Sep 04 2023
Welcome to Gone Phishing, your daily cybersecurity newsletter that KOs cybercriminals like the iPhone KOβd the #BlackBerry back in β07. #worthawatch π
Todayβs hottest cybersecurity news stories:
ποΈ FORE! Calloway golf company suffers data breach: 1.1m records leaked π©
π LogicMonitor: cybersec firm issues weak default passwords, gets hacked π
π VMConnect supply chain attack persists, N. Korean Lazarus group suspected π
We've got some important news to share with you. Callaway, the popular American golf equipment company, experienced a data breach at the beginning of August, affecting over a million of its valued customers. β³οΈποΈ
Callaway, known for its golf clubs, balls, bags, and more, operates in over 70 countries and has an annual revenue of $1.2 billion with a workforce of 25,000 employees. ππΌ
Here's the scoop: On August 1st, an IT system hiccup left their e-commerce services vulnerable, exposing personal data. But don't worry, they detected it quickly and took action! π
The compromised data includes names, addresses, emails, phone numbers, order histories, account passwords, and security question answers. This affects Callaway, Odyssey, Ogio, and Callaway Gold Preowned customers. π¦π§π
Good news: No payment card info or Social Security Numbers were leaked. π«π³π
Callaway's response? They've reset all customer passwords to protect your accounts. Head to "callawaygolf.com/reset-password" for instructions. ππ
To stay safe, change passwords on other sites, and be cautious of strange messages asking for info. π¨π
We hope this helps you stay on par with your online security! β³οΈπ
Stay tuned for more updates on cyber safety! ππ°
I came across ZZZ money club during the crypto market bull run when everyoneβs a winner, even during the bear market this discord group has been amazing at giving information on projects and ways to make passive income in various ways.
The group is very active and everyone in this private discord group is very chatty and helpful.
Its run by Yourfriendandy and Decadeinvestor, you can find them here on YouTube, both top guys with great content.
If you are interested in joining the group you can through the link below.
Gif by ExplainerStudio on Giphy
We've got a crucial update on a recent security incident involving LogicMonitor, a network security company. π±π
Here's the scoop: Some LogicMonitor customers fell victim to hacking due to the use of default passwords. π¬π
A spokesperson from LogicMonitor confirmed the incident, saying they are actively addressing it and working closely with affected customers to minimise the impact. π€πΌ
The problem arose because LogicMonitor used to assign laughably guessable default passwords (like "Welcome@" plus a short number) to customer accounts until recently. These passwords were neither strong nor temporary. However, the company has now implemented a 30-day limit on setup passwords and requires users to change them upon first login. ππ
A customer email warned about potential username/password breaches, which could lead to ransomware attacks on monitored systems. π¨π»
Unfortunately, more details about the incident are limited at this time. ππ€
According to a source, a breached company lost over 400 systems due to a ransomware attack exploiting these weak default passwords.Β π±π
LogicMonitor offers a software-as-a-service platform for network infrastructure visibility, monitoring 800 billion metrics daily across millions of devices in over 30 countries. ππΌ
Stay vigilant, folks! It's a reminder to always strengthen your passwords and keep an eye on your cybersecurity. πͺπ‘οΈ
Stay tuned for more updates on tech security! π°π
Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!
βοΈ ViaTravelers: Get exclusive travel tips, news, and insider deals right in your inbox.
πΒ Leadership in Tech: A weekly newsletter for CTOs, engineering managers and senior engineers to become better leaders.
π§ Β Big Brain: Trending AI news, jobs and tools delivered in 3 minutes per day.
Let us know what you think!
Hello, Python enthusiasts! We've got an important cybersecurity update for you. In early August, the experts at ReversingLabs uncovered a sneaky supply chain attack featuring 24 harmful Python packages known as VMConnect. π±π
Here's the lowdown:
Details:
The attackers put in a lot of effort to make their actions seem genuine. They created GitHub repositories with convincing descriptions and used real source code. Crafty, right? ππΎ
Newly Identified Packages:
Among the recently spotted packages, 'tablediter,' 'request-plus,' and 'requestspro' caught the researchers' attention. The first pretends to be a table editing utility, while the latter two impersonate the popular 'requests' Python library for making HTTP requests. Sneaky, sneaky! π»π¦
Attribution:
While ReversingLabs couldn't pin this campaign to a specific threat actor, Crowdstrike's analysts linked it to Labyrinth Chollima, a subgroup of the North Korean Lazarus Group.
JPCERT/CC also connected it to DangerousPassword, another Lazarus Group faction. These findings strongly suggest the same threat actor is behind both attacks. π₯π΅οΈββοΈ
Stay Safe! π
This VMConnect campaign is just another example of attacks targeting PyPI repository users. To stay protected, organisations should invest in training, raise awareness about typosquatting, and enhance their defences. π‘οΈπ¨βπ»
Stay vigilant and keep your Python packages secure! ππ
So long and thanks for reading all the phish!