<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 9/1/2023

SHARE

Breaches

Golf gear giant Callaway data breach exposes info of 1.1 million

Topgolf Callaway (Callaway) suffered a data breach at the start of August, which exposed the sensitive personal and account data of more than a million customers. Callaway is an American sports equipment maker and seller specializing in golf equipment and accessories such as clubs, balls, bags, gloves, and caps. The company is present in more than 70 countries worldwide and has an annual revenue of over $1.2 billion. It employs roughly 25,000 people. READ MORE...

Hacking

Classiscam fraud-as-a-service expands, now targets banks and 251 brands

The "Classiscam" scam-as-a-service operation has broadened its reach worldwide, targeting many more brands, countries, and industries, causing more significant financial damage than before. Like a ransomware-as-a-service operation, this Telegram-based operation recruits affiliates who use the service's phishing kits to create fake ads and pages to steal money, credit card information, and, more recently, banking credentials. READ MORE...


Russia targets Ukraine with new Android backdoor, intel agencies say

Russia's military intelligence unit has been targeting Ukrainian Android devices with "Infamous Chisel," the tracking name for new malware that's designed to backdoor devices and steal critical information, Western intelligence agencies said on Thursday. "Infamous Chisel is a collection of components which enable persistent access to an infected Android device over the Tor network, and which periodically collates and exfiltrates victim information from compromised devices," intelligence officials wrote. READ MORE...


How Ducktail capitalizes on compromised business, ad accounts

Quite some money can be made from selling compromised business and ad accounts on social media platforms, and the Ducktail threat actor has specialized in just that. Ducktail is the name assigned by security researchers to a group operating from Vietnam, whose goal is hijack social media business accounts on platforms like TikTok, Facebook, LinkedIn, and Google. Their selected targets are individuals working in the digital marketing and advertising sector. READ MORE...

Information Security

Energy Department Offering $9M in Cybersecurity Competition for Small Electric Utilities

The US Department of Energy on Wednesday announced a competition that can help smaller electric utilities obtain funding and technical assistance for improving their cybersecurity posture. The competition, named the Advanced Cybersecurity Technology (ACT) 1 Prize Competition, is part of the Biden administration's Rural and Municipal Utility Cybersecurity (RMUC) Program, which has set aside $250 million over a five-year period for enhancing cybersecurity at cooperative and municipal electric utilities. READ MORE...


Prompt injection could be the SQL injection of the future, warns NCSC

The UK's National Cyber Security Centre (NCSC) has issued a warning about the risks of integrating large language models (LLMs) like OpenAI's ChatGPT into other services. One of the major risks is the possibility of prompt injection attacks. The NCSC points out several dangers associated with integrating a technology that is very much in early stages of development into other services and platforms. READ MORE...

Exploits/Vulnerabilities

Vulnerability in WordPress Migration Plugin Exposes Websites to Attacks

A vulnerability in several extensions for the All-in-One WP Migration plugin potentially exposes WordPress websites to attacks leading to sensitive information disclosure. With more than five million installations and maintained by ServMask, All-in-One WP Migration is a highly popular plugin for moving websites that also provides several premium extensions for migrating to third-party platforms. READ MORE...

On This Date

  • ...in 1875, science fiction author Edgar Rice Burroughs, the creator of Tarzan of the Apes and John Carter of Mars, is born in Chicago, IL.
  • ...in 1950, German automotive designer Porsche releases the 356, the first automobile to be independently manufactured and sold by the company following WWII.
  • ...in 1952, Ernest Hemingway's Pulitzer-prize winning novel "The Old Man and the Sea" is first published.
  • ...in 1985, a joint French-American expedition locates the wreckage of the RMS Titanic on the bottom of the North Atlantic.