Israel and Albania are linked to a suspected Iranian hacking group named 'Void Manticore' (Storm-842), which is believed to be affiliated with Iran's Ministry of Intelligence and Security (MOIS). BiBi Wiper was first spotted by Security Joes in October 2023. READ MORE...

YouTube has become a significant channel for cybercrime

Social engineering threats - those which rely on human manipulation - account for most cyberthreats faced by individuals in 2024, according to Avast. According to the latest quarterly Avast Threat Report, which looks at the threat landscape from January-March 2024, scams, phishing and malvertising accounted for 90% of all threats on mobile devices and 87% of threats on desktop. READ MORE...

Students Spot Washing Machine App Flaw That Gives Out Free Cycles

Two students from the University of California at Santa Cruz (UCSC) discovered a security flaw within CSC ServiceWorks washing machines that allows for unlimited free laundry cycles. The students, Alexander Sherbrooke and Iakov Taranenko, explained to TechCrunch that the bug allows for someone to send remote commands to the laundry machines. The vulnerability is in the API used by CSC Go, the CSC mobile app, which can be deceived into accepting commands. READ MORE...

CISA Warns of Attacks Exploiting NextGen Healthcare Mirth Connect Flaw

The US cybersecurity agency CISA on Monday added a flaw affecting NextGen Healthcare's Mirth Connect product to its Known Exploited Vulnerabilities (KEV) catalog. Mirth Connect is a widely used cross-platform interface engine that healthcare organizations use for information management. The vulnerability affecting the open source product, tracked as CVE-2023-43208, is a data deserialization issue that can allow unauthenticated remote code execution. READ MORE...

Critical Fluent Bit flaw impacts all major cloud providers

?A critical Fluent Bit vulnerability that can be exploited in denial-of-service and remote code execution attacks impacts all major cloud providers and many technology giants. Fluent Bit is an extremely popular logging and metrics solution for Windows, Linux, and macOS embedded in major Kubernetes distributions, including those from Amazon AWS, Google GCP, and Microsoft Azure. Until March 2024, Fluent Bit was downloaded and deployed over 13 billion times. READ MORE...

  • ...in 1881, the American Red Cross is founded by Clara Barton, a former Civil War nurse known as the "Angel of the Battlefield".
  • ...in 1927, aviator Charles Lindbergh lands in Paris, completing the world's first solo nonstop flight across the Atlantic Ocean.
  • ...in 1932, Amelia Earhart becomes the first woman to duplicate Lindbergh's solo trans-Atlantic flight, exactly five years later.
  • ...in 1980, "Star Wars: Episode V - The Empire Strikes Back" opens in cinemas across the U.S.