IT Security Newsletter - 5/23/2024
NYSE parent gets $10M wrist tap for failing to report 2021 systems break-in
The New York Stock Exchange's parent company has just been hit with a $10 million fine for failing to properly inform the Securities and Exchange Commission (SEC) of a 2021 cyber intrusion. In an order published today, the SEC said that Intercontinental Exchange (ICE) will pay the penalty to settle charges it caused nine subsidiaries - the NYSE among them - to violate its Regulation Systems Compliance and Integrity (Regulation SCI) reporting rules. READ MORE...
China APT Stole Geopolitical Secrets From Middle East, Africa & Asia
A Chinese state-aligned threat group has been exfiltrating emails and files from high-level government and military targets across the Middle East, Africa, and Southeast Asia on a daily basis since late 2022. Operation Diplomatic Specter, a brazen espionage campaign described in a new report by Palo Alto Networks' Unit 42, targets ministries of foreign affairs, military entities, embassies, and more, in at least seven countries on three continents. READ MORE...
400,000 Impacted by CentroMed Data Breach
San Antonio-based healthcare provider El Centro Del Barrio (which operates as CentroMed) is informing 400,000 patients that their personal and protected health information was compromised in a recent cyberattack. The data breach was discovered on May 1, 2024, after a threat actor gained access to the organization's network on April 30, CentroMed said in an incident notice (PDF) on its website. READ MORE...
VMware Abused in Recent MITRE Hack for Persistence, Evasion
MITRE has published another blog post describing the recent cyberattack, focusing on how the hackers abused its VMware systems for persistence and detection evasion. MITRE, a not-for-profit company operating R&D centers on behalf of US government sponsors, revealed one month ago that state-sponsored hackers had exploited zero-day vulnerabilities in an Ivanti product to gain unauthorized access to its NERVE environment. READ MORE...
Moroccan cybercrime group impersonates nonprofits and abuses cloud services to rake in gift card cash
A highly successful, financially motivated crime group has been impersonating nonprofit organizations to obtain reduced rates or even free access to cloud accounts, which it then uses to operate an increasing number of gift card theft scams targeting top U.S. retailers, researchers with Microsoft said Thursday. The researchers said activity tied to the group, tracked by Microsoft as Storm-0539 or Atlas Lion and active since late 2021, has increased 30% between since March. READ MORE...
Novel EDR-Killing 'GhostEngine' Malware Is Built for Stealth
A novel malware that targets vulnerable drivers to terminate and thus evade endpoint detection and response (EDR) solutions has come to light, for now used in service of an elaborate cryptomining campaign. Researchers at Elastic Security Labs identified what they are calling an "intrusion set" dubbed "REF4578," that uses a multimodal malware called GhostEngine, it can disable EDR, they revealed in a blog post published today. READ MORE...
23-year-old alleged founder of dark web Incognito Market arrested after FBI tracks cryptocurrency payments
The United States Department of Justice has dealt a blow to dark web drug traffickers by arresting a man alleged to operate the dark web drugs marketplace Incognito Market. According to a DOJ press release, the alleged operator of a darknet platform sold over $100 million worth of narcotics worldwide. 23-year-old Rui-Siang Lin (also known as "Pharoah" or "faro") was arrested on 18 May at New York's John F Kennedy airport and appeared in Manhattan federal court on Monday. READ MORE...
Popular LLMs are insecure, UK AI Safety Institute warns
The built-in safeguards found within five large language models released by "major labs" are ineffective, according to research published Monday by the U.K. AI Safety Institute. The anonymized models were assessed by measuring the compliance, correctness and completion of responses. The evaluations were developed and run using the institute's open-source model evaluation framework, Inspect, released earlier this month. READ MORE...
How Apple Wi-Fi Positioning System can be abused to track people around the globe
Academics have suggested that Apple's Wi-Fi Positioning System (WPS) can be abused to create a global privacy nightmare. In a paper titled, "Surveilling the Masses with Wi-Fi-Based Positioning Systems," Erik Rye, a PhD student at the University of Maryland (UMD) in the US, and Dave Levin, associate professor at UMD, describe how the design of Apple's WPS facilitates mass surveillance, even of those not using Apple devices. READ MORE...
- ...in 1829, Romanian inventor Cyrill Demian is granted a patent for a new musical instrument -- the accordian.
- ...in 1928, singer and actress Rosemary Clooney ("Come On-a My House", "Mambo Italiano") is born in Maysville, KY.
- ...in 1934, engineer and electronic music pioneer Robert Moog, inventor of the Moog synthesizer, is born in New York City.
- ...in 1934, infamous bank robbers Bonnie and Clyde are ambushed and killed by Texas and Louisiana state police.