<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 7/26/2022

SHARE

Breaches

T-Mobile to pay $500M for one of the largest data breaches in US history

When T-Mobile compromised the sensitive personal information of more than 76 million current, former, and prospective customers in 2021, plaintiffs involved in a class action lawsuit complained that the company continued profiting off their data while attempting to cover up "one of the largest and most consequential data breaches in US history." Now, T-Mobile has admitted no guilt but has agreed to pay a $500 million settlement (pending a judge's approval). READ MORE...


Data Stolen in Breach at Security Company Entrust

Entrust suffered a data breach last month and the security company has confirmed that the attackers have stolen some files. The breach was discovered on June 18 and the firm started notifying customers on July 6. However, the intrusion came to light only on July 21 when security researcher Dominic Alvieri came across a copy of the notification sent by Entrust to customers. READ MORE...

Hacking

Ransomware group targets Italian tax agency

Italian authorities are investigating the theft of roughly 78 gigabytes of data stolen from Italy's tax agency, l'Agenzia delle Entrate, the Italian news agency ANSA reported Monday. Earlier Monday, LockBit 3.0, one of the most active and prolific ransomware groups going, posted a notice to its website claiming it had stolen "100GB: company documents, scans, financial reports, contracts" from the agency, along with six screenshots purporting to show a sample of the files. READ MORE...

Malware

Supercharged Version of Amadey Infostealer & Malware Dropper Bypasses AVs

A dangerous malware variant called "Amadey Bot" that has been largely dormant for the past two years has surfaced again with new features that make it stealthier, more persistent, and much more dangerous than previous versions - including antivirus bypasses. Amadey Bot first appeared in 2018 and is primarily designed to steal data from infected systems. However, various threat actors - such as Russia's infamous TA505 advanced persistent threat (APT) group. READ MORE...


Malware spent months hoovering up credit card details from 300 US restaurants

Criminal hackers have been able to steal at least 50,000 credit cards from 300 restaurants in the US, after launching two Magecart campaigns that target the MenuDrive, Harbortouch, and InTouchPOS online payment platforms: Magecart is a web-skimmer-malware that is injected onto a vulnerable website so it can steal credit card information as it's entered into the site's checkout. READ MORE...

Exploits/Vulnerabilities

Hackers exploited PrestaShop zero-day to breach online stores

Hackers are targeting websites using the PrestaShop platform, leveraging a previously unknown vulnerability chain to perform code execution and potentially steal customers' payment information. The PrestaShop team issued an urgent warning last Friday, urging the admins of 300,000 shops using its software to review their security stance after cyberattacks were discovered targeting the platform. READ MORE...

On This Date

  • ...in 1948, President Harry S. Truman signs Executive Order 9981, officially desegregating the U.S. military.
  • ...in 1964, actress Sandra Bullock (""Speed", "Gravity") is born in Arlington, VA.
  • ...in 1990, President George H.W. Bush signs the Americans With Disabilities Act.
  • ...in 2005, NASA launches space shuttle Discovery on STS-114, the first manned flight mission after the 2003 Columbia disaster.