Articles of interest from the week of April 1, 2024

AT&T Notifies Users of Data Breach and Resets Millions of Passcodes

The telecommunications giant said Saturday that a dataset found on the “dark web” contains information such as Social Security numbers for about 7.6 million current AT&T account holders and 65.4 million former account holders. (The Associated Press)

“This breach notification from AT&T is concerning since the data appears to be from 2019 or earlier and included Social Security numbers, passcodes as well as possibly other sensitive data.  While AT&T should be reaching out to customers, this data has been and will be in the wild for some time. A proactive approach to review your credit history along with any accounts that may have shared passcodes is recommended. This is an example of why using Identity monitoring services and reviewing your Credit history at least annually is imperative to protect your identity and financial reputation.” – Brad Schrack, CISSP, Sr. Information Security Analyst at Ingalls Information Security

US Congress Restricts Staff From Using Microsoft’s Copilot: Here’s Why

The US House of Representatives has prohibited its staff members from using Microsoft's AI-driven chatbot, Copilot, according to a report by Axios. The ban was announced by the House's Chief Administrative Officer, Catherine Szpindor, who declared that Microsoft Copilot is "unauthorized for House use." (NewsBytes)

Cloud Email Filtering Bypass Attack Works 80% of the Time

Computer scientists have uncovered a shockingly prevalent misconfiguration in popular enterprise cloud-based email spam filtering services, along with an exploit for taking advantage of it. The findings reveal that organizations are far more open to email-borne cyber threats than they know. (Dark Reading)

Beware! Backdoor Found in XZ Utilities Used by Many Linux Distros (CVE-2024-3094)

A vulnerability (CVE-2024-3094) in XZ Utils, the XZ format compression utilities included in most Linux distributions, may “enable a malicious actor to break sshd authentication and gain unauthorized access to the entire system remotely,” Red Hat warns. (Help Net Security)

New MFA-Bypassing Phishing Kit Targets Microsoft 365, Gmail Accounts

Cybercriminals have been increasingly using a new phishing-as-a-service (PhaaS) platform named 'Tycoon 2FA' to target Microsoft 365 and Gmail accounts and bypass two-factor authentication (2FA) protection. (BleepingComputer)

Facebook Snooped on Users’ Snapchat Traffic in Secret Project, Documents Reveal

In 2016, Facebook launched a secret project designed to intercept and decrypt the network traffic between people using Snapchat’s app and its servers. The goal was to understand users’ behavior and help Facebook compete with Snapchat, according to newly unsealed court documents. Facebook called this “Project Ghostbusters,” in a clear reference to Snapchat’s ghost-like logo. (TechCrunch)

New "GoFetch" Vulnerability in Apple M-Series Chips Leaks Secret Encryption Keys

A new security shortcoming discovered in Apple M-series chips could be exploited to extract secret keys used during cryptographic operations. (The Hacker News)

AcidPour | New Embedded Wiper Variant of AcidRain Appears in Ukraine

SentinelLabs has discovered the emergence of a new embedded wiper variant known as "AcidPour," a malicious software linked to the "AcidRain" threat, which has surfaced in Ukraine. (SentinelLabs)

Microsoft Confirms Windows Server Issue Behind Domain Controller Crashes

With the help of Interpol's cybercrime unit, Brazilian authorities recently made headway in combatting the infamous Grandoreiro banking Trojan operation with the arrest of five suspects allegedly associated with the group. (BleepingComputer)