Mandiant Twitter account restored after crypto scam hack
The Google Cloud-affiliated cybersecurity firm saw its Twitter/X account taken over for a period of six hours on Wednesday by a group looking to promote a cryptocurrency scam. Its account was renamed to a “@Phantom” handle for a time and included messages promoting an airdrop scam along with messages to Mandiant itself. Rachel Tobac, CEO of SocialProof Security, said on Twitter/X, “some folks are giving advice to turn on MFA to prevent [account takeover…] but it’s also possible that someone in Support at Twitter was bribed or compromised which allowed the attacker access to Mandiant’s account.”
(The Hacker News and Twitter/X)
Law firm that handles data breaches hit by data breach
The firm, Orrick, Herrington & Sutcliffe, based in San Francisco has announced the breach, which occurred in March of last year. They stated the breach involved “reams of data from its systems that pertain to security incidents at other companies, during which Orrick served as legal counsel.” The data stole includes PII of over 630,000 people, especially related to dental and health care plans through a number of health insurers. This ranges from addresses and dates of birth through to medical diagnoses and credit and debit card numbers. The firm has not explained how the hackers obtained access or whether a ransom was demanded.
Spanish mobile carrier suffers outage after account takeover
Orange is one of the largest mobile carriers in Spain. The outage, which has since been restored, lasted three hours and involved a hacker penetrating the company via its account on RIPE, Europe’s regional internet register. Cybersecurity firm Hudson Rock traced the breach back to the computer of an Orange Spain employee who was infected by a Raccoon type Infostealer earlier this year.
AI-based invoice fraud on the rise
A report published Wednesday by the security firm ReSecurity highlights the sophistication and success of AI-based invoice manipulation, being used successfully by gangs who sell their services or tools on the dark web. In 2022 alone the cost of invoice fraud was estimated by the FBI at $2.4 billion. As just one example in the report, “the tool […] scrutinizes compromised emails through POP3/IMAP4 protocols, identifying messages that either mention invoices or include attachments with payment details. Upon detection, the tool alters the banking information of the intended recipient (like the victim’s supplier) to details specified by the perpetrator […] Often, accountants and staff in victimized companies do not thoroughly check invoices that appear familiar or nearly genuine, leading to unverified payments.” A link to the report is available in the show notes to this episode.
Huge thanks to this week’s episode sponsor, NetSPI
SpaceX launches first phone service satellites
On Tuesday, the company deployed its first set of Starlink satellites capable of communicating with smartphones. This follows an arrangement the company made with wireless carriers including T-Mobile US in August 2022 to deliver cellphone service in dead zones. The service will be text-message only to start, with voice due in coming years after testing. Other wireless including Japan’s KDDI, Australia’s Optus, New Zealand’s One NZ and Canada’s Rogers will also be working with SpaceX on this project.
Healthcare technology company HealthEC announces data breach
The breach at New-Jersey-based HealthEC LLC has given hackers access to highly sensitive medical information belonging to 4.5 million people. The company announced the breach on its website on December 22, describing the breach itself as having occurred between July 14 and 23 of last year. Additionally, 17 US healthcare organizations that are partners or customers of HealthEC were impacted.
Google’s first Chrome update of the year patches six vulnerabilities
Four of the six vulnerabilities had been reported by external researchers. These include CVE-2024-0222 and CVE-2024-0223, which are use-after-free and heap buffer overflow vulnerabilities in the graphics rendering engine ANGLE. The third, CVE-2024-0224, is a use-after-free defect in Chrome’s WebAudio component. The fourth is for a use-after-free vulnerability in WebGPU. The bug is tracked as CVE-2024-0225.
Hackers threaten SWAT Fred Hutch patients
Following up on a story we brought you in mid-December, it has been confirmed that the hackers who took on Seattle-based Fred Hutchinson Cancer Center threatened to swat the homes of its cancer patients in order to get the hospital to comply with ransomware demands. The group did not follow through on these threats, but that became the basis for the extortion emails they sent to patients instead.