News – February 2024


  • Facebook Marketplace users’ stolen data offered for sale

    February 15, 2024

    A cybercriminal was allegedly able to steal a partial database after hacking the systems of a Meta contractor. The leak consists of around 200,000 records that contain names, phone numbers, email addresses, Facebook IDs, and Facebook profile information of the affected Facebook Marketplace users. Read more… Source: Malwarebytes Labs  

  • BMW security lapse exposed sensitive company information, researcher finds

    February 14, 2024

    A misconfigured cloud storage server belonging to automotive giant BMW exposed sensitive company information, including private keys and internal data, TechCrunch has learned. Can Yoleri, a security researcher at threat intelligence company SOCRadar, told TechCrunch that he discovered the exposed BMW cloud storage server while routinely scanning the internet. Read more… Source: TechCrunch  

  • Riding Dragons: capa Harnesses Ghidra

    February 14, 2024

    capa is the FLARE team’s open source tool that detects capabilities in executable files. Ghidra is an open source software reverse engineering framework created and maintained by the National Security Agency Research Directorate. With the release of capa v7, Mandian researchers have integrated capa with Ghidra, bringing capa’s detection capabilities directly to Ghidra’s user interface. With ...

  • Philippines: Department of Education checking data breach after hacking

    February 14, 2024

    The Department of Education (DepEd) is examining its systems for possible data breaches after reports of hackers allegedly harvesting 750 gigabytes of data containing sensitive information on banking details, students, teachers and more. DeepWeb Konek, a collective of cybersecurity practitioners, reported yesterday morning on X that it monitored a post by a “threat actor” in the ...

  • The Risks Of The #Monikerlink Bug In Microsoft Outlook And The Big Picture

    February 14, 2024

    Recently, Check Point Research released a white paper titled “The Obvious, the Normal, and the Advanced: A Comprehensive Analysis of Outlook Attack Vectors”, detailing various attack vectors on Outlook to help the industry understand the security risks the popular Outlook app may bring into organizations. As mentioned in the paper, Check Point researches discovered an interesting ...

  • US military notifies 20,000 of data breach after cloud email leak

    February 14, 2024

    The U.S. Department of Defense is notifying tens of thousands of individuals that their personal information was exposed in an email data spill last year. According to the breach notification letter sent out to affected individuals on February 1, the Defense Intelligence Agency — the DOD’s military intelligence agency — said, “numerous email messages were inadvertently ...

  • Prudential reveals it was hit by data breach

    February 14, 2024

    Hackers were able to break into one of the largest life insurance companies in the United States and stole sensitive employee and contractor data. Prudential Financial has filed an 8-K form with the U.S. Securities and Exchange Commission (SEC) detailing the attack, according to a report. As per the filing, unnamed threat actors accessed the networks ...

  • TicTacToe Dropper

    February 14, 2024

    While analyzing malware samples collected from several victims, the FortiGuard team identified a grouping of malware droppers used to deliver various final-stage payloads throughout 2023. Malware droppers are malicious software designed to deliver and execute additional malware on a victim system and are employed to obfuscate final payloads during load and initial execution. Droppers within this ...

  • State of Emergency: How Minnesota hospitals, state officials prepare for cyber attacks

    February 13, 2024

    The State of Minnesota stores and protects data on some six million residents, and that’s only one cache of sensitive information under the close watch of Minnesota IT Services (MNIT). “It’s everything from highways and highway traffic control systems, we run the zoo. We run everything in between,” John Israel, chief information security officer at MNIT, ...

  • Bank Of America Warns Customers Of Data Breach Following 2023 Hack

    February 13, 2024

    A November 2023 breach at IT consulting and service provider Infosys McCamish Systems has now been confirmed to have led to a data breach impacting Bank of America customers. The number of Bank of America customers impacted by the breach, including personally identifiable information such as social security numbers, account numbers, date of birth and addresses, ...