IT Security Newsletter

IT Security Newsletter - 5/8/2024

Written by Cadre | Wed, May 8, 2024

U.S. Charges Russian Man as Boss of LockBit Ransomware Group

The United States joined the United Kingdom and Australia today in sanctioning 31-year-old Russian national Dmitry Yuryevich Khoroshev as the alleged leader of the infamous ransomware group LockBit. The U.S. Department of Justice also indicted Khoroshev and charged him with using Lockbit to attack more than 2,000 victims and extort at least $100 million in ransomware payments. Khoroshev, a resident of Voronezh, Russia, was charged in a 26-count indictment by a grand jury in New Jersey. READ MORE...

The UK Says a Huge Payroll Data Breach by a 'Malign Actor' Has Exposed Details of Military Personnel

The names and bank details of thousands of serving British soldiers, sailors and air force members have been exposed in a data breach by a "malign actor" who may have had state help, defense officials said Tuesday. The Ministry of Defense said the breach occurred at a third-party payroll system holding bank details of as many as 272,000 serving armed forces personnel and recent veterans. In a few cases, addresses may also have been exposed. READ MORE...

University System of Georgia Says 800,000 Impacted by MOVEit Hack

University System of Georgia is notifying 800,000 individuals that their personal and financial information was compromised in the May 2023 MOVEit hack. The data breach occurred after the Russia-linked Cl0p ransomware group exploited a vulnerability in Progress Software's MOVEit Transfer managed file transfer (MFT) software and stole data from organizations using it. To date, more than 2,000 organizations have disclosed impact from the MOVEit hack, including roughly 900 US schools. READ MORE...

China-linked attackers are successfully targeting network security devices, worrying officials

China-linked attackers are exploiting zero-day vulnerabilities and using the defensive gaps in network security devices to gain persistent access to U.S. critical infrastructure organizations and enterprises, experts said Monday at the RSA Conference. Espionage groups linked to China are identifying, researching and exploiting the most zero-day vulnerabilities out there, and they're focusing on devices that typically don't support endpoint detection and response. READ MORE...

DocGo discloses cyberattack after hackers steal patient health data

Mobile medical care firm DocGo confirmed it suffered a cyberattack after threat actors breached its systems and stole patient health data. DocGo is a healthcare provider that offers mobile health services, ambulance services, and remote monitoring for patients in thirty US states and across the United Kingdom. In a Tuesday evening FORM 8-K filing filed with the SEC, DocGo warned that they recently suffered a cyberattack and are working with third-party cybersecurity experts. READ MORE...

Veeam fixes RCE flaw in backup management platform (CVE-2024-29212)

Veeam has patched a high-severity vulnerability (CVE-2024-29212) in Veeam Service Provider Console (VSPC) and is urging customers to implement the patch. Veeam Service Provider Console is a cloud platform used by managed services providers (MSPs) and enterprises to manage and monitor data backup operations. "Service providers can deploy Veeam Service Provider Console to deliver Veeam-powered Backup-as-a-Service and Disaster Recovery-as-a-Service services to their customers. READ MORE...

CISA's early-warning system helped critical orgs close 852 ransomware holes

As ransomware gangs step up their attacks against healthcare, schools, and other US critical infrastructure, CISA is ramping up a program to help these organizations fix flaws exploited by extortionists in the first place. The US government's cybersecurity nerve center launched its Ransomware Vulnerability Warning Pilot scheme in January 2023, and during its first year the system sent out 1,754 notifications to entities operating internet-accessible vulnerable devices. READ MORE...

Over 50,000 Tinyproxy servers vulnerable to critical RCE flaw

Nearly 52,000 internet-exposed Tinyproxy instances are vulnerable to CVE-2023-49606, a recently disclosed critical remote code execution (RCE) flaw. Tinyproxy is an open-source HTTP and HTTPS proxy server designed to be fast, small, and lightweight. It is specifically tailored for UNIX-like operating systems and is commonly used by small businesses, public WiFi providers, and home users. READ MORE...

  • ...in 1886, pharmacist John Pemberton first sells his new patent medicine, a drink he calls "Coca-Cola".
  • ...in 1911, legendary blues guitarist Robert Johnson ("Sweet Home Chicago", "Cross Road Blues") is born in Hazlehurst, MS.
  • ...in 1914, Paramount Pictures is founded. The stars in the famous mountain logo represent the first 22 performers signed by the studio.
  • ...in 1945, the Allies celebrate VE day, after the unconditional surrender of the European Axis powers.