AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 4/11/2024

Prudential Insurance says data of 36,000 exposed during February cyberattack

Prudential Insurance — one of the largest insurers in the United States — said hackers stole the sensitive information of more than 36,000 during a February incident. In a filing on Friday with regulators in Maine, the company said it detected unauthorized access on February 5, prompting an investigation. “Through the investigation, we learned that the unauthorized third party gained access to our network on February 4, 2024 and removed a small percentage of personal information from our systems,” the breach notification letters said. The company said the names, addresses, driver’s license numbers or ID cards of 36,545 were accessed. Law enforcement has been informed of the incident and Prudential hired an outside cybersecurity firm to help with the response. 


Dirty Dozen: IRS warns tax pros, businesses to be cautious of ongoing spearphishing attacks to gain sensitive information

As part of the Dirty Dozen tax scams effort, the Internal Revenue Service today urged tax professionals and other businesses to remain vigilant and protect themselves against a continuing barrage of email spearfishing attempts designed to steal valuable information. Tax professionals and businesses present a tempting target for identity thieves given their extensive information, and scammers continue to look for creative ways to gain access into sensitive systems. In particular, the IRS and the Security Summit partners urge tax pros and businesses to watch out for a surge in a particular type of spearfishing known as “new client” scams, where identity thieves pose as potential clients using fake emails.


CISA Releases Malware Next-Gen Analysis System for Public Use

The US government’s cybersecurity agency CISA has released its threat hunting and internal malware analysis system for public use, promising capabilities for the automatic analysis of potentially malicious files or uniform resource locators (URLs). The system, called Malware Next-Gen, will now be available for any organization to submit malware samples and other suspicious artifacts for analysis and will allow CISA to more effectively support partners by automating analysis of newly identified malware. In a statement, CISA said the Malware Next-Gen service is used at US federal agencies to analyze, correlate, enrich data, and share cyber threat insights with CISA’s partners.  


Global taxi software vendor exposes details of nearly 300K across UK and Ireland

Taxi software biz iCabbi recently fixed an issue that exposed the personal information of nearly 300,000 individuals via an unprotected database. The names, email addresses, phone numbers, and user IDs of the 287,961 affected individuals in the UK and Ireland were all exposed online. According to research shared with The Register ahead of publication, the details of individuals with senior roles in media outlets such as the BBC and various government departments such as His Majesty’s Treasury, the UK Home Office, and the Ministry of Justice were included. A number of former UK Members of Parliament (MPs), as well as one senior policy advisor and one EU ambassador, were caught up in the data exposure, it’s understood.


Apple alerts users in 92 nations to mercenary spyware attacks

Apple sent threat notifications to iPhone users in 92 countries on Wednesday, warning them that may have been targeted by mercenary spyware attacks. The company sent the alerts to individuals in 92 nations at 12pm Pacific Time Wednesday. It did not disclose the attackers’ identities or the countries where users received notifications. “Apple detected that you are being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone associated with your Apple ID -xxx-,” it wrote in the warning to affected customers. “This attack is likely targeting you specifically because of who you are or what you do. Although it’s never possible to achieve absolute certainty when detecting such attacks, Apple has high confidence in this warning — please take it seriously,” Apple added in the text, a copy of which TechCrunch reviewed.


Starting today, ISPs must display labels with price, speeds, and data caps

“Today’s nationwide launch of the Broadband Consumer Labels means internet service providers are now required to display consumer-friendly labels at the point of sale,” the Federal Communications Commission said. “Labels are required for all standalone home or fixed Internet service or mobile broadband plans. Providers must display the label—not simply an icon or link to the label—in close proximity to an associated plan’s advertisement.” The labels are required now for providers with at least 100,000 subscribers, while ISPs with fewer customers have until October 10, 2024, to comply. “If a provider is not displaying their labels or has posted inaccurate information about its fees or service plans, consumers can file a complaint with the FCC Consumer Complaint Center,” an agency webpage says.

Related Posts