IT Security Newsletter - 6/18/2024
What we know about the Snowflake customer attacks
A wave of cyberattacks targeting Snowflake customer environments during the last two months bears the markings of an unfolding disaster. At least 100 Snowflake customers are confirmed impacted by the attacks, and approximately 165 businesses are potentially exposed, according to Mandiant, which has been assisting Snowflake with an ongoing investigation. Pure Storage, a data storage vendor, became the first Snowflake customer in a public forum to confirm it was impacted by the attacks. READ MORE...
200,000 Impacted by Data Breach at Los Angeles County Public Health Agency
The County of Los Angeles' Department of Public Health (DPH) has disclosed a data breach impacting the personal information of 200,000 individuals. The incident, DPH announced on Friday, occurred between February 19 and February 20, 2024, after an employee fell victim to a phishing attack that led to the compromise of 53 Public Health employees' login credentials. "Affected individuals may have been impacted differently," the agency announced. READ MORE...
Insurance Company Globe Life Investigating Data Breach
Texas-based insurance company Globe Life is investigating a data breach impacting the information of consumers and policyholders. The life and supplemental health insurance provider disclosed the data breach last week in a filing with the SEC. Globe Life said it launched an investigation into "potential vulnerabilities related to access permissions and user identity management for a Company web portal" after an inquiry from a state insurance regulator. READ MORE...
China's 'Velvet Ant' APT Nests Inside Multiyear Espionage Effort
Researchers have uncovered a quiet multiyear campaign by China's Velvet Ant cyber-espionage group to steal critical data from a large company in East Asia. What makes the campaign noteworthy is the extent to which the threat actor managed to maintain persistence on the victim's network despite repeated eradication attempts. Researchers from Sygnia who finally booted the threat actor out of the organization's environment attributed at least part of Velvet Ant's persistence to its success. READ MORE...
Fake Google Chrome errors trick you into running malicious PowerShell scripts
A new malware distribution campaign uses fake Google Chrome, Word, and OneDrive errors to trick users into running malicious PowerShell "fixes" that install malware. The new campaign was observed being used by multiple threat actors, including those behind ClearFake, a new attack cluster called ClickFix, and the TA571 threat actor, known for operating as a spam distributor that sends large volumes of email, leading to malware and ransomware infections. READ MORE...
Blackbaud has to cough up a few million dollars more over 2020 ransomware attack
Months after escaping without a fine from the US Federal Trade Commission (FTC), the luck of cloud software biz Blackbaud ran out when it came to reaching a settlement with California's attorney general. The developer of apps for education, charity, and non-profit organizations will have to pay $6.75 million after Rob Bonta chastised its cybersecurity practices and lack of transparency following its 2020 ransomware attack. READ MORE...
High-severity vulnerabilities affect a wide range of Asus router models
Hardware manufacturer Asus has released updates patching multiple critical vulnerabilities that allow hackers to remotely take control of a range of router models with no authentication or interaction required of end users. The most critical vulnerability, tracked as CVE-2024-3080 is an authentication bypass flaw that can allow remote attackers to log into a device without authentication. READ MORE...
VMware by Broadcom warns of two critical vCenter flaws, plus a nasty sudo bug
VMware by Broadcom has revealed a pair of critical-rated flaws in vCenter Server - the tool used to manage virtual machines and hosts in its flagship Cloud Foundation and vSphere suites. Announced late on Monday night, Pacific Time, the critical-rated flaws are CVE-2024-37079 and CVE-2024-37080, both of which scored 9.8 on the ten-point Common Vulnerability Scoring System v3 scale. READ MORE...
Some Skills Should Not Be Ceded to AI
I'm surprised by the number of times that people have asked me if I use ghostwriters (I don't). I guess perhaps I shouldn't have been - maybe it is a fairly common practice in the security industry. Lately, this question has been supplemented with another one. Do I use AI to assist me in writing? Absolutely not. I steadfastly refuse to use ghostwriters or AI. Over the course of my career, I've repeatedly turned down requests to put my name on writing that isn't mine. READ MORE...
- ...in 1812, the United States declares war on the United Kingdom, beginning the War of 1812.
- ...in 1815, British and Prussian forces led by Wellington and Blucher defeat Napoleon Bonaparte's army at Waterloo.
- ...in 1942, singer-songwriter Paul McCartney is born in Liverpool, England.
- ...in 1983, astronaut Sally Ride becomes the first American woman in space, aboard the STS-7 mission.