IT Security Newsletter

IT Security Newsletter - 6/6/2024

Written by Cadre | Thu, Jun 6, 2024

A Russian Cyber Gang Is Thought to Be Behind a Ransomware Attack That Hit London Hospitals

A Russian cyber gang is believed to be behind a ransomware attack that disrupted London hospitals and led to operations and appointments being canceled, the former head of British cybersecurity said Wednesday. A group known as Qilin is most likely behind the attack on Synnovis, which provides pathology lab services for several hospitals run by the National Health Service, said Ciaran Martin, former chief executive of the National Cyber Security Centre. READ MORE...

Google, Microsoft: Russian Threat Actors Pose High Risk to 2024 Paris Olympics

The 2024 Paris Olympics is facing elevated risks of cyber threats, especially from Russian threat actors, Google and Microsoft warn. According to Google Cloud's Mandiant cybersecurity team, the 2024 Paris Olympics is facing cyber threats ranging from espionage, disruption, destruction, hacktivism, influence, and financially motivated activities. Russian threat groups represent a major threat to the Olympics, while threat actors from China, Iran, and North Korea pose a moderate to low risk. READ MORE...

Advance Auto Parts customer data posted for sale

A cybercriminal using the handle Sp1d3r is offering to sell 3 TB of data taken from Advance Auto Parts, Inc. Advance Auto Parts is a US automotive aftermarket parts provider that serves both professional installers and do it yourself customers. The data set allegedly also includes information about 358,000 employees and candidates-which is a lot more than are currently employed by Advance Auto Parts (69,000 in 2023). READ MORE...

Hijacking Scheme Takes Over High-Profile TikTok Accounts

The social media platform TikTok has confirmed that high-profile accounts are being exploited and hijacked by threat actors in a takeover campaign. The threat was first discovered by Forbes on June 4, which revealed that users had received direct messages believed to contain a strain of malware that is being spread by the threat actors. The malware reportedly allows the hijackers to take over an account without the targeted victim even having to click on a link or download a file. READ MORE...

Microsoft shows venerable and vulnerable NTLM security protocol the door

Microsoft has finally decided to add the venerable NTLM authentication protocol to the Deprecated Features list. The announcement means that admins dragging their feet to move to something more secure must start making plans. Active feature development for all versions of NTLM (NT Lan Manager) has now ceased, although the protocol will linger for a while. Microsoft said: "Use of NTLM will continue to work in the next release of Windows Server and the next annual release of Windows." READ MORE...

Zyxel patches critical flaws in EOL NAS devices

Zyxel has released patches for three critical vulnerabilities (CVE-2024-29972, CVE-2024-29973, and CVE-2024-29974) affecting two network-attached storage (NAS) devices that have recently reached end-of-vulnerability-support. The vulnerabilities have been discovered and reported by Timothy Hjort, a vulnerability researcher with Outpost24's Ghost Labs. Hjort also found a backdoor account used for remote support (that was supposedly removed four years ago) and two other flaws. READ MORE...

FBI recovers 7,000 LockBit keys, urges ransomware victims to reach out

The FBI urges past victims of LockBit ransomware attacks to come forward after revealing that it has obtained over 7,000 LockBit decryption keys that they can use to recover encrypted data for free. FBI Cyber Division Assistant Director Bryan Vorndran announced this on Wednesday at the 2024 Boston Conference on Cyber Security. "From our ongoing disruption of LockBit, we now have over 7,000 decryption keys and can help victims reclaim their data and get back online," the FBI Cyber Lead said. READ MORE...

Husband stalked ex-wife with seven AirTags, indictment says

Following their divorce, a husband carried out a campaign of stalking and abuse against his ex-wife-referred to only as "S.K."-by allegedly hiding seven separate Apple AirTags on or near her car, according to documents filed by US prosecutors for the Eastern District of Pennsylvania. The documents, unearthed by 404 Media in collaboration with Court Watch, reveal how everyday consumer tools, like Bluetooth trackers, are sometimes leveraged for abuse against spouses and romantic partners. READ MORE...

7-year-old Oracle WebLogic bug under active exploitation

A seven-year-old Oracle vulnerability is the latest to be added to CISA's Known Exploited Vulnerability (KEV) catalog, meaning the security agency considers it a significant threat to federal government. CVE-2017-3506 affects Oracle's WebLogic Server, allowing for remote command execution on affected operating systems. Carrying a 7.4 severity, patches were originally released for it in April 2017, but recent research suggests it's now being exploited by Chinese cybercriminals. READ MORE...

Check-in terminals used by thousands of hotels leak guest info

Ariane Systems self check-in systems installed at thousands of hotels worldwide are vulnerable to a kiosk mode bypass flaw that could allow access to guests' personal information and the keys for other rooms. These terminals allow people to book and check into the hotel themselves, handle the payment process via a POS subsystem, print invoices, and provision RFID transponders used as room keys. READ MORE...

  • ...in 1892, Chicago's elevated rail rapid transit system, popularly known as the "L", begins operation.
  • ...in 1932, the first gasoline tax was enacted with the Revenue Act of 1932, at a rate of 1 cent per gallon.
  • ...in 1933, the first drive-in theater opens in Camden, NJ.
  • ...in 1944, Allied forces land at the beaches of Normandy, commencing Operation Overlord, better known as "D-Day," the largest amphibious operation in history.