Summary:
- Flagstar Bank, a Michigan-based financial services provider, has experienced a data breach affecting 837,390 of its US customers.
- The breach happened through a third-party service provider, Fiserv, and was traced back to vulnerabilities in MOVEit Transfer, a file transfer software used by Fiserv.
- The unauthorized activity occurred between May 27 and 31, 2023, allowing threat actors to access and obtain customer information.
- Flagstar Bank promptly acted upon discovering the breach, initiated an investigation, and remediated the vulnerabilities.
- They have provided complimentary identity monitoring services to affected customers through Kroll for two years.
- Flagstar Bank has experienced two previous cybersecurity breaches in 2021.
Hashtags:
#FlagstarBank #data breach #MOVEitTransfer #Fiserv #cybersecurity #identitymonitoring
https://www.infosecurity-magazine.com/news/flagstar-bank-moveit-breach/
Text Summary:
FortiGuard Labs has discovered a new evolution in the IZ1H9 Mirai-based DDoS campaign. The campaign rapidly updates its exploits and targets vulnerabilities in various IoT devices. Exploitation peaked on September 6, with tens of thousands of trigger counts. The campaign uses specific payloads to exploit vulnerabilities in different devices, initiating a shell script downloader and downloading various bot clients. The Mirai variant, IZ1H9, infects Linux-based IoT devices. The campaign highlights the persistent threat of RCE attacks on IoT devices and emphasizes the importance of applying patches promptly and changing default login credentials.
Hashtags:
#IoT #Botnet #Exploits #DDoS #Vulnerabilities #MiraiVariant #RCE #LinuxBasedDevices #Security
https://www.infosecurity-magazine.com/news/iz1h9-botnet-targets-iot-devices/
U.S. Army Sergeant arrested for spying secrets to China. #Spying #China #NationalSecurity #Breach
Hackers exploit Citrix NetScaler vulnerability to steal user credentials. Hashtags: #Cybersecurity #DataBreach #NetScalerVulnerability
https://cybersecuritynews.com/hackers-exploiting-citrix-netscaler-vulnerability/
An unidentified APT group has targeted organizations in Taiwan's manufacturing, IT, and biomedical sectors, as well as a government agency in the Pacific Islands, Vietnam, and the United States of America. The group, known as Grayling, uses custom malware and public tools for its attacks. The attackers employ techniques such as DLL sideloading, Cobalt Strike, NetSpy, and Havoc to escalate privileges, scan networks, and carry out other malicious activities. While no data exfiltration was detected, the group's focus suggests intelligence gathering in the manufacturing, IT, biomedical, and government sectors. The use of public tools makes attribution challenging for investigators. #CyberSecurity #APTHacking #Malware-Attacks
Magecart hackers have been discovered hiding malicious code in 404 error pages to avoid detection. The attacks have targeted Magento and WooCommerce websites, including some belonging to large organizations in the food and retail sectors. The attacks involve three distinct phases: loader, malicious attack code, and data exfiltration. Researchers found that the default 404 page of the websites contained obfuscated JavaScript attack code. The attackers also used two other attack variants to conceal the malicious loader code. #Magecart #cybersecurity #malware
https://www.infosecurity-magazine.com/news/magecart-hackers-hide-404-error/
HackerGPT is a ChatGPT-enabled penetration testing tool that helps with network hacking and mobile hacking. It uses ChatGPT for generating replies ethically. A 14-day trial is available for access to GPT-4 and other benefits. The tool is praised for its usefulness in bug bounty reports and as a time saver. Ethical hackers can use it to improve security evaluation and simplify communication of vulnerabilities. Patch Manager Plus can be used to patch vulnerabilities in third-party applications.
#HackerGPT #penetrationtesting #networkhacking #mobilehacking #ethicalhacking #bugbounty #securityevaluation #vulnerabilities #PatchManagerPlus
#AIRisks #ArtificialIntelligence #FutureTechnology #Dystopia #Ethics #Control #Power #Regulation #Equality #Accountability #Governance #Transparency #Humanity
https://www.schneier.com/blog/archives/2023/10/ai-risks.html
Phishers are targeting USPS and other national postal services, using SMS phishing to steal personal and financial information. The phishing pages impersonate the USPS and ask for address and additional data. The phishing operation includes multiple domains, some of which are tied to fly.linkcdn[.]to. The phishing sites also use a Google Analytics code belonging to the USPS. The phishing domains extend to postal services in Australia, Ireland, Spain, Costa Rica, Chile, Mexico, Italy, the Netherlands, Denmark, Norway, Sweden, and Finland. This is a reminder to be cautious of phishing scams and avoid clicking on unbidden links or attachments. #Phishing #USPS #PostalServices #Cybersecurity
https://krebsonsecurity.com/2023/10/phishers-spoof-usps-12-other-natl-postal-services/
Patches are being prepared for a high-severity vulnerability in the cURL data transfer project. The vulnerability is considered one of the worst flaws in the open source tool. The maintainers of cURL are urging organizations to inventory and scan all systems using curl and libcurl. The vulnerability potentially impacts all projects relying on libcurl. #cURL #vulnerability #patching
https://www.securityweek.com/patches-prepared-for-probably-worst-curl-vulnerability/
Credential Harvesting Campaign Targets Unpatched NetScaler Instances. Threat actors are targeting Citrix NetScaler instances unpatched against CVE-2023-3519 to steal user credentials. #CredentialHarvesting #NetScalerInstances #Cybersecurity
Summary: A credential harvesting campaign is exploiting a vulnerability in unpatched Citrix NetScaler gateways to steal user credentials. The campaign involves injecting a PHP web shell and custom HTML code to the authentication page, collecting user credentials, and sending them to a remote server. Organizations are advised to patch their NetScaler gateways and change passwords as part of remediation efforts. #CybersecurityNews #CredentialHarvestingCampaign #NetScalerVulnerability
https://www.securityweek.com/credential-harvesting-campaign-targets-unpatched-netscaler-instances/
Recently, a vulnerability in the TagDiv Composer plugin associated with Newspaper and Newsmag themes has been exploited to hack thousands of WordPress sites as part of the Balada Injector campaign. The vulnerability, known as CVE-2023-3169, allows for stored cross-site scripting (XSS) attacks. The Balada Injector threat group has been active for many years and typically redirects website visitors to fake tech support and scam sites. Sucuri has identified over 17,000 infected websites, with 9,000 related to the TagDiv plugin vulnerability. It's important for WordPress site owners to protect against these attacks. #WordPress #TagDiv #vulnerability #cybersecurity #hacking
Summary:
- Despite the advances in technology, women are still underrepresented in the tech industry.
- The number of women in the UK's technology sector has declined.
- Barriers in the tech industry prevent women from entering and thriving.
- Encouraging young girls and women to pursue technology-related subjects and industries is necessary for the industry to thrive.
- Stereotypes and gendering of subjects still exist, but they can be challenged and broken down.
- Mentorship among women is crucial to inspire and support future generations.
- Companies need to implement policies to tackle inequality and build an inclusive workplace.
Hashtags:
#WomenInTech #GenderEquality #TechIndustry #DiversityAndInclusion #Mentorship #InclusiveWorkplace #Equality #WomenEmpowerment
https://www.infosecurity-magazine.com/opinions/challenging-ideas-empower-women/
Google's research team has launched v8CTF, a capture-the-flag (CTF) challenge focused on its Chrome browser’s V8 JavaScript engine. The competition is open to any exploit writers and offers a reward of $10,000 for valid submissions. #GoogleBugBounty #v8CTF
Google has expanded its bug bounty program to include Chrome V8 and Google Cloud. Exploit writers who discover zero-day vulnerabilities can receive additional rewards of up to $180,000. #BugBountyProgram #ChromeV8 #GoogleCloud
In addition to v8CTF, Google has announced the kvmCTF challenge, which focuses on Google Cloud’s kernel-based virtual machine. Successful participants can receive rewards ranging from $14,999 to $99,999. #kvmCTF #GoogleCloud
Researchers are encouraged to publish their submissions to help the community learn from each other’s techniques. #InfoSharing #CybersecurityCommunity
https://www.infosecurity-magazine.com/news/google-bug-bounty-expands-chrome/
Summary:
- Webwyrm malware is attacking over 100,000 users in 50 countries, mimicking over 1000 companies.
- The potential losses from the scam could exceed $100 million.
- Victims are targeted on social media, especially WhatsApp, with fake job offers.
- The scammers demand cryptocurrency deposits and deplete victims' bank accounts.
- Countermeasures include tracing scammer origins, rapid response teams, and educational campaigns.
Hashtags:
#Webwyrm #MalwareAttack #CyberSecurity #Scam #FakeJobOffers #Cryptocurrency #Countermeasures
https://cybersecuritynews.com/webwyrm-malware-affects-users/
Snake Keylogger steals victim logins, data, keystrokes, and captures screen. #CyberSecurity #Malware #Keylogger #DataTheft
Phishing attacks and malware distribution pose risks when opening unknown attachments or links in emails. #EmailSecurity #CyberThreats
Researchers discovered Snake Keylogger, a sophisticated .NET infostealer malware, that steals logins, clipboard data, and keystrokes. #Malware #Infostealer #DataBreach
An email with fake contents and social engineering tactics tricks recipients into downloading an attachment. #Phishing #SocialEngineering #EmailSecurity
Snake Keylogger exfiltrates stolen data via FTP, SMTP, and Telegram, making it discreet and persistent. #DataExfiltration #CyberAttack
Recommendations: Zero Trust Security, Employee Training, Endpoint Security, Email Security Solutions, Multi-Factor Authentication. #CyberSecurity BestPractices
ConnectedIO’s 3G/4G Routers Vulnerability Let Hackers Execute Malicious Code. Critical issues in ConnectedIO’s ER2000 edge routers have been discovered. An attacker can compromise the cloud infrastructure, execute malicious code, and expose user and device data. Flaws have been fixed by Team82. The vulnerabilities impact the ConnectedIO platform and the MQTT communication protocol. Hard-coded authentication credentials can be exploited to gain access to router passwords, SSIDs, and device identifiers. IMEI information can be used to impersonate devices and force them to execute commands. Firmware upgrades have been issued to address the vulnerabilities. Patch Manager Plus can be used to patch vulnerabilities in third-party applications. #CyberSecurity #Vulnerability #RouterSecurity #CloudSecurity #DataBreach.
https://cybersecuritynews.com/connectedios-3g-4g-routers-vulnerability/
Summary: MGM Resorts International has revealed that the costs resulting from a ransomware attack in September have exceeded $100 million. The attack caused operational disruptions, particularly in the Las Vegas properties, leading to significant financial losses. Despite the financial impact, MGM Resorts is committed to enhancing its cybersecurity measures to protect customer data. Hashtags: #MGMResorts #RansomwareAttack #Cybersecurity
Note: The number of sentences and hashtags can be specified by the user.
https://www.infosecurity-magazine.com/news/mgm-resorts-dollar100m-costs/
Summary: Victims of fraud lost a total of $2.7 billion to scammers on social media platforms between January 2021 and June 2023, surpassing losses from regular websites, phone calls, and emails. The most common scams on social media were online shopping scams, investment fraud, and romance fraud. Scammers often lure victims with promises of high returns on investments, particularly involving cryptocurrency. The Federal Trade Commission (FTC) advises users to limit their profile information, be cautious of requests for money from friends online, and research companies before making purchases.
Hashtags: #fraud #socialmedia #onlineshoppingscams #investmentfraud #romancescams #FTC
https://www.infosecurity-magazine.com/news/social-dominates-victims-take-27bn/
Summary: Software provider Blackbaud has reached a $49.5 million settlement with 49 states over charges related to a 2020 ransomware breach. The breach impacted 13,000 nonprofit customers and compromised over one million files, including Social Security numbers and healthcare information. Despite paying its extortionists, Blackbaud has faced legal action for concealing the breach. Under the settlement, Blackbaud will fortify its data security and improve customer notification in the event of another breach.
Hashtags: #Blackbaud #ransomware #breach #settlement #datasecurity
https://www.infosecurity-magazine.com/news/blackbaud-settles-ransomware-case/