<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 6/20/2023

SHARE

Top News

Over 100,000 compromised ChatGPT accounts found for sale on dark web

Singapore-based threat intelligence outfit Group-IB has found ChatGPT credentials in more than 100,000 stealer logs traded on the dark web in the past year. The amount of stolen accounts steadily climbed from 74 in June 2022 to 26,902 in May 2023. April 2023 was an outlier - a moderate decline was seen in the number of accounts, before peaking the very next month. READ MORE...

Breaches

Australian Government Says Its Data Was Stolen in Law Firm Ransomware Attack

The Office of the Australian Information Commissioner (OAIC) says some of its files were stolen in a ransomware attack on law firm HWL Ebsworth. One of the largest law firms in Australia, HWL Ebsworth says in an incident notice on its website that it became aware of the incident on April 28, after the Alphv/BlackCat ransomware gang boasted about the hack, and that it immediately informed the Australian authorities and started investigating the incident. READ MORE...


Russian APT28 hackers breach Ukrainian govt email servers

A threat group tracked as APT28 and linked to Russia's General Staff Main Intelligence Directorate (GRU) has breached Roundcube email servers belonging to multiple Ukrainian organizations, including government entities. In these attacks, the cyber-espionage group (also known as BlueDelta, Fancy Bear, Sednit, and Sofacy) leveraged news about the ongoing conflict between Russia and Ukraine to trick recipients into opening malicious emails. READ MORE...

Hacking

US dangles $10 million reward for information about Cl0p ransomware gang

The US Department of State's national security rewards program, Rewards for Justice (RFJ), is offering a reward of up to $10 million for information linking the Cl0p ransomware gang, or any other malicious cyber actors targeting US critical infrastructure, to a foreign government. The gang is thought to be behind a recent ransomware spree that compromised a large number of organizations by exploiting a zero-day flaw in Progress' MOVEit Transfer software. READ MORE...


Phishing scam takes $950k from DoorDash drivers

A particularly nasty slice of phishing, scamming, and social engineering is responsible for DoorDash drivers losing a group total of around $950k. DoorDash drivers are contractors who pick up food deliveries from stores and restaurants and deliver the products to the customer. A 21 year old man named David Smith, from Connecticut, allegedly figured out a way to extract large quantities of cash from drivers with a scam stretching back to 2020. READ MORE...

Software Updates

Asus Patches Highly Critical WiFi Router Flaws

Taiwanese computer hardware manufacturer Asus on Monday shipped urgent firmware updates to address vulnerabilities in its WiFi router product lines and warned users of the risk of remote code execution attacks. In an advisory, Asus documented at least nine security defects and multiple security weaknesses that allow code execution, denial-of-service, information disclosure and authentication bypasses. READ MORE...


Zyxel patches critical vulnerability in NAS devices (CVE-2023-27992)

Zyxel has released firmware patches for a critical vulnerability (CVE-2023-27992) in some of its consumer network attached storage (NAS) devices. CVE-2023-27992 is an OS command injection flaw that could be triggered remotely by an unauthenticated attacker, via a specially crafted HTTP request. Andrej Zaujec, National Cyber Security Centre Finland (NCSC-FI), and Maxim Suslov have been credited with reporting the vulnerability. READ MORE...

Malware

Compromised Linux SSH servers engage in DDoS attacks, cryptomining

Poorly managed Linux SSH servers are getting compromised by unknown attackers and instructed to engage in DDoS attacks while simultaneously mining cryptocurrency in the background. Tsunami, also known as Kaiten, is a type of DDoS bot that is frequently distributed alongside malware strains like Mirai and Gafgyt. What sets Tsunami apart from other DDoS bots is the fact that it functions as an internet relay chat (IRC) bot, meaning it uses IRC to communicate with the threat actor. READ MORE...


Rorschach Ransomware: What You Need to Know

There has always been a competition in the ransomware world, with attackers trying to improve the speed of campaign execution and organizations continuously innovating to get ahead of those attacks. Speed is so decisive that ransomware-as-a-service (RaaS) platforms even advertise the speed of execution for prospective ransomware affiliates. LockBit, one of the most successful ransomware groups, has publicly listed its encryption speed versus its competitors' speed to demonstrate its advantage. READ MORE...

On This Date

  • ...in 1782, Congress adopts the Great Seal of the United States.
  • ...in 1863, West Virginia becomes the 35th state.
  • ...in 1963, the United States and the Soviet Union agree to establish a "hot line" in light of the Cuban Missile Crisis.
  • ...in 1975, Steven Spielberg's shark-attack thriller "Jaws" is released, which goes on to become the first modern "blockbuster" film.