Tuesday, January 31, 2023
SecurityWeek

British Retailer JD Sports Discloses Data Breach Affecting 10 Million Customers

British sports fashion retail firm JD Sports on Monday revealed that it has discovered a data breach impacting roughly 10 million of its customers.  According to the company, the cyber incident affects information provided by customers who placed online orders...
SecurityWeek

Vulnerabilities in OpenEMR Healthcare Software Expose Patient Data

Vulnerabilities in the OpenEMR healthcare software could allow remote attackers to steal sensitive patient data or execute arbitrary commands and take over systems. OpenEMR is an open source software used for the management of health records. It also allows patients...
SecurityWeek

Russia-Linked APT29 Uses New Malware in Embassy Attacks

Russia-linked cyberespionage group APT29 has been observed staging new malware for attacks likely targeting embassy-related individuals, Recorded Future reports. Also referred to as Cozy Bear, the Dukes, Nobelium, and Yttrium, APT29 is a Russian advanced persistent threat (APT) group believed...
SecurityWeek

Meta Awards $27,000 Bounty for 2FA Bypass Vulnerability

A researcher has disclosed the details of a two-factor authentication (2FA) vulnerability that earned him a $27,000 bug bounty from Facebook parent company Meta.  Gtm Manoz of Nepal discovered in September 2022 that a system designed by Meta for confirming...
SecurityWeek

The Effect of Cybersecurity Layoffs on Cybersecurity Recruitment

On Friday, January 20, 2023, Google announced it would lay off 12,000 employees. Amazon and Microsoft have laid off a combined 28,000 people; Twitter has reportedly lost 5,200 people; Meta (Facebook, etcetera) is laying off 11,000… This is just...
SecurityWeek

Critical Vulnerability Impacts Over 120 Lexmark Printers

Printer and imaging products manufacturer Lexmark this week published a security advisory to warn users of a critical vulnerability impacting over 120 printer models. The issue, tracked as CVE-2023-23560 (CVSS score of 9.0), is described as a server-side request forgery...
SecurityWeek

BIND Updates Patch High-Severity, Remotely Exploitable DoS Flaws

The Internet Systems Consortium (ISC) this week announced patches for multiple high-severity denial-of-service (DoS) vulnerabilities in the DNS software suite BIND. The addressed issues could be exploited remotely to cause named – the BIND daemon that acts both as an...
SecurityWeek

Industry Reactions to Hive Ransomware Takedown: Feedback Friday

Authorities in the United States and Europe have announced the results of a major law enforcement operation targeting the Hive ransomware.  Agencies from around the world worked together to take down Hive’s leak website and servers. In addition, agents hacked...
SecurityWeek

Microsoft Urges Customers to Patch Exchange Servers

Microsoft this week published a blog post to remind its customers of the continuous wave of attacks targeting Exchange servers and to urge them to install the latest available updates as soon as possible. “Attackers looking to exploit unpatched Exchange...
SecurityWeek

Iranian APT Leaks Data From Saudi Arabia Government Under New Persona

The Iran-linked advanced persistent threat (APT) actor known as Moses Staff is leaking data stolen from Saudi Arabia government ministries using a recently created online persona. Also referred to as Cobalt Sapling, Moses Staff has been likely active since November...
SecurityWeek

US Reiterates $10 Million Reward Offer After Disruption of Hive Ransomware

Following the shutdown of the Hive ransomware operation by law enforcement, the US government has reminded the public that a reward of up to $10 million is offered for information on cybercriminals. Authorities in the United States and Europe announced...
SecurityWeek

Cyberattacks Target Websites of German Airports, Admin

The websites of German airports, public administration bodies and financial sector organizations have been hit by cyberattacks instigated by a Russian “hacker group”, authorities said Thursday. The Federal Cyber Security Authority (BSI) had “knowledge of DDoS attacks against targets in Germany”, a...
SecurityWeek

US Infiltrates Big Ransomware Gang: ‘We Hacked the Hackers’

The FBI has at least temporarily dismantled the network of a prolific ransomware gang it infiltrated last year, saving victims including hospitals and school districts a potential $130 million in ransom payments, Attorney General Merrick Garland and other U.S....
SecurityWeek

Tenable Launches $25 Million Early-Stage Venture Fund

Vulnerability management software firm Tenable has launched a $25 million venture fund to place bets on early-stage startups in the attack surface and exposure management space. The new Tenable Ventures plans to make seed- and early-stage investments in companies building...
SecurityWeek

820k Impacted by Data Breach at Zacks Investment Research

Stock research firm Zacks Investment Research is in the process of notifying customers that their personal information was compromised in a data breach. Founded in 1978, Zacks Investment Research is one of the largest providers of stock research, analysis and...
SecurityWeek

Mapping Threat Intelligence to the NIST Compliance Framework Part 2

The NIST compliance framework consists of 5 core functions: identify, protect, detect, respond and recover. In my previous column, I mapped threat intelligence capabilities to the NIST core function of Identify. In this column, I will continue the discussion...
SecurityWeek

Hive Ransomware Operation Apparently Shut Down by Law Enforcement

The Hive ransomware operation appears to have been shut down as part of a major law enforcement operation involving agencies in 10 countries.  A message displayed in English and Russian on the Hive ransomware operation’s Tor-based website reads: The Federal...
SecurityWeek

US Government Agencies Warn of Malicious Use of Remote Management Software

The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Multi-State Information Sharing and Analysis Center (MS-ISAC) are warning organizations of malicious attacks using legitimate remote monitoring and management (RMM) software. IT service providers use RMM applications to...
SecurityWeek

UK Gov Warns of Phishing Attacks Launched by Iranian, Russian Cyberspies

The United Kingdom’s National Cyber Security Centre (NCSC) has published an advisory to warn organizations and individuals about separate spearphishing campaigns conducted by Russian and Iranian cyberespionage groups. The advisory focuses on activities conducted by the Russia-linked Seaborgium group (aka...
SecurityWeek

Chinese Hackers Adopting Open Source ‘SparkRAT’ Tool

A Chinese threat actor tracked as DragonSpark has been using the SparkRAT open source remote administration tool (RAT) in recent attacks targeting East Asian organizations, cybersecurity firm SentinelOne reports. Relatively new, SparkRAT is a multi-platform RAT written in Golang that...

GitHub says hackers cloned code-signing certificates in breached repository

Enlarge GitHub said unknown intruders gained unauthorized access to some of its code repositories and stole code-signing certificates for two of its desktop applications: Desktop and Atom. Code-signing certificates place...
Security Affairs

QNAP addresses a critical flaw impacting its NAS devices

Taiwanese vendor QNAP is warning customers to install QTS and QuTS firmware updates to address a critical flaw impacting its NAS devices. QNAP released QTS and QuTS firmware updates to address a critical vulnerability, tracked as CVE-2022-27596 (CVSS v3 score: 9.8), that...
The Register

Chromebook SH1MMER exploit promises admin jailbreak

Schools' laptops are out if this one gets around, but beware bricking Users of enterprise-managed Chromebooks now, for better or worse, have a way to break the shackles of administrative control through an exploit called SHI1MMER.…

MusicLM: Google AI generates music in various genres at 24 kHz

Enlarge / An AI-generated image of an exploding ball of music. (credit: Ars Technica) On Thursday, researchers from Google announced a new generative AI model called MusicLM that can create...

Russia's Sandworm APT Launches Swarm of Wiper Attacks in Ukraine

The incidents are the latest indication of the growing popularity of dangerous disk wipers, created to disrupt and degrade critical infrastructure and other organizations.