IT Security Newsletter - 9/5/2023
German financial agency site disrupted by DDoS attack since Friday
The German Federal Financial Supervisory Authority (BaFin) announced today that an ongoing distributed denial-of-service (DDoS) attack has been impacting its website since Friday. BaFin is Germany's financial regulatory authority, part of the Federal Ministry of Finance, responsible for supervising 2,700 banks, 800 financial, and 700 insurance service providers. The regulator is known for its law enforcement role in Germany and internationally. READ MORE...
Freecycle users told to change passwords after data breach
Freecycle, an online community that encourages sharing unwanted items with eachother than chucking them in the bin or taking them to landfill, has told users to change their passwords after it suffered a data breach. An announcement on the Freecycle website was the first I knew about the security breach, as - at the time of writing - despite being a member of the site I still haven't received any other notification from the community. READ MORE...
Hacker gains admin control of Sourcegraph and gives free access to the masses
An unknown hacker gained administrative control of Sourcegraph, an AI-driven service used by developers at Uber, Reddit, Dropbox, and other companies, and used it to provide free access to resources that normally would have required payment. In the process, the hacker(s) may have accessed personal information belonging to Sourcegraph users, Diego Comas, Sourcegraph's head of security, said in a post on Wednesday. READ MORE...
LockBit ransomware gang steals data related to security of UK military bases
An attack by the notorious LockBit ransomware gang stole 10 GB of data from a company that provides high-security fencing for military bases. Zaun says that on 5-6 August a "sophisticated cyber attack" saw hackers exploit an obsolete Windows 7 PC to gain access to the company's servers, and exfiltrate data which has since been published on the dark web. According to the firm, classified documents are not believed to have been included in the haul. READ MORE...
A firsthand perspective on the recent LinkedIn account takeover campaign
Not long ago I wrote about a recent campaign to hold LinkedIn users' accounts to ransom. Shortly after I published the article, a co-worker, Peace, reached out to me told me they'd been a target of the campaign. His story begins with an SMS text from LinkedIn telling him to reset his password. He found this confusing: It arrived in the middle of the night, and he hadn't asked for a password reset. Since he doesn't use the LinkedIn app on his mobile he checked his account on his laptop. READ MORE...
Why is .US Being Used to Phish So Many of Us?
Domain names ending in ".US" - the top-level domain for the United States - are among the most prevalent in phishing scams, new research shows. This is noteworthy because .US is overseen by the U.S. government, which is frequently the target of phishing domains ending in .US. Also, .US domains are only supposed to be available to U.S. citizens and to those who can demonstrate that they have a physical presence in the United States. READ MORE...
Developers Warned of Malicious PyPI, NPM, Ruby Packages Targeting Macs
Threat actors have started uploading malicious packages to PyPI, NPM, and RubyGems repositories in a new campaign aimed at stealing user information, software supply chain security firm Phylum reports. The first malicious packages were uploaded to PyPI and NPM repositories over the weekend, specifically targeting macOS users. The PyPI package that Phylum initially observed was designed to harvest information about the victim's machine and exfiltrate it to an attacker-controlled server. READ MORE...
- ...in 1774, The First Continental Congress assembles in Philadelphia, in response to the British Parliament's "Intolerable Acts."
- ...in 1882, the first US Labor Day parade is held in NYC, 12 years before it became an official federal holiday.
- ...in 1927, Universal releases the first "Oswald the Lucky Rabbit" cartoon, animated by the Walt Disney Studio.
- ...in 1960, boxer Muhammad Ali (at the time still known as Cassius Clay) wins the gold medal at the Olympic Games in Rome.