Over the past few weeks, I have been wondering if it was December/January or if we were still in October because it's been too nice outside... well here in the DFW area that is about to change starting Sunday night / Monday morning.  Break out those jackets for at least a couple of days and hope our pipes do not freeze. 

One thing to mention is that this is Microsoft Patch Tuesday, and for the first time in a long time there are no zero-day patches being applied.  There are some patches of interest, but overall, this month is considered lighter than others recently. 

So, let’s get into this week's update.... 

X accounts restored after crypto scam hack 

It is currently unknown how X (formally Twitter) accounts are being compromised and below are the ideas going around X and the web 

• Compromised Help Desk personnel at X - honestly, it feels like the majority of people want to blame X for anything since it moved to the new ownership 
• MFA not set up - this one seems more likely, because I remember setting up my Twitter account years ago MFA was not something automatically enabled 
• When has marketing really engaged the Security team on setting up their social media presence??  Extremely rare 
• Compromised credentials through other means - we all know that with browser attacks and bypass email attacks, this is becoming more common with sessions being stolen 
• These compromises have been focused on cryptocurrency scams, and with the SEC it was pushing out false information around an announcement on Bitcoin - which caused the price of Bitcoin to pike to $48,000 
• Link (1): https://www.msn.com/en-us/money/markets/sec-says-its-x-account-was-compromised-and-it-has-not-approved-bitcoin-etfs/ar-AA1mIjeA 
• Link (2): https://thehackernews.com/2024/01/mandiants-twitter-account-restored.html 

Law firm that handles data breaches hit by data breach 

Orrick, Herrington & Sutcliffe, a San Francisco based law firm that has focused on working with organizations affected by security incidents 

• The incident occurred in March 2023, which entailed the exfiltration of personal information and sensitive health data of more than 637,000 data breach victims off of a file share on its network 
• It was confirmed that it involved clients' data, including individuals who had vision plans with insurance giant EyeMed Vision Care and dental plans with Delta Dental of California 
• Data that was exfiltrated included: Name, DoB, Postal and email Addresses, and government issued ID's (SSN, Passport, Driver's License, and Tax ID Numbers) 
• The details around the incident are not being disclosed, which I am not surprised by any means 
• Link (1): https://techcrunch.com/2024/01/04/orrick-law-firm-data-breach/?guccounter=1#:~:text=Law%20firm%20that%20handles%20data%20breaches%20was%20hit%20by%20data%20breach,-Zack%20Whittaker%40zackwhittaker&text=San%20Francisco%2Dbased%20Orrick%2C%20Herrington,an%20intrusion%20in%20March%202023. 

BreachForums admin Popompurin breaches terms of pretrial freedom 

Conor Brian Fitzpatrick, who has plead guilty to the following three charges: Conspiracy to commit access device fraud, access device fraud - unauthorized solicitation, and possession of child sex abuse materials 

• Fitzpatrick was granted pretrial on a $300,000 bond under a number of conditions - not getting on a computer without monitoring software or using a VPN 
• He has been arrested for violating both of the above conditions on January 2nd and will now be held in custody until he attends both court appearances (breach of pretrial agreement AND his sentencing hearing) 
• The consequences to his first act is pretty substantial and should be looked at in the link above 
• Link (1): https://www.theregister.com/2024/01/05/breachforums_admin_arrested_again/ 

loanDepot breach investigation underway 

loanDepot's is one of the largest nonbank home loan financing lenders in the US. loanDepot's IT systems were compromised in a recent cyber related attack. 

• Currently known outages results in online loan payment portal and contacting customer services as being offline 
• On the heels of Mr. Cooper's 2023 incident, this could be the starts of a trend against the financial sector 
• Link (1): https://www.bleepingcomputer.com/news/security/mortgage-firm-loancare-warns-13-million-people-of-data-breach/ 
• Link (2): https://www.bleepingcomputer.com/news/security/mortgage-firm-loandepot-cyberattack-impacts-it-systems-payment-portal/ 

Lockbit and Capital Health 

Over the past weekend, Lockbit claimed responsibility for a November 2023 cyberattack asking for ~$250,000 for the data 

• According to Lockbit: Data only stolen, no encrypted files, which they stole more than 10 million files that allegedly included medical confidential information 
• In December, Capital Health launched an investigation into a cyber incident after they experienced a network outage 
• It should also be noted that only Capital Health Regional Medical Center was compromised, not the full Capital Health system 
• Link (1): https://www.securityweek.com/ransomware-gang-claims-attack-on-capital-health/ 

Until next week, it’s Brent Forrest signing off. Be cyber safe my friends!