Security Leftovers

posted by Roy Schestowitz on Mar 18, 2023,
updated Mar 18, 2023

• Latitude leaks customer data after employee login details stolen

  Financial services provider Latitude Financial has disclosed a breach that it says has led to the leak of personal IDs of more than 100,000 customers from one of its service providers.

  Additionally, about 225,000 customer records were stolen from a second service provider, the company said in a statement to the ASX on Thursday.

• US Charges Two Men Over Use of Hacked Law Enforcement Database for Doxing

  Sagar Singh and Nicholas Ceraolo have been charged for their alleged roles in a doxing operation that involved hacking a law enforcement platform and email account.

• SAP Releases Five ‘Hot News’ Notes on March 2023 Patch Day

  SAP has released 19 new notes on March 2023 Security Patch Day, including five notes rated hot news.

• FCC rules aims to curb scourge of robotexts assaulting Americans’ phones

  The agency reports that scam text complaints rose 500% between 2015 to 2022, reflecting the increase in robotexts Americans receive annually.

• Rural hospitals need help from feds to fight ransomware, witnesses tell lawmakers

  Experts told Senators on Thursday that rural hospitals don't have the necessary resources to fend off an increasing number of cyberattacks.

• Scammers target Cloudflare CEO with Silicon Valley Bank-themed spearphishing

  The collapse of the U.S. tech industry's bank of choice has prompted a massive amount of fraud attempting to capitalize on its downfall.

• The US cybersecurity strategy won’t address today’s threats with regulation alone

  The Biden administration needs to foster greater public-private collaboration, involve global partners and help build the cyber workforce to fight growing digital threats.

• Russian Cyberspies Abuse EU Information Exchange Systems in Government Attacks [Ed: Misdirection. The issue is Microsoft, not those exploiting the holes.]

  Russia-linked APT29 was seen abusing the legitimate information exchange systems used by European countries in attacks aimed at governments.

• Microsoft Pins Outlook Zero-Day Attacks on Russian Actor, Offers Detection Script [Ed: Once again Microsoft leverages geopolitics to distract from its incompetence if not liability]

  Microsoft blames a “Russian-based threat actor” for in-the-wild attacks hitting its flagship Microsoft Outlook and has released a detection script to help defenders.

• Chinese Cyberspies Hacked DLP Company Serving Military, Government Orgs

  The Chinese hacker group Tick has targeted an East Asian data loss prevention firm whose customers include military and other government organizations.