<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 7/26/2023

SHARE

Breaches

Tampa General Hospital half thwarts ransomware attack, but still loses patient data

The Tampa General Hospital (TGH) has promised to reach out to individuals whose information has been stolen by a ransomware group. In a cybersecurity notice, TGH said it noticed unusual activity on its computer systems on May 31, 2023. While that is good news from a healthcare perspective, the ransomware operators did obtain something of value. An investigation learned that an unauthorized third party accessed TGH's network and obtained files from its systems between May 12 and May 30, 2023. READ MORE...

Malware

New Realst macOS malware steals your cryptocurrency wallets

A new Mac malware named "Realst" is being used in a massive campaign targeting Apple computers, with some of its latest variants including support for macOS 14 Sonoma, which is still in development. The malware, first discovered by security researcher iamdeadlyz, is distributed to both Windows and macOS users in the form of fake blockchain games using names such as Brawl Earth, WildWorld, Dawnland, Destruction, Evolion, Pearl, Olymp of Reptiles, and SaintLegend. READ MORE...


Who and What is Behind the Malware Proxy Service SocksEscort?

Researchers this month uncovered a two-year-old Linux-based remote access trojan dubbed AVrecon that enslaves Internet routers into botnet that bilks online advertisers and performs password-spraying attacks. Now new findings reveal that AVrecon is the malware engine behind a 12-year-old service called SocksEscort, which rents hacked residential and small business devices to cybercriminals looking to hide their true location online. READ MORE...

Information Security

Average cost of healthcare data breach reaches $11M, report finds

Healthcare continues to be the most expensive industry for data breaches, beating out other sectors for the 13th year in a row, according to research conducted by the Ponemon Institute and published by IBM Security. The average cost of a healthcare data breach reached nearly $11 million in 2023, an increase of 8% from last year and a 53% jump since 2020, the report found. READ MORE...

Exploits/Vulnerabilities

Super Admin elevation bug puts 900,000 MikroTik devices at risk

A critical severity 'Super Admin' privilege elevation flaw puts over 900,000 MikroTik RouterOS routers at risk, potentially enabling attackers to take full control over a device and remain undetected. The flaw, CVE-2023-30799, allows remote attackers with an existing admin account to elevate their privileges to "super-admin" via the device's Winbox or HTTP interface. READ MORE...


Zenbleed: How the quest for CPU performance could put your passwords at risk

Remember Heartbleed? That was the bug, back in 2014, that introduced the suffix -bleed for vulnerabilities that leak data in a haphazard way that neither the attacker nor the victim can reliably control. In other words, a crook can't use a bleed-style bug for a precision attack, such as "Find the shadow password file in the /etc directory and upload it to me," or "Search backwards in memory until the first run of 16 consecutive ASCII digits, that's a credit card number, so save it for later." READ MORE...

On This Date

  • ...in 1948, President Harry S. Truman signs Executive Order 9981, officially desegregating the U.S. military.
  • ...in 1964, actress Sandra Bullock (""Speed", "Gravity") is born in Arlington, VA.
  • ...in 1990, President George H.W. Bush signs the Americans With Disabilities Act.
  • ...in 2005, NASA launches space shuttle Discovery on STS-114, the first manned flight mission after the 2003 Columbia disaster.