IT Security Newsletter - 8/15/2023
TIAA hit with class-action lawsuit over MOVEit data breach
A retired teacher filed a class-action lawsuit against TIAA last week over the retirement fund's handling of clients' personal data following the cyberattack on the file transfer software platform MOVEit that exposed TIAA data. The data breach affected some 2.3 million TIAA clients, according to the lawsuit filed last week in U.S. District Court in New York. The suit alleges TIAA did not use "reasonable security procedures and practices" to protect clients' sensitive information. READ MORE...
1.5 Million Impacted by Ransomware Attack at Canadian Dental Service
Canadian dental benefits administrator Alberta Dental Service Corporation (ADSC) has started informing roughly 1.47 million individuals that their personal information was compromised in a ransomware attack last month. The intrusion was initially discovered on July 9, but the full scope of the data breach was determined only two weeks later. The attackers, ADSC says, had access to its network for more than two months before deploying file-encrypting malware. READ MORE...
"Grab hold and give it a wiggle" - ATM card skimming is still a thing
It's been a while since we've written about card skimmers, which used to play a big part in global cybercrime. These days, many if not most cyber-breach and cybercrime stories revolve around ransomware, the darkweb and the cloud, or some unholy combination of the three. In ransomware attacks, the criminals don't actually need to approach the scene of the crime in person, and their payoffs are extracted online, typically using pseudoanonymous technologies such as the darkweb and cryptocoins. READ MORE...
Over 100K hacking forums accounts exposed by info-stealing malware
Researchers discovered 120,000 infected systems that contained credentials for cybercrime forums. Many of the computers belong to hackers, the researchers say. Analyzing the data, threat researchers found that the passwords used for logging into hacking forums were generally stronger than those for government websites. After pouring through 100 cybercrime forums, researchers at threat intelligence company Hudson Rock found that some hackers had inadvertently infected their computers and had their logins stolen. READ MORE...
Crimeware server used by NetWalker ransomware seized and shut down
It's taken nearly ten years, but the US Department of Justice (DOJ) has just announced the court-approved seizure of a web domain called LolekHosted[dot]net that was allegedly connected to a wide range of crimeware-as-a-service activities. The DOJ also charged a 36-year-old Polish man named Artur Karol Grabowski in connection with running the service, but his current whereabouts are unknown. READ MORE...
Power Management Product Flaws Can Expose Data Centers to Damaging Attacks, Spying
Vulnerabilities in power management products made by CyberPower and Dataprobe could be exploited in attacks aimed at data centers, allowing threat actors to spy on organizations or cause damage, according to threat detection and response firm Trellix. Trellix researchers have analyzed CyberPower's PowerPanel Enterprise data center power management software and Dataprobe's iBoot power distribution unit (PDU). READ MORE...
Phishing Operators Make Ready Use of Abandoned Websites for Bait
Attackers are increasingly targeting abandoned and barely maintained websites for hosting phishing pages, according to a new study from Kaspersky. In many cases, phishers' focus is on WordPress sites because of the sheer number of known vulnerabilities in the widely used content management system and its numerous plug-ins. Researchers at Kaspersky recently counted 22,400 unique WordPress websites that threat actors had compromised between mid-May 15 and the end of July to host phishing pages. READ MORE...
- ...in 1877, Thomas Edison makes the first-ever sound recording, of himself reciting "Mary had a little lamb."
- ...in 1965, The Beatles play to nearly 60,000 fans at Shea Stadium, ushering in the age of "stadium rock."
- ...in 1969, The Woodstock Music & Art Fair opens in upstate New York, showcasing some of the era's most popular musical acts.
- ...in 1971, President Nixon signs legislation officially detaching the value of the U.S. dollar from the "gold standard."