<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 6/5/2024

SHARE

Top News

TotalRecall shows how easily data collected by Windows Recall can be stolen

Ethical hacker Alexander Hagenah has created TotalRecall, a tool that demonstrates how malicious individuals could abuse Windows' newly announced Recall feature to steal sensitive information. On May 20, Microsoft announced a new line of Windows 11-powered PCs called Copilot+. Among its previewed features was Recall, which was immediately viewed with suspicion by security professionals and privacy-minded users. READ MORE...

Breaches

London Hospitals Cancel Operations and Appointments After Being Hit in Ransomware Attack

Several London hospitals said Tuesday that they had to cancel operations and send patients away because of a cyberattack on a company that supplies pathology laboratory services. The firm, Synnovis, said it had been hit with a ransomware attack. Chief Executive Mark Dollar said the attack "has affected all Synnovis IT systems, resulting in interruptions to many of our pathology services." READ MORE...


Ticketmaster Breach Showcases SaaS Data Security Risks

A massive data breach at Ticketmaster and another one at Santander Bank last month may have both resulted from a fundamental failure by the companies to properly secure access to the data on a third-party cloud storage service. The incidents are the latest reminder of why organizations storing sensitive data in the cloud need to implement multifactor authentication (MFA), IP restrictions, and other mechanisms to protect access to it. READ MORE...

Hacking

Ukrainian Systems Hit by Cobalt Strike Via a Malicious Excel File

A threat actor is attempting to deploy the Cobalt Strike post-exploit toolkit on Windows systems belonging to users in Ukraine. The focus of the campaign appears to be to gain complete remote control of targeted systems for future payload deployment and potentially other malicious purposes, researchers at Fortinet said in a blog post this week. The security vendor described the threat actor as using a Ukrainian-themed Excel file with an embedded macro as an initial lure. READ MORE...

Software Updates

TikTok fixes zero-day bug used to hijack high-profile accounts

Over the past week, attackers have hijacked high-profile TikTok accounts belonging to multiple companies and celebrities, exploiting a zero-day vulnerability in the social media's direct messages feature. Zero-day vulnerabilities are security flaws with no official patch or public information detailing the underlying weakness. After being compromised, user accounts belonging to Sony, CNN, and Paris Hilton had to be taken down to prevent abuse. READ MORE...

Malware

RansomHub extortion gang linked to now-defunct Knight ransomware

Security researchers analyzing the relatively new RansomHub ransomware-as-a-service believe that it has evoloved from the currently defunct Knight ransomware project. RansomHub has a short history and operated mainly as a data theft and extortion group that sells stolen files to the highest bidder. The gang grabbed attention in mid-April when it leaked stolen data from United Health subsidiary Change Healthcare following a BlackCat/ALPHV attack, suggesting some form of collaboration. READ MORE...

Information Security

Google's AI Overviews misunderstand why people use Google

Last month, we looked into some of the most incorrect, dangerous, and downright weird answers generated by Google's new AI Overviews feature. Since then, Google has offered a partial apology/explanation for generating those kinds of results and has reportedly rolled back the feature's rollout for at least some types of queries. But the more I've thought about that rollout, the more I've begun to question the wisdom of Google's AI-powered search results in the first place. READ MORE...

Exploits/Vulnerabilities

'NsaRescueAngel' Backdoor Account Again Discovered in Zyxel Products

Taiwan-based networking device manufacturer Zyxel on Tuesday warned of three critical-severity vulnerabilities in two discontinued NAS products that could lead to command injection and arbitrary code execution. Tracked as CVE-2024-29972 and CVE-2024-29973, the first two flaws are command injection bugs that can be exploited without authentication, via crafted HTTP POST requests. READ MORE...

On This Date

  • ...in 1933, President Franklin D. Roosevelt takes the United States off of the gold standard.
  • ...in 1968, Senator and presidential candidate Robert Kennedy is assassinated at the Ambassador Hotel in Los Angeles, after winning the California Democratic primary.
  • ...in 2010, multi-championship winning basketball coach John Wooden passes away at the age of 99.
  • ...in 2014, Chester Nez, WWII veteran and last of the original Navajo "code talkers", dies at 93 years old.