<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 7/3/2024

SHARE

Breaches

Affirm says Evolve Bank data breach also compromised some of its customers

'Buy now, pay later' payment specialist Affirm has warned that holders of its payment cards had their personal information exposed after a ransomware attack and data breach at Evolve Bank & Trust. According to Evolve, the attack started after "an employee inadvertently clicked on a malicious internet link." Evolve refused to pay the ransom, and so the attackers leaked the data they downloaded. READ MORE...


300k Affected by Year-Old Data Breach at Florida Community Health Centers

Healthcare services provider Florida Community Health Centers (FCHC) is notifying close to 300,000 individuals that their personal and health information was compromised in a June 2023 ransomware attack. Discovered on June 13, 2023, the incident resulted in the information of current and former patients being compromised, FCHC told the affected individuals in a notification letter sent via mail, a copy of which was submitted to the Maine Attorney General's Office. READ MORE...

Hacking

Patelco Credit Union Scrambling to Restore Systems Following Ransomware Attack

Patelco Credit Union is scrambling to restore banking services after a ransomware attack forced it to shut down its systems over the weekend. The Dublin, California-based credit union, which serves roughly 500,000 customers, initially announced the incident on Sunday, roughly 24 hours after the outage occurred. The attack forced the financial institution to shut down some of its day-to-day banking systems, which impacted its online banking services, mobile application, and call center. READ MORE...

Malware

South Africa National Healthcare Lab Still Reeling From Ransomware Attack

South Africa's National Health Laboratory Service (NHLS), the government-run network of healthcare testing laboratories, continues to battle in its recovery from a ransomware attack that disrupted systems and deleted backups. The attack targeted specific weak points in the NHLS's information infrastructure on June 22, effectively blocking communications between the laboratories' information systems and other medical databases, resulting in delays in lab testing across public health facilities. READ MORE...


Over 380k Hosts Still Referencing Malicious Polyfill Domain: Censys

JavaScript scripts referencing the recently suspended polyfill.io domain are present on over 380,000 internet-exposed hosts, attack surface management firm Censys reports. Used to host polyfills, small JavaScript bits providing modern functionality in older browsers, polyfill.io was suspended last week, after it was caught redirecting the visitors of websites embedding polyfill.io code to betting and adult sites. READ MORE...

Information Security

AI in the workplace: The good, the bad, and the algorithmic

Artificial Intelligence (AI) is a hot topic at the moment. It's everywhere. You probably already use it every day. That chatbot you're talking to about your lost parcel? Powered by conversational AI. The 'recommended' items lined up under your most frequently brought Amazon purchases? Driven by AI/ML (machine learning) algorithms. You might even use generative AI to help write your LinkedIn posts or emails. But where does the line stop? READ MORE...

Exploits/Vulnerabilities

"RegreSSHion" vulnerability in OpenSSH gives attackers root on Linux

Researchers have warned of a critical vulnerability affecting the OpenSSH networking utility that can be exploited to give attackers complete control of Linux and Unix servers with no authentication required. The vulnerability, tracked as CVE-2024-6387, allows unauthenticated remote code execution with root system rights on Linux systems that are based on glibc, an open source implementation of the C standard library. READ MORE...


Passkey Redaction Attacks Subvert GitHub, Microsoft Authentication

While online accounts are increasingly protected by passkey technology, it turns out that many banking, e-commerce, social media, website domain name administration, software development platforms, cloud accounts, and more can still be compromised using adversary-in-the-middle (AitM) attacks that make passkeys moot. The problem lies not in the passkeys themselves but in their implementation and the need for account recovery options. READ MORE...

On This Date

  • ...in 1775, George Washington assumes command of the Continental Army.
  • ...in 1863, Union troops at Gettysburg neutralize an ill-planned infantry charge by Confederate Maj. Gen. George Pickett, marking a decisive turning point in the Civil War.
  • ...in 1962, Jackie Robinson becomes the first African American to be inducted into the National Baseball Hall of Fame.
  • ...in 2013, Egyptian President Mohamed Morsi is overthrown by military coup after four days of protests calling for his resignation.