<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 6/7/2023

SHARE

Breaches

Outlook[.]com hit by outages as hacktivists claim DDoS attacks

Outlook[.]com is suffering a series of outages today after being down multiple times yesterday, with hacktivists known as Anonymous Sudan claiming to perform DDoS attacks on the service. This outage follows two major outages yesterday, creating widespread disruptions for global Outlook users, preventing users worldwide from reliably accessing or sending email and using the mobile Outlook app. READ MORE...

Hacking

Service Rents Email Addresses for Account Signups

One of the most expensive aspects of any cybercriminal operation is the time and effort it takes to constantly create large numbers of new throwaway email accounts. Now a new service offers to help dramatically cut costs associated with large-scale spam and account creation campaigns, by paying people to sell their email account credentials and letting customers temporarily rent access to a vast pool of established accounts at major providers. READ MORE...


Researchers Spot a Different Kind of Magecart Card-Skimming Campaign

An attacker under the Magecart umbrella has infected an unknown number of e-commerce sites in the US, UK, and five other countries with malware for skimming credit card numbers and personally identifiable information (PII) belonging to people making purchases on these sites. But in a new wrinkle, the threat actor is also using the same sites as hosts for delivering the card-skimming malware to other target sites. READ MORE...

Trends

Public sector apps show higher rates of security flaws

Applications developed by public sector organizations tend to have more security flaws than applications created by the private sector, according to Veracode. The findings are notable because increased numbers of flaws and vulnerabilities in applications correlate with increased levels of risk. The research comes amid a flurry of recent initiatives by the federal government to strengthen cybersecurity, including efforts to reduce vulnerabilities in applications that perform critical government functions. READ MORE...

Malware

ChatGPT Hallucinations Can Be Exploited to Distribute Malicious Code Packages

It's possible for threat actors to manipulate artificial intelligence chatbots such as ChatGPT to help them distribute malicious code packages to software developers, according to vulnerability and risk management company Vulcan Cyber. The issue is related to hallucinations, which occur when AI, specifically a large language model (LLM) such as ChatGPT, generates factually incorrect or nonsensical information that may look plausible. READ MORE...


Over 60,000 Android apps secretly installed adware for past six months

Over 60,000 Android apps disguised as legitimate applications have been quietly installing adware on mobile devices while remaining undetected for the past six months. The discovery comes from Romanian cybersecurity firm Bitdefender which detected the malicious apps using an anomaly detection feature added to its Bitdefender Mobile Security software last month. READ MORE...

Exploits/Vulnerabilities

What we know about the MOVEit vulnerability and compromises

A spree initiated by a financially-motivated ransomware group that actively exploited a zero-day vulnerability in Progress Software's MOVEit file transfer service to steal customers' data is afoot. Exploits have been underway for at least four months, according to Trustwave, and the compromise of MOVEit databases has resulted in at least one follow-on attack that has ensnared multiple downstream victims. READ MORE...


Chrome and Edge zero-day: "This exploit is in the wild", so check your versions now

Google's latest Chrome update is out, and this time the company hasn't minced its words about one of the two security patches it includes: Google is aware that an exploit for CVE-2023-3079 exists in the wild. There's no two-degrees-of-separation verbiage, as we've often seen from Google before, to say that the company "is aware of reports" of an exploit. READ MORE...

On This Date

  • ...in 1946, the BBC resumes its television broadcasts, which had been suspended for the duration of WWII.
  • ...in 1958, musician Prince Rogers Nelson, AKA Prince, is born in Minneapolis, MN.
  • ...in 1975, Sony introduces the Betamax videocassette recorder for sale to the public.
  • ...in 2018, the Mars Curiosity Rover finds organic matter in soil samples, indicating that Mars could have once supported living organisms.