<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 5/22/2023



US Teenager Indicted for Credential Stuffing Attack on Fantasy Sports Website

A Wisconsin teenager has been charged with accessing tens of thousands of user accounts at a fantasy sports and betting website after launching a credential stuffing attack on the site. According to a six-count criminal complaint (PDF), the teenager, Joseph Garrison, of Wisconsin, launched the attack on the betting website on November 18, 2022, accessing roughly 60,000 accounts without authorization. READ MORE...


Take action now to avoid BianLian ransomware attacks, US Government warns organisations

The US Cybersecurity and Infrastructure Security Agency (CISA), FBI, and others have issued a joint alert, advising organisations of the steps they should take to mitigate the threat posed by BianLian ransomware attacks. BianLian, which has been targeting different industry sectors since June 2022, is a ransomware developer, deployer and data extortion group which has predominantly targeted enterprises. READ MORE...

FIN7 returns with new ransomware attacks

Anotorious financially motived cybercrime group known for targeting the U.S. retail, restaurant and hospitality sectors emerged from a two-year hiatus to carry out opportunistic ransomware attacks last month, researchers with Microsoft said late Thursday. The group - tracked widely as FIN7 but by Microsoft as Sangria Tempest (formerly ELBRUS) - had not been linked to a ransomware campaign since late 2021, Microsoft's Threat Intelligence Center said in a series of Thursday-night tweets. READ MORE...


Samsung Smartphone Users Warned of Actively Exploited Vulnerability

Samsung smartphone users have been warned by the vendor and the US Cybersecurity and Infrastructure Security Agency (CISA) about a recently patched vulnerability being exploited in attacks. The flaw in question is CVE-2023-21492, described as a kernel pointer exposure issue related to log files. The security hole can allow a privileged local attacker to bypass the ASLR exploit mitigation technique. This indicates that it has likely been chained with other bugs. READ MORE...

Android phones are vulnerable to fingerprint brute-force attacks

Researchers at Tencent Labs and Zhejiang University have presented a new attack called 'BrutePrint,' which brute-forces fingerprints on modern smartphones to bypass user authentication and take control of the device. Brute-force attacks rely on many trial-and-error attempts to crack a code, key, or password and gain unauthorized access to accounts, systems, or networks. READ MORE...

On This Date

  • ...in 1939, Italy and Germany sign the Pact of Steel, giving formal birth to WWII's Axis powers.
  • ...in 1977, Janet Guthrie becomes the first female driver to qualify for the Indianapolis 500.
  • ...in 1982, 8-time Olympic medalist speed skater Apolo Anton Ohno is born in Seattle, WA.
  • ...in 2003, golfer Annika Sorenstam becomes the first woman to play in a PGA tour event since Babe Didrikson 58 years earlier.