• Gone Phishing
  • Posts
  • Prudential Financial suffers breach in data theft cyber attack

Prudential Financial suffers breach in data theft cyber attack

Author

Cyber Dawg
February 15, 2024

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that never misses a beat, a beep, or a tweet when it comes to all things cyber 🦸

Today’s hottest cybersecurity news stories:

  • 🏦 Prudential Financial suffers breach in data theft cyber attack ⚑

  • πŸ‘€ DarkMe infects Microsoft Smartscreen flaw, victimises traders πŸ’±

  • ⚠️ Don’t be fooled by β€˜command-not-found’ tool sweeping Ubuntu πŸ‘¨β€πŸ’»

Wasn’t very Prudent, was it… πŸ‘€πŸ˜¬πŸ’€

🏦 Prudential Financial Breach: Employee and Contractor Data Compromised πŸ›‘οΈ

Prudential Financial, a global financial services giant managing $1.4 trillion in assets, reported a network breach last week. 🌐

Attackers accessed some systems on February 4th, but Prudential detected and blocked them by February 5th. πŸ”’

The breach affected administrative and user data, including accounts linked to employees and contractors. Prudential suspects a cybercrime group behind the intrusion. πŸ•΅οΈβ€β™‚οΈ

Although the breach hasn't impacted operations yet, Prudential notified authorities and initiated an investigation. They haven't found evidence of customer data compromise so far. πŸ’Ό

This incident follows a similar breach in May 2023, where over 320,000 customer records were exposed due to a breach in a third-party vendor's platform. πŸ•΅οΈβ€β™‚οΈ

Prudential continues to investigate, emphasising its commitment to data security and customer privacy. Stay tuned for further updates. πŸš¨πŸ”

Learn AI in 5 minutes a day. We'll teach you how to save time and earn more with AI. Join 400,000+ free daily readers for trending tools, productivity boosting prompts, the latest news, and more.

#DarkMeToo πŸ™ƒ

πŸ”“ Zero-Day Exploit in Microsoft Defender SmartScreen Exploited by Water Hydra πŸ’»

A newly disclosed security flaw in Microsoft Defender SmartScreen has been exploited by an advanced persistent threat actor, Water Hydra, targeting financial market traders. 🎯

The flaw, CVE-2024-21412, allows attackers to bypass security checks by sending victims a specially crafted file, convincing them to click on it. πŸ’Ό

Trend Micro tracked the campaign since late December 2023, documenting the use of the exploit to distribute DarkMe malware via a booby-trapped URL in forex trading forums. πŸ•΅οΈβ€β™‚οΈ

The attack cleverly abuses the search application protocol, leveraging a chain of internet shortcut files to evade SmartScreen detection. 😈

Despite Microsoft addressing the flaw in its February Patch Tuesday update, the incident highlights the growing sophistication of cybercrime groups and the increasing risk of zero-day exploits being incorporated into advanced attack chains. πŸ›‘οΈ

Stay vigilant and ensure your systems are up-to-date to mitigate such threats. πŸš¨πŸ”

🎣 Catch of the Day!! 🌊🐟🦞

πŸƒ The Motley Fool: β€œFool me once, shame on β€” shame on you. Fool me β€” you can't get fooled again.” Good ol’ George Dubya πŸ˜‚ Let us tell who’s not fooling around though; that’s the CrΓΌe πŸ‘€ at Motley Fool. You’d be a fool (alright, enough already! πŸ™ˆ) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! πŸ› Kidding aside, if you check out their website they’ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets πŸ€‘ (LINK)

🚡 Wander: Find your happy place. Cue Happy Gilmore flashback πŸŒοΈβ›³πŸŒˆπŸ•ŠοΈ Mmmm Happy Place… πŸ˜‡ So, we’ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, it’s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway 🏞️😍 (LINK)

🌊 Digital Ocean: If you build it they will come. Nope, we’re not talking about a baseball field for ghosts βšΎπŸ‘»πŸΏ (Great movie, to be fair πŸ™ˆ). This is the Digital Ocean who’ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website you’ll find yourself catching the buzz even if you can’t code (guilty πŸ˜‘). But if you can and you’re looking for somewhere to test things out or launch something new or simply enhance what you’ve got, we’d recommend checking out their services fo’ sho πŸ˜‰ And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! 🌿 (LINK)

Ubuntu forget but you ought to remember 😏😏😏

πŸ” Ubuntu Systems Vulnerable to Rogue Package Recommendations 🎁

Cybersecurity researchers have discovered a potential vulnerability in Ubuntu's "command-not-found" utility, which could allow threat actors to recommend malicious packages, compromising systems running the Ubuntu operating system. 🐧

The utility, installed by default on Ubuntu systems, suggests packages to install when users attempt to run unavailable commands. Attackers could manipulate this system to recommend their own rogue packages from the snap repository, potentially leading to software supply chain attacks. πŸ›‘οΈ

Aqua found a loophole where the alias mechanism can be exploited to register a snap name associated with an alias, tricking users into installing malicious packages. Furthermore, legitimate APT package commands could be impersonated by malicious actors, with as many as 26% of APT package commands vulnerable to impersonation. πŸ•΅οΈβ€β™‚οΈ

To mitigate this risk, users are advised to verify package sources before installation, while developers of APT and snap packages should register associated snap names to prevent misuse. Vigilance and proactive defence strategies are crucial in light of this threat. πŸš¨πŸ”’

That’s all for today, folks. Don’t be thick when you click πŸ˜‚πŸ‘Œ

πŸ—žοΈ Extra, Extra! Read all about it!

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • The GeekAI: A daily 3 min newsletter on what matters in AI, with all the new AI things coming to market its good to stay ahead of the curve.

  • Wealthy Primate: Want to earn over $100k a year in IT or cybersecurity? 20 year veteran 'Wealthy Primate' might be able to help you climb that tree πŸ’πŸŒ΄ with his stick and banana approach 🍌😏

  • Techspresso: Receive a daily summary of the most important AI and Tech news, selected from 50+ media outlets (The Verge, Wired, Tech Crunch etc)

Let us know what you think!

So long and thanks for reading all the phish!

Give us a rating?

Login or Subscribe to participate in polls.