IT Security Newsletter - 6/19/2024
Dark-web kingpin puts 'stolen' internal AMD databases, source code up for sale
AMD's IT team is no doubt going through its logs today after cyber-crooks put up for sale what is claimed to be internal data stolen from the US microprocessor designer. The supposedly swiped information is being peddled on the recently revived the dark-web BreachForums souk. One or more criminals using the handle IntelBroker are offering, in exchange for cryptocurrency, what's claimed to be sensitive business, customer and staff data. READ MORE...
Data breach at Total Fitness exposed almost half a million people's photos - no password required
UK-based gym chain Total Fitness has been accused of sloppy security, following the discovery of an unsecured database containing the images of 470,000 members and staff - all accessible to anyone on the internet, no password required. A 47.7GB database belonging to the health club was discovered by cybersecurity researcher Jeremiah Fowler, who told The Register he had also uncovered images of members' identity documents, banking and payment card details, phone numbers, and more. READ MORE...
Amtrak confirms crooks are breaking into user accounts, derailing email addresses
US rail company Amtrak is writing to users of its Guest Rewards program to inform them that their data is potentially at risk following a derailment of their account security. The three-day attack took place between May 15-18. Miscreants were breaking into accounts using valid credentials that were sourced from "third-party sources," said Amtrak, which added there was no reason to believe its own systems were compromised. READ MORE...
Two men guilty of breaching law enforcement portal in blackmail scheme
Two men have pleaded guilty to hacking into a federal law enforcement database to steal personal information of those they were extorting. The two men, Sagar Steven Singh (age 20) and Nicholas Ceraolo (age 25) are members of a hacking group called "ViLE," which accessed the sensitive personal information from the portal and then used it to blackmail the victims, threatening to publish the sensitive data unless they were paid. READ MORE...
Critical Code Execution Vulnerabilities Patched in VMware vCenter Server
Broadcom-owned VMware has announced patches for several serious vCenter Server vulnerabilities that can allow remote code execution or privilege escalation. Two heap-overflow vulnerabilities, tracked as CVE-2024-37079 and CVE-2024-37080 and classified as having critical severity, impact the implementation of the DCERPC protocol. VMware has credited researchers from Chinese cybersecurity company Qi An Xin for reporting the two flaws. READ MORE...
Cut & Paste Tactics Import Malware to Unwitting Victims
Threat actors are using fake browser updates and software fixes to trick users into cutting/copying and pasting PowerShell scripts loaded with various malware strains - including remote access Trojans (RATs) and infostealers - to infect their computers. Researchers from Proofpoint observed the socially engineered technique employed by initial access broker tracked as TA571, as well as an unidentified actor in the last three months. READ MORE...
Explained: Android overlays and how they are used to trick people
Sometimes you'll see the term "overlays" used in articles about malware and you might wonder what they are. In this post we will try to explain what overlays-particularly on Android devices-are, and how cybercriminals deploy them. Most of the time, overlays are used to make people think they are visiting a legitimate website or using a trusted app while in reality they are not. Simply put, the Android overlay is a feature used by an app to appear on top of another app. READ MORE...
Scathing report on Medibank cyberattack highlights unenforced MFA
A scathing report by Australia's Information Commissioner details how misconfigurations and missed alerts allowed a hacker to breach Medibank and steal data from over 9 million people. In October 2022, Australian health insurance provider Medibank disclosed that it had suffered a cyberattack that disrupted the company's operations. A week later, the company confirmed that the threat actors stole all of its customer's personal data and a large number of health claims data. READ MORE...
CISA Warns of PoC Exploit for Vulnerability in RAD SecFlow-2 Industrial Switch
The US cybersecurity agency CISA on Tuesday released an ICS advisory to notify organizations about a high-severity vulnerability found in an outdated industrial switch made by Israel-based networking equipment manufacturer RAD Data Communications. The agency recently discovered a publicly available proof-of-concept (PoC) exploit targeting a path traversal vulnerability in RAD's SecFlow-2 ruggedized switch/router, which is designed for harsh industrial environments. READ MORE...
- ...in 1865, Union Major General Gordon Granger proclaims the end of slavery in Texas, two years after the Emancipation Proclamation. This is celebrated today as Juneteenth.
- ...in 1910, the first Father's Day is celebrated in Spokane, Washington.
- ...in 1949, the first ever NASCAR race is held at Charlotte Motor Speedway.
- ...in 1978, Jim Davis's "Garfield", the world's most widely syndicated comic strip, makes its debut.