IT Security Newsletter

IT Security Newsletter - 6/4/2024

Written by Cadre | Tue, Jun 4, 2024

Ticketmaster hacked in what's believed to be a spree hitting Snowflake customers

Cloud storage provider Snowflake said that accounts belonging to multiple customers have been hacked after threat actors obtained credentials through info-stealing malware or by purchasing them on online crime forums. Ticketmaster parent Live Nation-which disclosed Friday that hackers gained access to data it stored through an unnamed third-party provider-told TechCrunch the provider was Snowflake. The live-event ticket broker said it identified the hack on May 20. READ MORE...

361 million stolen accounts leaked on Telegram added to HIBP

A massive trove of 361 million email addresses from credentials stolen by password-stealing malware, in credential stuffing attacks, and from data breaches was added to the Have I Been Pwned data breach notification service, allowing anyone to check if their accounts have been compromised. Cybersecurity researchers collected these credentials from numerous Telegram cybercrime channels, where the stolen data is commonly leaked to the channel's users to build reputation and subscribers. READ MORE...

Ransomware Group Claims Cyberattack on Frontier Communications

The RansomHub ransomware group over the weekend claimed responsibility for the April 2024 cyberattack on telecommunications giant Frontier Communications. In an April filing with the Securities and Exchange Commission (SEC), Frontier revealed that the intrusion was identified on April 14 and resulted in certain systems being shut down to contain the attack. The Dallas-based company reiterated that the attackers likely stole certain data from its systems, inclusing personal information. READ MORE...

Cybercrooks get cozy with BoxedApp to dodge detection

Malware miscreants are increasingly showing a penchant for abusing legitimate, commercial packer apps to evade detection. JirĂ­ Vinopal, threat researcher at Check Point Research, says the trend has become especially popular over the past 12 months, and BoxedApp is one of the products that appear to be among the most favored. Some of the most prevalent malware strains in the world are abusing BoxedApp to evade static analysis, the researcher claims. READ MORE...

Rural hospitals are particularly vulnerable to ransomware, report finds

As health care providers continue to get hammered by ransomware, a new report from an influential think tank warns that rural hospitals are likely to be hardest hit by such attacks unless the industry makes major cybersecurity investments. The study from CSC 2.0, an offshoot of the Cyberspace Solarium Commission, finds that whether the U.S. health care sector will be able to protect itself against future cyberattacks hinges largely on how much funding Congress will allocate to address the issue. READ MORE...

Europol's Hunt Begins for Emotet Malware Mastermind

After a spectacular botnet takedown just a few days ago, Operation Endgame, an international cybersecurity law enforcement cooperative, has now trained its focus on the individual threat actors behind the botnets. Late last month, Operation Endgame dismantled dropper botnet infrastructure that supported initial-access Trojan malware strains, including IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee, and Trickbot, in a sweeping action. READ MORE...

Russia takes gold for disinformation as Olympics approach

Still throwing toys out the pram over its relationship with international sport, Russia is engaged in a multi-pronged disinformation campaign against the Olympic Games and host nation France that's intensifying as the opening ceremony approaches. Microsoft said on Sunday that it's tracking a number of Russia-affiliated cyber groups working to undermine trust in the Games through a variety of means - everything from fake news articles inciting fears of terrorism to Tom Cruise deepfakes. READ MORE...

Vulnerabilities Exposed Millions of Cox Modems to Remote Hacking

Telecoms giant Cox Communications recently patched a series of vulnerabilities that could have allowed hackers to remotely take control of millions of modems used by the company's customers, according to a researcher. The vulnerabilities were discovered and responsibly reported to Cox in early March by Sam Curry, a reputable researcher who previously uncovered serious security flaws in products from Apple, airline and hotel rewards platform Points.com, and vehicles from over a dozen car makers. READ MORE...

Atlassian Confluence High-Severity Bug Allows Code Execution

The research team at SonicWall Capture Labs has discovered a remote code execution vulnerability in the Atlassian Confluence Data Center and Server. The vulnerability, identified as CVE-2024-21683, has a high CVSS score of 8.3 out of 10, and allows an authenticated threat actor the ability to execute arbitrary code. In order to leverage the vulnerability, a cyberattacker must have network access to the vulnerable system, and possess the privilege to add new macro languages. READ MORE...

  • ...in 1783, the Montgolfier brothers demonstrate their first hot-air balloon at the palace in Versailles, France.
  • ...in 1896, Henry Ford completes the Ford Quadricycle, the very first internal-combustion powered automobile.
  • ...in 1919, the 19th Amendment is passed by Congress, guaranteeing women's right to vote.
  • ...in 1942, the Battle of Midway begins.