<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 7/1/2024

SHARE

Top News

Ticketmaster sends notifications about recent massive data breach

Ticketmaster has started to notify customers who were impacted by a data breach after hackers stole the company's Snowflake database, containing the data of millions of people. "Ticketmaster recently discovered that an unauthorized third party obtained information from a cloud database hosted by a third-party data services provider," reads a data breach notification shared with the Office of the Maine Attorney General. READ MORE...

Breaches

Prudential Financial Data Breach Impacts 2.5 Million

More than 2.5 million individuals are affected by a February 2024 data breach, Prudential Financial says in an updated incident notification. The insurance giant initially disclosed the data breach in February, and announced in late March that more than 36,000 individuals might have been affected. In an incident notice update filed with the Maine Attorney General's Office last week, Prudential said that the incident resulted in the data of 2,556,210 individuals being compromised. READ MORE...


Landmark Admin Discloses Data Breach Impacting Personal, Medical Information

Life insurance company Landmark Admin is sending notifications to an unknown number of individuals about a data breach impacting personal, medical, and insurance information. Landmark Admin says it detected the incident on May 13 and found evidence that the attackers accessed specific files containing information such as names, addresses, dates of birth, Social Security numbers, driver's license numbers, passport numbers, financial account numbers, and more. READ MORE...


Dairy giant Agropur says data breach exposed customer info

Agropur, one of the largest dairy cooperatives in North America, is notifying customers of a data breach after some of its shared online directories were exposed. Although the firm said the breach does not extend to its transactional systems and hasn't disrupted its core business operations, it launched an investigation to determine the scope and impact on clients, engaging with external cybersecurity experts and law enforcement for help. READ MORE...

Hacking

Russian hackers read your emails to us, Microsoft warns more customers

More of Microsoft's clients are being warned that emails they exchanged with the company were accessed by Russian hackers who broke into its systems and spied on staff inboxes. In January, Microsoft revealed that members of the "Midnight Blizzard" hacking group (also known as APT29 or Cozy Bear) had compromised the tech giant's systems in late 2023. They did this by using a "password spray" brute-force attack, accessing email accounts belonging to its senior leadership as well as employees. READ MORE...

Software Updates

Juniper Networks flings out emergency patches for perfect 10 router vuln

A critical vulnerability affecting Juniper Networks routers forced the vendor to issue emergency patches last week, and users are advised to apply them as soon as possible. The authentication bypass bug, tracked as CVE-2024-2973, scored a perfect 10 rating on both the CVSS 3.1 and CVSS 4 systems, illustrating the seriousness of the issue. "An authentication bypass using an alternate path or channel [...] allows a network-based attacker to bypass authentication," Juniper said in its advisory. READ MORE...

Information Security

Inside a violent gang's ruthless crypto-stealing home invasion spree

Cryptocurrency has always made a ripe target for theft-and not just hacking, but the old-fashioned, up-close-and-personal kind, too. Given that it can be irreversibly transferred in seconds with little more than a password, it's perhaps no surprise that thieves have occasionally sought to steal crypto in home-invasion burglaries and even kidnappings. But rarely do those thieves leave a trail of violence in their wake as disturbing as that of one gang of crypto extortionists. READ MORE...


The telltale words that could identify generative AI text

Thus far, even AI companies have had trouble coming up with tools that can reliably detect when a piece of writing was generated using a large language model. Now, a group of researchers has established a novel method for estimating LLM usage across a large set of scientific writing by measuring which "excess words" started showing up much more frequently during the LLM era (i.e., 2023 and 2024). The results "suggest that at least 10% of 2024 abstracts were processed with LLMs." READ MORE...

Exploits/Vulnerabilities

Nasty regreSSHion bug in OpenSSH puts around 700K Linux boxes at risk

Glibc-based Linux systems are vulnerable to a new bug (CVE-2024-6387) in OpenSSH's server (sshd) and should upgrade to the latest version. Infosec researchers at Qualys published their findings today, revealing that sshd is vulnerable to a race condition that could allow an unauthenticated attacker to achieve remote code execution (RCE) on potentially hundreds of thousands of targets. READ MORE...

On This Date

  • ...in 1863, the Battle of Gettysburg begins in Gettysburg, PA.
  • ...in 1934, blues musician and songwriter Willie Dixon is born in Vicksburg, MS.
  • ...in 1963, the US Postal Service introduces the ZIP Code.
  • ...in 1979, Sony introduces the Walkman, the first commercially-successful personal stereo audio device.