The Leicester City Council suffered a cyber attack that severely impacted the authority’s services in March and led to the leak of confidential documents. The ransomware group behind the attack leaked multiple documents, including rent statements and applications to buy council houses. The attack occurred on March 7 and crippled the city council’s IT systems. Some lights have been stuck in all day due to the cyber attack and the council is unable to turn them off.
STAR: Shining Light on Space Supply Chain Risk
Ronald Birk, Lori W. Gordon, and Eleanor Mitch outline the factors behind the need for a system that dynamically updates space supply chain information. Along with higher demand, there is competition among sectors, such as medical device and auto makers, for certain commodities and many rare earth elements. The authors propose a distributed ledger technology (DLT) system called “Space supply chain Topology for Assessing Risk (STAR)” that would create a nexus for all stakeholders in the space supply chain community.
AT&T now says data breach impacted 51 million customers
AT&T is notifying 51 million former and current customers, warning them of a data breach that exposed their personal information on a hacking forum. However, the company has still not disclosed how the data was obtained. These notifications are related to the recent leak of a massive amount of AT&T customer data on the Breach hacking forums that was offered for sale for $1 million in 2021.
Women in Cybersecurity (WiCyS) Conference
Thursday, April 11, 2024 – Saturday, April 13, 2024
Location type: In-person
Location: Nashville TN
Delivery: Live
Event type: Conference
CISA is exhibiting and speaking at the Women in Cybersecurity (WiCyS) on April 11-13, 2024, in Nashville, TN.
This three-day conference is the flagship event to recruit, retain and advance women in cybersecurity — all while creating a community of engagement, encouragement and support at a technical conference for women and allies. WiCyS brings together women and allies in cybersecurity from academia, research, government, and industry.
The event will occur at Gaylord Opryland Resort & Convention Center, located at 2800 Opryland Drive, Nashville, TN 37214.
Alert: New Phishing Attack Delivers Keylogger Disguised as Bank Payment Notice
A new phishing campaign has been observed leveraging a novel loader malware to deliver an information stealer and keylogger called Agent Tesla. Trustwave SpiderLabs said it identified a phishing email bearing this attack chain on March 8, 2024. The message masquerades as a bank payment notification, urging the user to open an archive file attachment.
DOD to Build Domestic Mine-to-Magnet Supply Chain
The U.S. Department of Defense (DOD) says it is on track to meet its goal of forming a domestic supply chain for vital materials needed in both commercial products and military systems.
Pentagon officials said in early March that it had awarded about $440 million to establish supply networks for rare earth elements within the U.S. since 2020 and that it is on pace to build a supply that can sustain all agency requirements — from “mine to magnet” — by 2027.
AT&T says leaked data of 70 million people is not from its systems
AT&T says a massive trove of data impacting 71 million people did not originate from its systems after a hacker leaked it on a cybercrime forum and claimed it was stolen in a 2021 breach of the company. The data is from an alleged 2021 AT&T data breach that a threat actor known as ShinyHunters attempted to sell on the RaidForums data theft forum for a starting price of $200,000 and incremental offers of $30,000. The hacker stated they would sell it immediately for $1 million.
Israeli Universities Hit by Supply Chain Cyberattack Campaign
Iranian hacktivists executed a supply chain attack on Israeli universities by initially breaching systems of a local technology provider to the academic sector.
The self-styled Lord Nemesis group boasted online that it used credentials snatched from Rashim Software to break into the systems of the vendor’s clients, universities, and colleges in Israel. The hack-and-leak operation began on or around November 2023, according to Op Innovate, an incident response firm that assisted one of the victim universities.
MiTM phishing attack can let attackers unlock and steal a Tesla
Researchers demonstrated how they could conduct a Man-in-the-Middle (MiTM) phishing attack to compromise Tesla accounts, unlocking cars, and starting them. The attack works on the latest Tesla app, version 4.30.6, and Tesla software version 11.1 2024.2.7. The researchers reported their findings to Tesla saying that linking a car to a new phone lacks proper authentication security. However, the car maker determined the report to be out of scope.
25th Annual CERIAS Security Symposium
April 2-3 at Purdue University.
Join cybersecurity leaders, practitioners, researchers, educators, at the nation’s premier cybersecurity conference that brings government, commercial industry and academia together to examine the state of Cybersecurity and forecast the threats ahead.