<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 9/27/2023

SHARE

Breaches

Campbell Soup says summer cyberattack caused limited business impact

Campbell Soup Co. said it discovered a cyber intrusion in part of its IT network during the end of its fiscal fourth quarter, according to a disclosure in its annual report filed Thursday with the Securities and Exchange Commission. The Camden, N.J.-based food manufacturer said it took immediate steps to investigate, contain and eliminate the threat, hired third-party cybersecurity experts and notified federal law enforcement. READ MORE...

Hacking

Exiled Russian journalist claims "European state" hacked her iPhone with Pegasus spyware

The co-founder and publisher of Meduza, a news outlet outlawed in Russia for its independent reporting and stance on the war in Ukraine, believes that a country in the European Union was behind the hacking of her iPhone with military-grade spyware. Galina Timchenko, who has been declared "undesirable" by the Kremlin and lives in exile in Europe, is thought to have joined a long line of journalists to have been spied upon by the notorious Pegasus spyware, developed by Israel's controversial NSO Group. READ MORE...


Russian hacking operations target Ukrainian law enforcement

Russian military cyber operations in the first half of 2023 focused on targeting Ukrainian law enforcement agencies to gather information about Ukrainian investigations into war crimes and counter-intelligence efforts against Russian spies and collaborators, Ukraine's top cyber defense organization said in a report released Monday. The report comes against a backdrop of what officials in Kyiv describe as a move toward intelligence operations in Russian hacking activity. READ MORE...


New AtlasCross hackers use American Red Cross as phishing lure

A new APT hacking group named 'AtlasCross' targets organizations with phishing lures impersonating the American Red Cross to deliver backdoor malware. Cybersecurity firm NSFocus identified two previously undocumented trojans, DangerAds and AtlasAgent, associated with attacks by the new APT group. NSFocus reports that the AtlasCross hackers are sophisticated and evasive, preventing the researchers from determining their origin. READ MORE...

Malware

'Snatch' Ransom Group Exposes Visitor IP Addresses

The victim shaming site operated by the Snatch ransomware group is leaking data about its true online location and internal operations, as well as the Internet addresses of its visitors, KrebsOnSecurity has found. The leaked data suggest that Snatch is one of several ransomware groups using paid ads on Google to trick people into installing malware disguised as popular free software, such as Microsoft Teams, Adobe Reader, Mozilla Thunderbird, and Discord. READ MORE...

Information Security

Credit card thieves target Booking[.]com customers

Staff in the hospitality industry are trained to accommodate their guests, and when they have a few years of experience under their belt you can be sure they'll have received some extraordinary requests. Which is something that clever cybercriminals are taking advantage of. Researchers at Perception Point recently documented a sophisticated phishing campaign targeting hotels and travel agencies. READ MORE...

Exploits/Vulnerabilities

New GPU Side-Channel Attack Allows Malicious Websites to Steal Data

Nearly all modern graphics processing units (GPUs) are vulnerable to a new type of side-channel attack that could be leveraged to obtain sensitive information, according to a team of researchers from various universities in the United States. The new attack method, named GPU.zip, was discovered and detailed by representatives of the University of Texas at Austin, Carnegie Mellon University, University of Washington, and University of Illinois Urbana-Champaign. READ MORE...


ROBOT crypto attack on RSA is back as Marvin arrives

An engineer has identified longstanding undetected flaws in a 25-year-old method for encrypting data using RSA public-key cryptography. In a paper titled, "Everlasting ROBOT: the Marvin Attack," Hubert Kario, senior quality engineer on the QE BaseOS Security team at Red Hat, shows that many software implementations of the PKCS#1 v1.5 padding scheme for RSA key exchange that were previously deemed immune to Daniel Bleichenbacher's widely known attack are, in fact, vulnerable. READ MORE...

On This Date

  • ...in 1822, French academic Jean-Francois Champollion announces that he has successfully deciphered the Rosetta Stone.
  • ...in 1954, the late-night TV program "Tonight with Steve Allen", which would later become "The Tonight Show", debuts on NBC.
  • ...in 1962, biologist Rachel Carson's environmental science book "Silent Spring" is published.
  • ...in 2003, the SMART-1 lunar satellite is launched by the European Space Agency.