IT Security Newsletter

IT Security Newsletter - 8/29/2024

Written by Cadre | Thu, Aug 29, 2024

Iranian-linked hackers collaborate with ransomware affiliates, feds say

Iranian-sponsored hackers are acting as access brokers for ransomware affiliates like ALPHV, U.S. intelligence agencies warned in a joint alert Wednesday. The FBI, Cybersecurity and Infrastructure Security Agency, and the Department of Defense's Cyber Crime Center said in an advisory that hackers with likely sponsorship from Iran are moonlighting with notable ransomware affiliates and seeking out network access to organizations in education, finance, health care, and defense. READ MORE...

DICK'S shuts down email, locks employee accounts after cyberattack

DICK'S Sporting Goods, the largest chain of sporting goods retail stores in the United States, disclosed that confidential information was exposed in a cyberattack detected last Wednesday. Founded in 1948, DICK'S operates 857 stores across the United States and has reported $12.98 billion in revenue in 2023. As of February 2024, the Fortune 500 company employs over 55,500 people (18,900 full-time and 36,600 part-time). READ MORE...

Crypto scammers who hacked McDonald's Instagram account say they stole $700,000

Hackers who seized control of the official Instagram account of McDonald's claim that they managed to steal US $700,000 from unsuspecting investors by promoting a fake cryptocurrency. Earlier this month, hackers promoted a worthless cryptocurrency token they dubbed "GRIMACE" to the 5.1 million people following McDonald's Instagram account. At the same time, tweets from the account of Guillaume Huin, McDonald's head of social media, added credence to the unusual cryptocurrency promotion. READ MORE...

Cisco Patches Multiple NX-OS Software Vulnerabilities

Cisco on Wednesday announced patches for multiple NX-OS software vulnerabilities as part of its semiannual FXOS and NX-OS security advisory bundled publication. The most severe of the bugs is CVE-2024-20446, a high-severity flaw in the DHCPv6 relay agent of NX-OS that could be exploited by remote, unauthenticated attackers to cause a denial-of-service (DoS) condition. Improper handling of specific fields in DHCPv6 messages allows attackers to send crafted packets to any IPv6 address. READ MORE...

New Tickler malware used to backdoor US govt, defense orgs

The APT33 Iranian hacking group has used new Tickler malware to backdoor the networks of organizations in the government, defense, satellite, oil and gas sectors in the United States and the United Arab Emirates. As Microsoft security researchers observed, the threat group (also tracked as Peach Sandstorm and Refined Kitten), which operates on behalf of the Iranian Islamic Revolutionary Guard Corps (IRGC), used this new malware as part of an intelligence collection campaign. READ MORE...

Deepfakes: Seeing is no longer believing

The threat of deepfakes lies not in the technology itself, but in people's natural tendency to trust what they see. As a result, deepfakes don't need to be highly advanced or convincing to effectively spread misinformation and disinformation. While many organizations have begun to take steps to address this issue, confidence in these measures is low, and the public's ability to recognize deepfakes remains limited. READ MORE...

Attackers Exploit Critical Atlassian Confluence Flaw for Cryptojacking

Threat actors continue to exploit a critical remote code execution (RCE) Atlassian bug discovered in January, with new attack vectors that turn targeted cloud environments into cryptomining networks. Trend Micro has uncovered two separate attacks that use the flaw - tracked as CVE-2023-22527 in the Confluence Data Center and Confluence Server - in cryptojacking attacks that drain network resources. READ MORE...

CCTV Zero-Day Exposes Critical Infrastructure to Mirai Botnet

Industrial control systems and critical infrastructure operators are being warned about a campaign leveraging a known zero-day vulnerability in remote monitoring cameras to spread Mirai cryptominer botnets. Researchers at Akamai found the Mirai cryptominer botnet campaign was exploiting a variety of previously disclosed vulnerabilities, but was notably focused on a zero-day command injection vulnerability in AVTECH closed-circuit television (CCTV) cameras tracked under CVE-2024-7029. READ MORE...

  • ...in 1833, King William IV gives his assent to an act of Parliament abolishing slavery throughout the British Empire.
  • ...in 1898, The Goodyear tire company is founded, in Akron, OH, earning the city its nickname: "Rubber City."
  • ...in 1958, United States Air Force Academy opens in Colorado Springs, CO.
  • ...in 1966, The Beatles perform their last paid concert at Candlestick Park in San Francisco.