<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 5/3/2023

SHARE

Breaches

Promising Jobs at the U.S. Postal Service, 'US Job Services' Leaks Customer Data

A sprawling online company based in Georgia that has made tens of millions of dollars purporting to sell access to jobs at the United States Postal Service (USPS) has exposed its internal IT operations and database of nearly 900,000 customers. The leaked records indicate the network's chief technology officer in Pakistan has been hacked for the past year, and that the entire operation was created by the principals of a Tennessee-based telemarketing firm that has promoted USPS employment websites since 2016. READ MORE...


Brightline data breach impacts 783K pediatric mental health patients

Pediatric mental health provider Brightline is warning patients that it suffered a data breach impacting 783,606 people after a ransomware gang stole data using a zero-day vulnerability in its Fortra GoAnywhere MFT secure file-sharing platform. Brightline is a mental and behavioral health provider offering virtual counseling for children, teenagers, and their families. Brightline confirmed that data was stolen from its GoAnywhere MFT service that contained protected health information. READ MORE...

Hacking

Microsoft says Iranian hackers combine influence ops with hacking for maximum impact

Iranian state-aligned hackers are increasingly deploying information operations to amplify cyberattacks and gain maximum exposure for their efforts to support the regime's agenda in the Middle East and against Western targets, Microsoft's Digital Threats Analysis Center said Tuesday. Researchers linked 24 unique cyber-enabled influence operations to the Iranian government in 2022 compared to just seven in 2021, according to the report. READ MORE...


Chinese APT Uses New 'Stack Rumbling' Technique to Disable Security Software

A subgroup of the Chinese state-sponsored threat actor known as APT41 has been observed using a new denial-of-service (DoS) technique to disable security software, cybersecurity firm Trend Micro reports. Tracked as Earth Longzhi, the APT41 subgroup is known for the targeting of organizations in the Philippines, Taiwan, and Thailand. As part of the newly observed campaign, the threat actor was seen performing DLL sideloading via Windows Defender binaries and employing two methods of disabling security products. READ MORE...

Trends

When it comes to online scams, 'ChatGPT is the new crypto'

Digital fraudsters are as enamored with ChatGPT as everyone else on the internet and have taken advantage its allure to spread a new strain of malware across Facebook, Instagram and WhatsApp in recent months. Since March, Meta has blocked more than 1,000 unique ChatGPT-themed web addresses designed to deliver malicious software to users' devices, the company revealed Wednesday in a report on security issues across the company three major platforms. READ MORE...

Malware

Mirai botnet loves exploiting your unpatched TP-Link routers, CISA warns

The US government's Cybersecurity and Infrastructure Security Agency (CISA) is adding three more flaws to its list of known-exploited vulnerabilities, including one involving TP-Link routers that is being targeted by the operators of the notorious Mirai botnet. The other two placed on the list this week involve versions of Oracle's WebLogic Server software and the Apache Foundation's Log4j Java logging library. READ MORE...

Information Security

Apple, Google propose anti-stalking spec for Bluetooth tracker tags

Apple and Google have come together to develop an industry specification to prevent "unwanted tracking," otherwise known as stalking, via Bluetooth location tracking tags. Though Tile has been selling Bluetooth Low Energy (BLE) wireless tracking tags for a decade, it wasn't until 2021, when Samsung introduced its Galaxy SmartTag and Apple introduced its AirTag, that reports of abuse of the devices became commonplace. READ MORE...


US, Ukraine Shut Down Cryptocurrency Exchanges Used by Cybercriminals

Authorities in the United States and Ukraine have shut down nine websites that had been offering cryptocurrency exchange services to cybercriminals. The takedowns are the result of cooperation between the FBI, its Virtual Currency Response Team (VCRT) team, the National Police of Ukraine, and Ukraine's Prosecutor General. Authorities claim they have not only seized the domains, but also shut down associated servers, including ones located in the United States. READ MORE...

Exploits/Vulnerabilities

Easily exploitable flaw in Oracle Opera could spell trouble for hotel chains (CVE-2023-21932)

A recently patched vulnerability (CVE-2023-21932) in Oracle Opera, a property management system widely used in large hotel and resort chains, is more critical than Oracle says it is and could be easily exploited by unauthenticated remote attackers to access sensitive information, a group of researchers has warned. What's more, these systems are often exposed to the internet and they are not hard to find. READ MORE...

On This Date

  • ...in 1919, folk singer/songwriter Pete Seeger ("Where Have All the Flowers Gone?", "If I Had a Hammer") was born in Patterson, NY.
  • ...in 1935, late-night TV pitchman and inventor Ron Popeil, of Veg-O-Matic and Pocket Fisherman fame, was born in New York City.
  • ...in 1952, the Kentucky Derby is shown on national television for the first time.
  • ...in 2003, New Hampshire's famous "Old Man of the Mountain" rock formation collapses in a rockslide.