<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 5/24/2023

SHARE

Breaches

Apria Healthcare says potentially 2M people caught up in IT security breach

Personal and financial data describing almost 1.9 million Apria Healthcare patients and employees may have been accessed by crooks who breached the company's networks over a series of months in 2019 and 2021. The home healthcare equipment provider, which says it serves about two million patients from 280 locations across America, said it discovered the intrusion back in September 2021 and then alerted those it felt may have been affected on Monday this week. READ MORE...


Arms maker Rheinmetall confirms BlackBasta ransomware attack

German automotive and arms manufacturer Rheinmetall AG confirms that it suffered a BlackBasta ransomware attack that impacted its civilian business. Rheinmetall is a German manufacturer of automotive, military vehicles, armaments, air defense systems, engines, and various steel products, which employs over 25,000 people and has an annual revenue of over $7 billion. READ MORE...

Hacking

Employee guilty of joining ransomware attack on his own company

A 28-year old IT Security Analyst pleaded guilty and will consequently be convicted of blackmail and unauthorized access to a computer with intent to commit other offences. It all started when the UK gene and cell therapy company Oxford BioMedica fell victim to a cybersecurity incident which involved unauthorized access to part of the company's computer systems on 27 February, 2018. READ MORE...


Cuba ransomware claims cyberattack on Philadelphia Inquirer

The Cuba ransomware gang has claimed responsibility for this month's cyberattack on The Philadelphia Inquirer, which temporarily disrupted the newspaper's distribution and disrupted some business operations. The Philadelphia Inquirer is Philadelphia's largest (by circulation) newspaper. It is the third-longest continuously operating daily newspaper in the U.S., founded in 1829, and it has won 20 Pulitzer Prizes for its journalistic excellence. READ MORE...

Trends

BEC attacks rise as criminal hackers employ new tactics to evade detection

Business email compromise attacks are on the rise and becoming more sophisticated as threat actors are shifting tactics to evade detection, Microsoft found. Hackers are increasingly using platforms such as BulletProftLink, a platform that can scale BEC attacks to industrial-level campaigns. Threat groups are then leveraging residential internet protocol addresses to make the attacks appear to be locally generated. READ MORE...


FBI: Human Trafficking Rings Force Job Seekers Into Cryptojacking Schemes

The FBI is warning US citizens that are traveling to or living abroad in Southeast Asia of false advertisements leading to labor trafficking, where individuals are intimidated and forced to involve themselves in international cryptocurrency investment fraud schemes. Criminal actors, primarily belonging to Chinese crime groups, post fake job advertisements on employment sites and social media, offering jobs such as call center customer service representatives and beauty salon technicians. READ MORE...

Software Updates

Mikrotik Belatedly Patches RouterOS Flaw Exploited at Pwn2Own

Latvian network equipment manufacturer MikroTik has shipped a patch for a major security defect in its RouterOS product and confirmed the vulnerability was exploited five months ago at the Pwn2Own Toronto hacking contest. In a barebones advisory documenting the CVE-2023-32154 flaw, Mikrotik confirmed the issue affects devices running MikroTik RouterOS versions v6.xx and v7.xx with enabled IPv6 advertisement receiver functionality. READ MORE...

Malware

PyPI open-source code repository deals with manic malware maelstrom

Public source code repositories, from Sourceforge to GitHub, from the Linux Kernel Archives to ReactOS[.]org, from PHP Packagist to the Python Package Index, better known as PyPI, are a fantastic source (sorry!) of free operating systems, applications, programming libraries, and developers' toolkits that have done computer science and software engineering a world of good. READ MORE...


Android App With 50,000 Downloads in Google Play Turned Into Spyware via Update

A screen recording application that had amassed more than 50,000 downloads in Google Play was trojanized via an update last year, cybersecurity firm ESET reports. The application, 'iRecorder - Screen Recorder', was initially published on Google Play in September 2021, without malicious functionality. When updated to version 1.3.8 in August last year, the AhMyth-based remote access trojan called AhRat was injected into the app. READ MORE...

Information Security

Treasury Department sanctions entities tied to North Korean IT scams, hacking

The Treasury Department issued sanctions on Tuesday cracking down on four entities and one individual involved in malicious cyber activities supporting the Democratic People's Republic of Korea and its weapons programs. "Today's action continues to highlight the DPRK's extensive illicit cyber and IT worker operations, which finance the regime's unlawful weapons of mass destruction and ballistic missile programs," said Under Secretary of the Treasury Brian E. Nelson. READ MORE...


Widespread FBI abuse of foreign spy law sets off "alarm bells," tech group says

The FBI isn't supposed to use its most controversial spy tool to snoop on emails, texts, and other private communications of Americans or anyone located in the United States. However, that didn't stop the FBI from sometimes knowingly using its Foreign Intelligence Surveillance Act (FISA) Section 702 powers to conduct warrantless searches on US persons more than 280,000 times in 2020 and 2021, according to new disclosures. US Senator Ron Wyden (D-Ore.) described the searches as "shocking abuses." READ MORE...

Exploits/Vulnerabilities

KeePass master password manager at risk as users await patch

A vulnerability in KeePass, an open-source password manager, can be exploited by a threat actor to access a user's master password in plaintext, a security researcher who goes by the alias "vdohney" on GitHub found. The security researcher published a proof-of-concept on GitHub that demonstrates how a threat actor can recover a KeePass master password in plaintext from a memory dump. READ MORE...

On This Date

  • ...in 1883, the Brooklyn Bridge is opened over the East River in New York City, after 14 years of construction.
  • ...in 1935, the Cincinnati Reds beat the Philadelphia Phillies 2-1 in baseball's first-ever night game, played at Crosley Field in Cincinnati.
  • ...in 1941, Germany's largest battleship, the Bismarck, sinks the pride of the British fleet, HMS Hood, during the Battle of the Atlantic.
  • ...in 1963, novelist Michael Chabon ("The Amazing Adventures of Kavalier & Clay", "The Yiddish Policeman's Union") was born in Washington, D.C.