IT Security Newsletter - 5/24/2021
Air India data breach impacts 4.5 million customers
Air India disclosed a data breach after personal information belonging to roughly 4.5 million of its customers was leaked two months following the hack of Passenger Service System provider SITA in February 2021. The Indian national carrier first informed passengers that SITA was the victim of a cyberattack on March 19. The airline added that the breach impacted the data of passengers registered between August 2011 and February 2021. READ MORE...
FBI: Conti ransomware attacked 16 US healthcare, first responder orgs
The Federal Bureau of Investigation (FBI) says the Conti ransomware gang has attempted to breach the networks of over a dozen U.S. healthcare and first responder organizations. The info was shared via a TLP:WHITE flash alert issued Thursday to help system admins and security professionals defend their orgs' networks against future Conti attacks. According to the FBI, Conti ransom demands are custom-tailored to each victim, with recent ones being as high as $25 million. READ MORE...
North Korean hackers behind CryptoCore multi-million dollar heists
Security researchers piecing together evidence from multiple attacks on cryptocurrency exchanges, attributed to a threat actor they named CryptoCore have established a strong connection to the North Korean state-sponsored group Lazarus. The group is believed to have stolen hundreds of millions of U.S. dollars by breaching cryptocurrency exchanges in the U.S., Israel, Europe, and Japan over the past three years. READ MORE...
Irish officials analyze decryption tool as long recovery process from ransomware continues
The Irish government expects to dedicate significant resources in the coming days to recovery efforts related to a ransomware incident that has hampered the country's public health service for the last week, officials said Friday. Irish officials have obtained a decryption key that could unlock the data on the networks of the Health Service Executive (HSE), Ireland's $25 billion public health system, though the key will need to be tested to ensure it does more good than harm. READ MORE...
DarkSide Getting Taken to 'Hackers' Court' For Not Paying Affiliates
Cybercriminals who have worked as affiliates with ransomware group DarkSide, responsible for the Colonial Pipeline attack, are having a tough time getting paid for their work now that the group has had its operations interrupted, so, they're turning to admins of the group's Dark Web criminal forum to sort things out in what researchers call a "shady version of the People's Court." READ MORE...
Krebs on Security: How to Tell a Job Offer from an ID Theft Trap
One of the oldest scams around - the fake job interview that seeks only to harvest your personal and financial data - is on the rise, the FBI warns. Here's the story of a recent LinkedIn impersonation scam that led to more than 100 people getting duped, and one almost-victim who decided the job offer was too-good-to-be-true. Last week, someone began began posting classified notices on LinkedIn for different design consulting jobs at Geosyntec Consultants. READ MORE...
How data manipulation could be used to trick fraud detection algorithms on e-commerce sites
As the marketing of almost every advanced cybersecurity product will tell you, artificial intelligence is already being used in many products and services that secure computing infrastructure. But you probably haven't heard much about the need to secure the machine learning applications that are becoming increasingly widespread in the services you use day-to-day. READ MORE...
WP Statistics Bug Allows Attackers to Lift Data from WordPress Sites
WP Statistics, a plugin installed on more than 600,000 WordPress websites, has an SQL-injection security vulnerability that could let site visitors make off with all kinds of sensitive information from web databases, including emails, credit-card data, passwords and more. WP Statistics, as its name suggests, is a plugin that delivers analytics for site owners. READ MORE...
- ...in 1883, the Brooklyn Bridge is opened over the East River in New York City, after 14 years of construction.
- ...in 1935, the Cincinnati Reds beat the Philadelphia Phillies 2-1 in baseball's first-ever night game, played at Crosley Field in Cincinnati.
- ...in 1961, President John F. Kennedy announces his goal to initiate a project to put a "man on the Moon" before the end of the decade.
- ...in 1963, novelist Michael Chabon ("The Amazing Adventures of Kavalier & Clay", "The Yiddish Policeman's Union") was born in Washington, D.C.