Articles of interest from the week of March 18, 2024

Over 15,000 Hacked Roku Accounts Sold for 50¢ Each To Buy Hardware

Roku has disclosed a data breach impacting over 15,000 customers after hacked accounts were used to make fraudulent purchases of hardware and streaming subscriptions. (BleepingComputer)

“The reuse of username and password pairs continues to pose a significant security risk, as it provides threat actors with an easily exploitable advantage. It is likely that Roku account holders affected by breaches may also find other accounts compromised, owing to the likelihood these credentials were obtained from a prior breach and or leak. Unfortunately, credential-stuffing attacks are prevalent and are successful enough to remain so. Set aside time to review your accounts, at the minimum to ensure you still have sole control over them. You may be surprised how many still share logins and or do not have MFA enabled.” – Jessica Owens, Senior SOC Analyst at Ingalls Information Security

CISA Forced To Take Two Systems Offline Last Month After Ivanti Compromise

The Cybersecurity and Infrastructure Security Agency (CISA) has taken two systems offline in response to a compromise by Ivanti, a security software company. The decision was made to mitigate potential risks posed by the breach. Ivanti confirmed the incident and stated that the compromise was limited to a single software package. CISA's action underscores the severity with which government agencies respond to cybersecurity threats, particularly in safeguarding critical infrastructure. (The Record)

Kubernetes Vulnerability Allows Remote Code Execution on Windows Endpoints

A high-severity Kubernetes vulnerability tracked as CVE-2023-5528 can be exploited to execute arbitrary code on Windows endpoints. (SecurityWeek)

Fortinet Warns of Yet Another Critical RCE Flaw

CVE-2024-48788, like many other recent Fortinet flaws, will likely be an attractive target, especially for nation-state-backed actors. (Dark Reading)

Stanford: Data of 27,000 People Stolen in September Ransomware Attack

Stanford University says the personal information of 27,000 individuals was stolen in a ransomware attack impacting its Department of Public Safety (SUDPS) network. (BleepingComputer)

Microsoft Says Russian Gov Hackers Stole Source Code After Spying on Executive Emails

Microsoft says the Russian government-backed hacking team that broke into its corporate network and spied on senior executives also stole source code and may still be poking around its internal computer systems. (SecurityWeek)

Microsoft Says Windows 10 21H2 Support Is Ending in June

Microsoft announced today that it would end support for Windows 10 21H2 in June when the Enterprise and Education editions reach the end of service. (BleepingComputer)

Chinese State Hackers Target Tibetans with Supply Chain, Watering Hole Attacks

The China-linked threat actor known as Evasive Panda orchestrated both watering hole and supply chain attacks targeting Tibetan users at least since September 2023. The end goal of the attacks is to deliver malicious downloaders for Windows and macOS that deploy a known backdoor called MgBot and a previously undocumented Windows implant known as Nightdoor. (The Hacker News)

Brazilian Authorities Arrest Members of Banking Trojan Cybercrime Group

With the help of Interpol's cybercrime unit, Brazilian authorities recently made headway in combatting the infamous Grandoreiro banking Trojan operation with the arrest of five suspects allegedly associated with the group. (Dark Reading)