<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter

Get the latest headlines, summaries, and security news!

IT Security Newsletter - 6/23/2022

Breaches

MCG Health Faces Lawsuit Over Data Breach Impacting 1.1 Million Individuals

Patient care guidelines provider MCG Health faces a proposed class lawsuit over the compromise of patient information during a March 2022 data breach. A wholly-owned subsidiary of the New York-based Hearst Health network, MCG Health combines artificial intelligence with clinical expertise to help healthcare organizations provide care to their patients. On June 10, the company started to inform potentially impacted individuals of a data breach that occurred on March 25. READ MORE...


Automotive hose maker Nichirin hit by ransomware attack

Nichirin-Flex U.S.A, a subsidiary of the Japanese car and motorcycle hose maker Nichirin, has been hit by a ransomware attack causing the company to take the network offline. The attack occurred on June 14, 2022, and the company reacted as soon as it detected the unauthorized access on its network and moved operations into manual mode. Customers should expect delays in getting their orders since the cyberattack also affected product distribution and orders are being fulfilled manually. READ MORE...

Hacking

MetaMask Crypto-Wallet Theft Skates Past Microsoft 365 Security

Researchers have uncovered an email-based credential-phishing attack targeting users of MetaMask, a cryptocurrency wallet used to interact with the Ethereum blockchain. The campaign is directed at Microsoft 365 (formerly Microsoft Office 365) users and has targeted multiple organizations across the financial industry. It starts with a socially engineered email that looks like a MetaMask verification email, according to the Armorblox research team, containing a link. READ MORE...


Microsoft 365 Users in US Face Raging Spate of Attacks

Microsoft 365 and Outlook customers in the US are in the crosshairs of a successful credential-stealing campaign that uses voicemail-themed emails as phishing lures. The flood of malicious emails anchoring the threat is emblematic of the larger problem of securing Microsoft 365 environments, researchers say. According to an analysis from Zscaler's ThreatLabz, a highly targeted offensive has been ongoing since May, aiming at specific verticals. READ MORE...

Malware

Conti effectively created an extortion-oriented IT company, says Group-IB

In slightly more than a month, the Conti ransomware collective compromised more than 40 companies worldwide, and the fastest attack took only three days, Group-IB's noted in its latest report detailing the workings of one of the most prolific ransomware / extortion gangs out there. In two years, the ransomware operators attacked more than 850 victims including corporations, government agencies, and even a whole country (Costa Rica). READ MORE...


Chinese hackers use ransomware as decoy for cyber espionage

Two Chinese hacking groups conducting cyber espionage and stealing intellectual property from Japanese and western companies are deploying ransomware as a decoy to cover up their malicious activities. Threat analysts from Secureworks say that the use of ransomware in espionage operations is done to obscure their tracks, make attribution harder, and create a powerful distraction for defenders. READ MORE...

Information Security

Police seize and dismantle massive phishing operation

Europol has coordinated a joint operation to arrest members of a cybercrime gang and effectively dismantle their campaigns that netted million in Euros. This operation also led the Belgian Police (Police Fédérale/Federale Politie) and the Dutch Police (Politie) to nine arrests, 24 house searches, and the seizure of firearms, ammunition, jewelry, electronic devices, cash, and cryptocurrency. READ MORE...

Exploits/Vulnerabilities

Fancy Bear Uses Nuke Threat Lure to Exploit 1-Click Bug

Advanced persistent threat group Fancy Bear is behind a phishing campaign that uses the specter of nuclear war to exploit a known one-click Microsoft flaw. The goal is to deliver malware that can steal credentials from the Chrome, Firefox and Edge browsers. The attacks by the Russia-linked APT are tied the Russian and Ukraine war, according to researchers at Malwarebytes Threat Intelligence READ MORE...

Encryption

DARPA study challenges assumptions about distributed ledger (and Bitcoin) security

US government sponsored research is casting new light on the security of blockchain technology, including the assertion that a subset of a distributed ledger's participants can gain control over the entire system. The finding is part of a study [PDF] conducted by IT security researchers at Trail of Bits and commissioned by the Defense Advanced Research Projects Agency that points to several ways in which the immutability of blockchain can be called into question. READ MORE...

On This Date

  • ...in 1868, inventor Christopher Latham Sholes receives a patent for a revolutionary labor-saving (and labor-creating) device: The typewriter.
  • ...in 1955, punk and heavy metal singer Glenn Danzig is born in Lodi, NJ.
  • ...in 1969, Warren E. Burger is sworn in as Chief Justice of the US Supreme Court by retiring Chief Justice Earl Warren.
  • ...in 2013, daredevil Nik Wallenda becomes the first person to successfully walk across the Grand Canyon on a tightrope.