IT Security Newsletter - 6/24/2024
Japan's Space Agency Was Hit by Multiple Cyberattacks, but Officials Say No Sensitive Data Was Taken
Japan's space agency has suffered a series of cyberattacks since last year, but sensitive information related to rockets and satellites was not affected and it is continuing to investigate and take preventive measures, officials said Friday. Chief Cabinet Secretary Yoshimasa Hayashi acknowledged that the Japan Aerospace Exploration Agency, or JAXA, has had "a number of" cyberattacks since late last year. READ MORE...
Kaspersky's US Customers Face Tight Deadline Following Govt. Ban
US businesses and consumers using Kaspersky's antivirus software products and services have until Sept. 29 to stop using them, following a Biden Administration ban earlier this week on sales of the company's technologies in the country over national security concerns. Companies and individuals that continue to use Kaspersky products past that date will be doing so at their own risk, because Kaspersky will no longer be able to offer any support or updates for its products after the deadline. READ MORE...
First million breached Ticketmaster records released for free
The cybercriminal acting under the name "Sp1d3r" gave away the first 1 million records that are part of the data set that they claimed to have stolen from Ticketmaster/Live Nation. The files were released without a price, for free. When Malwarebytes Labs first learned about this data breach, it happened to be the first major event that was shared on the resurrected BreachForums, and someone acting under the handle "ShinyHunters" offered the full details of 560 million customers for sale. READ MORE...
Los Angeles Unified confirms student data stolen in Snowflake account hack
The Los Angeles Unified School District has confirmed a data breach after threat actors stole student and employee data by breaching the company's Snowflake account. SnowFlake is a cloud database platform used by some of the largest companies worldwide to store their data. Earlier this month, a threat actor began to sell data from numerous companies, including TicketMaster, Satandar Bank, Advance Auto Parts, and Pure Storage, with the hacker stating it was stolen from SnowFlake. READ MORE...
Hacker Claims Theft of 30M User Records From Australia Ticketing Company TEG
A threat actor is boasting on a hacking forum the theft of information pertaining to millions of Ticketek users, roughly three weeks after the company acknowledged a data breach. On May 31, Ticketek Entertainment Group (TEG), an Australia-based live events and ticketing firm, announced that user account information had been compromised after hackers accessed a database stored on a cloud-based platform. READ MORE...
'Mirai-like' botnet observed attacking EOL Zyxel NAS devices
There are early indications of active attacks targeting end-of-life Zyxel NAS boxes just a few weeks after details of three critical vulnerabilities were made public. The Shadowserver Foundation said its scanners started beeping on Friday. It observed multiple remote command execution attempts "by a Mirai-like botnet" and advised owners of affected Zyxel NAS devices to actively search for signs of compromise, especially if the patches weren't applied immediately. READ MORE...
The NYSE's $10M Wake-up Call
The recent settlement between the US Securities and Exchange Commission (SEC) and Intercontinental Exchange Inc. (ICE), the owner of the New York Stock Exchange (NYSE), highlights significant issues within the realm of cybersecurity and corporate accountability. Below, we'll dissect the incident, scrutinize the involved parties' actions and responsibilities, and suggest practical measures to prevent future occurrences. READ MORE...
Nearly 150,000 ASUS routers potentially exposed to critical vulnerability
At least 147,000 ASUS routers are potentially exposed to a critical vulnerability, which can allow a remote attacker to bypass authentication and gain login access, researchers at Censys said Thursday. ASUS issued a security advisory on June 14 recommending customers upgrade their firmware or apply mitigation steps if the upgrade was not possible. The improper authentication vulnerability, listed as CVE-2024-3080, has a CVSS score of 9.8. READ MORE...
- ...in 1901, basketball player and Converse athletic-shoe namesake Chuck Taylor is born in Azalia, IN.
- ...in 1916, Mary Pickford becomes the first female film star to sign a million-dollar contract.
- ...in 1949, the first television western, "Hopalong Cassidy" premieres on NBC.
- ...in 1979, comedian and actress Mindy Kaling is born in Cambridge, MA.