IT Security Newsletter

IT Security Newsletter - 9/22/2022

Written by Cadre | Thu, Sep 22, 2022

Stolen single sign-on credentials for major firms available for sale on dark web

The dark web is awash with stolen single sign-on credentials, including credentials belonging to half of the top 20 largest public companies, research from BitSight found. More than 25% of the entire S&P 500 have had stolen credentials appear online. The dark web is awash with stolen single sign-on credentials, including credentials belonging to half of the top 20 largest public companies, research from BitSight found. More than 25% of the entire S&P 500 have had stolen credentials appear online. READ MORE...

Ransom demand escalates fallout from Los Angeles schools cyberattack

Alberto Carvalho is confronting a major ransomware attack just eight months after he joined the Los Angeles Unified School District as superintendent. Late Tuesday, two weeks after LAUSD publicly disclosed the attack, Carvalho confirmed a ransom demand was made by the group that breached the district's systems. He remained tight-lipped about the amount demanded and what information the ransomware group claims to have stolen from the country's second-largest school system. READ MORE...

Tax refund phish logs keystrokes to swipe personal details

There's been some smart phishing campaigns running over the last few weeks, and this one is particularly sneaky. Bleeping Computer reports that a phishing page is targeting Greek taxpayers with a tax refund scam. The added sting in the tail comes in the form of an embedded keylogger which grabs everything entered onto the page. The phishing mails rely on that time-honoured tradition of bogus tax returns and non-existent refunds. READ MORE...

The record-setting DDoSes keep coming, with no end in sight

The record-vying distributed denial-of-service attacks keep coming, with two mitigation services reporting they encountered some of the biggest data bombardments ever by threat actors whose tactics and techniques are constantly evolving. On Monday, Imperva said it defended a customer against an attack that lasted more than four hours and peaked at more than 3.9 million requests per second (RPS). READ MORE...

BlackCat ransomware's data exfiltration tool gets an upgrade

The BlackCat ransomware (aka ALPHV) isn't showing any signs of slowing down, and the latest example of its evolution is a new version of the gang's data exfiltration tool used for double-extortion attacks. BlackCat is considered a successor to Darkside and BlackMatter and is one of the most sophisticated and technically advanced Ransomware-as-a-service (RaaS) operations. READ MORE...

Sophisticated Hermit Mobile Spyware Heralds Wave of Government Surveillance

While NSO Group's Pegasus spyware is perhaps the highest-profile surveillance weapon used by repressive governments against civil society, a recently discovered, powerful mobile reconnaissance malware dubbed Hermit has come to light, being touted by an Italian developer as a "lawful intercept" tool. So far, Lookout has observed the Hermit spyware being used by the government of Kazakhstan after the violent suppression of protests with the help of Russian armed forces, and elsewhere. READ MORE...

Vulnerable children's identities used in tax fraud scheme

The United States Attorney for the Southern District of New York has sentenced Ariel "Melo" Jimenez (38) to 12 years in prison for leading a "tax fraud and identity theft conspiracy" that resulted in the fraudulent claiming of tax credits, earning him millions of dollars. "Ariel Jimenez was the leader of a long-running fraudulent tax business that cheated the Government of tax refunds by stealing the identities of vulnerable children," said US Attorney General Damian Williams in a press release. READ MORE...

Unpatched 15-year old Python bug allows code execution in 350k projects

A vulnerability in the Python programming language that has been overlooked for 15 years is now back in the spotlight as it likely affects more than 350,000 open-source repositories and can lead to code execution. Disclosed in 2007 and tagged as CVE-2007-4559, the security issue never received a patch, the only mitigation provided being a documentation update warning developers about the risk. READ MORE...

Oracle Cloud Infrastructure Vulnerability Exposed Sensitive Data

Cloud security company Wiz has published information on an Oracle Cloud Infrastructure (OCI) vulnerability allowing attackers to modify users' storage volumes without authorization. Referred to as #AttachMe and mentioned in Oracle's July 2022 Critical Patch Update, the vulnerability could have exposed sensitive data to attackers knowing the victim's Oracle Cloud Identifier (OCID). READ MORE...

  • ...in 1789, the office of United States Postmaster General is established.
  • ...in 1958, rock musician Joan Jett ("I Love Rock 'n' Roll", "Bad Reputation") is born in Wynnewood, PA.
  • ...in 1961, President John F. Kennedy signs legislation establishing the Peace Corps as a permanent government agency.
  • ...in 1991, the Dead Sea Scrolls are made available to the public for the first time.