<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter

Get the latest headlines, summaries, and security news!

IT Security Newsletter - 9/13/2022

Top News

Chinese-linked cyber crims nab $529 million from Indian nationals

Chinese scammers have reportedly stolen a whopping $529 million dollars from Indian residents using instant lending apps, lures of part-time jobs, and bogus cryptocurrency trading schemes, according to the cyber crime unit in the state of Uttar Pradesh. As of last April, the coppers had busted a network of criminals worth around $378 million, but that total did not include the cryptocurrency-related frauds. READ MORE...

Breaches

U-Haul reports data breach, customers' info exposed

U.S. moving and storage rental company U-Haul has suffered a data breach due to an unauthorized person having accessed an unspecified number of rental contracts, U-Haul's parent company Amerco has revealed in a last week. It is not known have many customers have been affected, but apparently their payment card information is safe - the person had access "only" to customers' name, driver's license or state identification number. READ MORE...

Hacking

Hackers steal Steam accounts in new Browser-in-the-Browser attacks

Hackers are launching new attacks to steal Steam credentials using a Browser-in-the-Browser phishing technique that is rising in popularity among threat actors. The Browser-in-the-Browser technique is a trending attack method involving the creation of fake browser windows within the active window, making it appear as a sign-in pop-up page for a targeted login service. READ MORE...


Phishing scheme targeting Mideast researchers uses 'herd mentality' approach to dupe victims

Hackers are using a clever new phishing technique to create email threads with multiple responses to trick potential victims into thinking bogus messages are legitimate. The cybersecurity firm Proofpoint has identified the group deploying these so-called "multi-persona impersonation" emails as TA453. The company previously linked TA453 to Iran and says their activities overlap with other groups called Charming Kitten, Phosphorous and APT42. READ MORE...

Trends

Healthcare cyberattacks led to worse patient care, increased mortality, study finds

More than 20% of the healthcare organizations recently surveyed by the Ponemon Institute reported increased patient mortality rates after experiencing a cyberattack, according to a study released Thursday from the research group and Proofpoint, a cybersecurity compliance company. Delayed procedures and tests were the most commonly reported consequences of cyberattacks, along with longer patient stays, according to the study. READ MORE...

Software Updates

Apple patches iPhone and macOS flaws under active attack

Apple has pushed out five security fixes including including two vulnerabilities in its iPhones, iPads and Mac operating systems that are already being exploited. One of these, tracked as CVE-2022-32917, can be used to allow malicious applications to execute arbitrary code with kernel privileges. "Apple is aware of a report that this issue may have been actively exploited," according to a security alert posted on Monday. READ MORE...

Malware

Lorenz ransomware breaches corporate network via phone systems

The Lorenz ransomware gang now uses a critical vulnerability in Mitel MiVoice VOIP appliances to breach enterprises, using their phone systems for initial access to their corporate networks. Arctic Wolf Labs security researchers spotted this new tactic after observing a significant overlap with Tactics, Techniques, and Procedures (TTPs) tied to ransomware attacks exploiting the CVE-2022-29499 bug for initial access, as Crowdstrike reported in June. READ MORE...

Exploits/Vulnerabilities

FBI Warns of Unpatched and Outdated Medical Device Risks

The FBI is warning healthcare facilities of the risks associated with unpatched and outdated medical devices. Security flaws in medical devices could adversely impact the operations of healthcare facilities, while also affecting the safety of patients and data confidentiality and integrity, the FBI says. Both hardware design and device software management faults could lead to security vulnerabilities, especially if specific configurations are used, embedded security features are missing or cannot be updated. READ MORE...

On This Date

  • ...in 1814, Francis Scott Key writes the poem "Defence of Fort McHenry", which would later be set to music as "The Star-Spangled Banner".
  • ...in 1925, jazz singer/songwriter Mel Torme, "The Velvet Fog", is born in Chicago, IL.
  • ...in 1939, 7-foot-tall actor Richard Kiel, best known as the metal-mouthed henchman "Jaws" from multiple James Bond films, is born in Detroit, MI.
  • ...in 1985, Nintendo releases Super Mario Bros. for the Nintendo Entertainment System.