<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 7/1/2022

SHARE

Breaches

Macmillan shuts down systems after likely ransomware attack

Publishing giant Macmillan was forced to shut down their network and offices while recovering from a security incident that appears to be a ransomware attack. The attack reportedly occurred over the weekend, on Saturday, June 25th, with the company shutting down all of their IT systems to prevent the spread of the attack. Publishers Weekly first reported on the incident, seeing emails from Macmillan that stated they suffered a "security incident, which involves the encryption of certain files on our network." READ MORE...


North Korea Lazarus Hackers Blamed for $100 Million Horizon Bridge Heist

The infamous North Korean Lazarus hacking group is the prime suspect in the $100 million hack of Harmony's Horizon Bridge, according to new data and research from blockchain analytics firm Elliptic. The multi-million compromise, confirmed by Harmony earlier this month, led to the theft of ETH, BNB, USDT, USDC and Dai from the Horizon cross-chain bridge and now there's evidence linking the heist to Lazarus, a hacking outfit linked to the North Korean government. READ MORE...


California state's gun control websites expose 10 years of personal data

A California state website exposed the personal details of anyone who applied for a concealed-and-carry weapons (CCW) permit between 2011 and 2021. According to the California Department of Justice, the blunder happened earlier this week when the US state's Firearms Dashboard Portal was overhauled. The Cali DOJ noted that the dashboards and data were available to the public "for less than 24 hours," and the information exposed included names, dates of birth, gender, race, etc. READ MORE...

Hacking

Hacktivist personas back latest GhostWriter disinfo op targeting Poland, Ukraine

The Belarusian government-linked GhostWriter disinformation campaign tried in mid-June to push a rumor that Ukrainian male refugees in Poland would be identified and deported back to Ukraine for military service using fabricated government correspondence, researchers with cybersecurity firm Mandiant said Thursday. Two hacktivist personas amplified the message, the researchers said in the findings first shared with CyberScoop. READ MORE...

Malware

Toll fraud malware disables your WiFi to force premium subscriptions

Microsoft is warning that toll fraud malware is one of the most prevalent threats on Android and that it is evolving with features that allow automatic subscription to premium services. Toll fraud is a subset of billing fraud, where the threat actor tricks victims into calling or sending an SMS to a premium number. The difference is that toll fraud does not work over WiFi and forces the devices to connect to the mobile operator's network. READ MORE...

Information Security

Google Blocks Domains of Hack-for-Hire Groups in Russia, India, UAE

A blog post published by Google's Threat Analysis Group on Thursday describes the activities of hack-for-hire gangs in Russia, India and the United Arab Emirates. The internet giant has added more than 30 domains used by these threat groups to its Safe Browsing mechanism, which prevents users from accessing them. Hack-for-hire groups are often conflated with entities offering surveillance tools. READ MORE...

Exploits/Vulnerabilities

Microsoft Exchange servers worldwide hit by stealthy new backdoor

Researchers have identified stealthy new malware that threat actors have been using for the past 15 months to backdoor Microsoft Exchange servers after they have been hacked. Dubbed SessionManager, the malicious software poses as a legitimate module for Internet Information Services (IIS), the web server installed by default on Exchange servers. Organizations often deploy IIS modules to streamline specific processes on their web infrastructure. READ MORE...


Amazon Photos vulnerability could have given attackers access to user files and data

Amazon has patched a flaw in the Amazon Photos app which could have allowed an attacker to steal and use a user's unique access token that verifies their identity across multiple Amazon APIs. That would give attackers access to a trove of information, since many of these APIs contain personal data, such as names, email addresses, and home addresses. Amazon Photos, previously known as Prime Photos, is a service related to Amazon Drive, the company's cloud storage application. READ MORE...


Jenkins warns of security holes in these 25 plugins

Jenkins, an open-source automation server for continuous integration and delivery (CI/CD), has published 34 security advisories covering 25 plugins used to extend the software. Eleven of the advisories are rated high severity, 14 are medium, and 9 are said to be low. The vulnerabilities described include: cross-site scripting (XSS), passwords, API keys, secrets, and tokens stored in plaintext, cross-site request forgery (CSRF), and missing and incorrect permission checks. READ MORE...

On This Date

  • ...in 1863, the Battle of Gettysburg begins in Gettysburg, PA.
  • ...in 1934, blues musician and songwriter Willie Dixon is born in Vicksburg, MS.
  • ...in 1963, the US Postal Service introduces the ZIP Code.
  • ...in 1979, Sony introduces the Walkman, the first commercially-successful personal stereo audio device.