IT Security Newsletter

IT Security Newsletter - 7/9/2024

Written by Cadre | Tue, Jul 9, 2024

The president ordered a board to probe a massive Russian cyberattack. It never did.

Investigating how the world's largest software provider handles the security of its own ubiquitous products. After Russian intelligence launched one of the most devastating cyber espionage attacks in history against US government agencies, the Biden administration set up a new board and tasked it to figure out what happened-and tell the public. State hackers had infiltrated SolarWinds, an American software company that serves the US government and thousands of American companies. READ MORE...

Evolve Bank & Trust confirms LockBit stole 7.6 million people's data

Evolve Bank & Trust says the data of more than 7.6 million customers was stolen during the LockBit break-in in late May, per a fresh filing with Maine's attorney general. The filing lists the total number of persons affected (including residents) at 7,640,112. It's the first time Evolve has confirmed the scale of the data theft - which affected at least three of its major partners, past and present - and it expects the number to rise as its investigations continue. READ MORE...

Shopify says stolen customer data was taken in third-party breach

Shopify has denied a breach of its systems after a cybercriminal posted alleged Shopify customer details online. Shopify told BleepingComputer and other publications that the incident happened at a third party: "Shopify systems have not experienced a security incident. The data loss reported was caused by a third-party app. The app developer intends to notify affected customers." The cybercriminal posting under the handle "888" claims the breach took place in 2024. READ MORE...

Ransomware Gang Leaks Data Allegedly Stolen from Florida Department of Health

The ransomware group known as RansomHub is leaking data allegedly stolen from the Florida Department of Health. The cybercriminal group added the agency to its Tor-based leak site on July 2, claiming to have stolen over 100 gigabytes of data from its network, including personally identifiable information (PII) and protected health information (PHI). RansomHub began publishing the allegedly stolen information over the weekend, after the Florida DOH missed a [ransom] deadline. READ MORE...

Hackers leak 39,000 print-at-home Ticketmaster tickets for 154 events

In an ongoing extortion campaign against Ticketmaster, threat actors have leaked almost 39,000 print-at-home tickets for 150 upcoming concerts and events, including Pearl Jam, Phish, Tate McCrae, and Foo Fighters. The tickets were leaked by a threat actor known as 'Sp1derHunters,' who is selling data stolen in recent data theft attacks from Snowflake accounts. In April, threat actors began downloading Snowflake databases of at least 165 organizations. READ MORE...

Hacked Ethereum Foundation Account Used to Send 35,000 Phishing Emails

A threat actor hacked into Ethereum Foundation's account on a mailing list platform and used it to send email phishing lures to more than 35,794 addresses. The phishing emails, which came from the legitimate updates@blog.ethereum.org email address, promoted a Lido scam and contained a link to a malicious site designed to drain the visitors' wallets. "This website had a crypto drainer running in the background," the Ethereum Foundation said in a notice. READ MORE...

China's APT40 gang is ready to attack vulns within hours or days of public release

Law enforcement agencies from eight nations, led by Australia, have issued an advisory that details the tradecraft used by China-aligned threat actor APT40 - aka Kryptonite Panda, GINGHAM TYPHOON, Leviathan and Bronze Mohawk - and found it prioritizes developing exploits for newly found vulnerabilities and can target them within hours. The advisory describes APT40 as a "state-sponsored cyber group" and the People's Republic of China (PRC) as that sponsor. READ MORE...

GuardZoo spyware used by Houthis to target military personnel

Lookout discovered GuardZoo, Android spyware targeting Middle Eastern military personnel. This campaign leverages malicious apps with military and religious themes to lure victims via social engineering on mobile devices. While researchers are still actively analyzing data, thus far, they have seen more than 450 IP addresses belonging to victims primarily located in Yemen, Saudi Arabia, Egypt, Oman, the United Arab Emirates (UAE), Qatar, and Turkey. READ MORE...

Computer maker Zotac exposed customers' RMA info on Google Search

Computer hardware maker Zotac has exposed return merchandise authorization (RMA) requests and related documents online for an unknown period, exposing sensitive customer information. Zotac, known for its range of compact and mini PCs, high-performance graphics cards, motherboards, and computer accessories, has misconfigured the web folders that hold RMA data, resulting in them being indexed by search engines. READ MORE...

  • ...in 1877, the first Wimbledon tennis tournament begins.
  • ...in 1941, British intelligence breaks the five-wheel Enigma key, allowing the Allies to intercept all secret German communications.
  • ...in 1947, Army Nursing Corps superintendaent Florence Blanchfield is given the rank of Lt. Colonel, making her the US military's first female officer.
  • ...in 1975, singer-songwriter Jack White (The White Stripes, The Raconteurs) in born in Detroit, MI.