<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 8/21/2024

SHARE

Top News

Toyota confirms third-party data breach impacting customers

Toyota confirmed that customer data was exposed in a third-party data breach after a threat actor leaked an archive of 240GB of stolen data on a hacking forum. "We are aware of the situation. The issue is limited in scope and is not a system wide issue," Toyota told BleepingComputer when asked to validate the threat actor's claims. The company added that it's "engaged with those who are impacted and will provide assistance if needed." READ MORE...


Azure Kubernetes Services Vulnerability Exposed Sensitive Information

A privilege escalation vulnerability in Microsoft Azure Kubernetes Services could have allowed attackers to access sensitive information, such as credentials for services used by the cluster, Mandiant reports. Impacting Azure Kubernetes Services clusters set to use Azure CNI for the network configuration and Azure for network policy, the issue could allow an attacker to access any secret on the cluster. READ MORE...

Breaches

Chipmaker Microchip reveals cyber attack whacked manufacturing capacity

US semiconductor manufacturing firm Microchip Technology has revealed an "unauthorized party disrupted the Company's use of certain servers and some business operation." A Tuesday filing explains that on August 17 it "detected potentially suspicious activity involving its information technology systems." An investigation followed, and on August 19 that effort yielded evidence of the unauthorized access. READ MORE...


Oregon Zoo warns visitors their credit card details were stolen

Oregon Zoo is informing that visitors who purchased tickets online between December and June had their payment card information compromised. Formerly Portland Zoo and Washington Park Zoo, Oregon Zoo is a 64-acre zoo owned by the regional Metro government. It is home to 1,800 animals from 232 species, including 28 on the endangered and threatened list. It is the state's largest zoo and one of the most popular tourist attractions, with more than 1.7 million visitors every year. READ MORE...


Arden Claims Service Reports Data Breach, 139,000 Affected

Class action litigation claims administration firm Arden Claims Service is notifying about 139,000 individuals that their personal information was stolen during an October 2023 data breach. The incident was discovered on October 17, when the firm noticed unusual activity in an email account. After securing the account, Arden Claims Service launched an investigation and discovered that a third-party "acquired certain data without authorization on or about October 3". READ MORE...

Hacking

Deadbeat dad faked his own death by hacking government databases

A US man has been sentenced to 81 months in jail for faking his own death by hacking government systems and officially marking himself as deceased. The US Department of Justice on Tuesday detailed the case of Jesse Kipf, 39, who was sent down for computer fraud and aggravated identity theft. In January 2023, Kipf used the credentials of a physician to access Hawaii's Death Registry System and create a "case" that recorded his own death. READ MORE...

Information Security

Average DDoS attack costs $6,000 per minute

2023 saw a surge in the frequency and duration of DDoS attacks, and in the first half of 2024, it's clear that surge has become the new normal, according to Zayo. DDoS attacks surged 106% from H2 2023 to H1 2024. The report also found that an average DDoS attack now lasts 45 minutes-an 18% increase from last year-costing unprotected organizations approximately $270,000 per attack at an average rate of $6,000 per minute. READ MORE...

Exploits/Vulnerabilities

PostgreSQL databases under attack

Poorly protected PostgreSQL databases running on Linux machines are being compromised by cryptojacking attackers. The attack - observed by Aqua Security researchers on a honeypot system - starts with the threat actors brute-forcing access credentials. The first payload - PG_Core - is mostly aimed at removing cron jobs for the current user and killing processes related to other cryptomining malware (e.g., Kinsing, WatchDog, TeamTNT). READ MORE...


Critical, Actively Exploited Jenkins RCE Bug Suffers Patch Lag

A critical vulnerability in the Jenkins open source automation server is still being actively exploited seven months after its initial disclosure. Jenkins is a two-decades old, open source extensible tool, which software developers use to build, test, and deploy applications during continuous integration and continuous delivery (CI/CD). It reached 300,000 known installations in 2022, which, according to its developers, made it the world's most popular automation server. READ MORE...

On This Date

  • ...in 1858, the first of the historical debates between Illinois Senate candidates Abraham Lincoln and Stephen Douglas is held in Ottawa, IL.
  • ...in 1911, The Mona Lisa is stolen by an employee of the Louvre. It would not be recovered until two years later.
  • ...in 1959, Hawaii becomes the 50th state.
  • ...in 1966, The Beatles played at Crosley Field in Cincinnati, with a set list comprised of only 11 songs and lasting 35 minutes. Tickets were $5.