IT Security Newsletter

IT Security Newsletter - 9/13/2024

Written by Cadre | Fri, Sep 13, 2024

The Dark Nexus Between Harm Groups and 'The Com'

A cyberattack that shut down two of the top casinos in Las Vegas last year quickly became one of the most riveting security stories of 2023. It was the first known case of native English-speaking hackers in the United States and Britain teaming up with ransomware gangs based in Russia. But that narrative has eclipsed a far more hideous trend: Many of these young, Western cybercriminals are also members of fast-growing online groups that exist solely to manipulate vulnerable teens. READ MORE...

I stole 20 GB of data from Capgemini - and now I'm leaking it, says cybercrook

A miscreant claims to have broken into Capgemini and leaked a large amount of sensitive data stolen from the technology services giant - including source code, credentials, and T-Mobile's virtual machine logs. The French multinational IT and consulting firm did not immediately respond to The Register's request for comment, and has yet to formally confirm or deny the cyber-criminal's claims. We will update this story if and when a spokesperson replies to our inquiries. READ MORE...

Fortinet Data Breach Impacts Customer Information

Fortinet on Thursday confirmed suffering a data breach impacting customers after a hacker leaked files allegedly belonging to the cybersecurity company. The hacker, who uses the online moniker 'Fortibitch', made the announcement on a popular hacking forum and claimed that the data - 440 Gb in total - came from an Azure Sharepoint instance. The threat actor indicated that the decision to make the stolen data available came after Fortinet refused to pay a ransom. READ MORE...

Suspect arrested over the Transport for London cyberattack

The UK National Crime Agency has arrested and detained a suspect - a 17-year-old male in Walsall (West Midlands) - on suspicion of Computer Misuse Act offences in relation to the Transport for London (TfL) cyberattack, the agency has announced today. The situation is evolving, but so far they know that some of the following data has or may have been accessed. The company has promised to contact affected individuals directly to offer support and guidance. READ MORE...

'Hadooken' Linux malware targets Oracle WebLogic servers

An unknown attacker is exploiting weak passwords to break into Oracle WebLogic servers and deploy an emerging Linux malware called Hadooken, according to researchers from cloud security outfit Aqua. it is unclear if the malware is being deployed in a concerted campaign: Aqua lead data analyst Assaf Morag told The Register that his team "saw a few dozen attacks over the past couple of weeks." READ MORE...

1.3 Million Android TV Boxes Infected by Vo1d Malware

A newly identified Android malware family has infected roughly 1.3 million TV boxes that are running older versions of the mobile operating system, Doctor Web warns. The malware, dubbed Vo1d, is a backdoor that can fetch and install additional software, based on commands received from its command-and-control (C&C) server. The threat, Doctor Web discovered, uses at least three methods to anchor itself to the system and ensure that it launches automatically when the device reboots. READ MORE...

6 common Geek Squad scams and how to defend against them

For three decades, Geek Squad has been a trusted name in tech for anyone needing IT support. The Best Buy subsidiary dispenses diagnostics, repairs and advice to consumers across the US in-store and online - including 24-hour emergency support. But like many trust brands, it's also ripe for abuse by cybercriminals. In fact, judging by the number of complaints sent to the Federal Trade Commission in 2023, Best Buy/Geek Squad is the most impersonated brand in the US. READ MORE...

For Just $20, Researchers Seize Part of Internet Infrastructure

Security researchers' ability to gain control of a chunk of the Internet's infrastructure for a mere $20 has focused attention on the fragility of the trust and cybersecurity mechanisms that organizations and users rely on daily. The troubling event began with researchers at watchTowr on a whim looking for remote code execution vulnerabilities in WHOIS clients while at the recent Black Hat USA conference in Las Vegas. READ MORE...

Microsoft VS Code Undermined in Asian Spy Attack

A Chinese state-aligned espionage group has become the first documented threat actor to weaponize a known exploit in VS Code in a malicious attack. Visual Studio Code, or VS Code, is Microsoft's free source code editor for Windows, Linux, and macOS. According to Stack Overflow's 2023 survey of 86,544 developers, it's the most popular integrated development environment (IDE) among both new (78%) and professional developers (74%), by some distance. READ MORE...

  • ...in 1814, Francis Scott Key writes the poem "Defence of Fort McHenry", which would later be set to music as "The Star-Spangled Banner".
  • ...in 1939, 7-foot-tall actor Richard Kiel, best known as the metal-mouthed henchman "Jaws" from multiple James Bond films, is born in Detroit, MI.
  • ...in 1969, the first episode of Hanna-Barbera's "Scooby-Doo, Where Are You?", introducing the teen sleuths of Mystery, Inc. and their talking Great Dane, premieres on CBS.
  • ...in 1985, Nintendo releases Super Mario Bros. for the Nintendo Entertainment System.