IT Security Newsletter

IT Security Newsletter - 02/02/2021

Written by Cadre | Tue, Feb 2, 2021

Netgain ransomware incident impacts local governments

The ransomware incident that Netgain, a provider of managed IT services, had late last year rippled onto its customers. Now, Ramsey County, Minnesota, is informing clients of the Family Health Division program that the hackers may have accessed personal data. The government of Ramsey County learned about the potential breach on December 2, 2020, when Netagin let them know of the attack and the impact it could have. READ MORE...

Over 1 Million Impacted by Data Breach at Washington State Auditor

The Office of the Washington State Auditor (SAO) has disclosed a cybersecurity incident in which the personal information of more than 1 million individuals might have been stolen. At the heart of the incident, SAO says, was Accellion software used for file transfers. Hackers exploited a security flaw in the file sharing service and gained access to restricted files. Called FTA (File Transfer Application), Accellion's service in mid-December received a patch for a critical vulnerability. READ MORE...

Identity Theft Spikes Due to COVID-19 Relief

Cases reported to the FTC doubled last year as cybercriminals took advantage of increased filing for government relief benefits due to the pandemic. Cases of identity theft in the United States doubled in 2020, mainly due to cybercriminals taking advantage of people affected economically by COVID-19 who filed to receive government benefits. This is according to the Federal Trade Commission (FTC), which received about 1.4 million reports of identity theft last year. READ MORE...

New supply chain attack uses poisoned updates to infect gamers' computers

Researchers have uncovered a software supply chain attack that is being used to install surveillance malware on the computers of online gamers. The unknown attackers are targeting select users of NoxPlayer, a software package that emulates the Android operating system on PCs and Macs. People use it primarily for playing mobile Android games on these platforms. NoxPlayer-maker BigNox says the software has 150 million users in 150 countries. Poisoning the well... READ MORE...

Spanish banished: Google Chrome to snub Camerfirma for lax cert management

When Google Chrome 90 arrives in April, visitors to websites that depend on TLS server authentication certificates from AC Camerfirma SA, a digital certificate authority based in Madrid, Spain, will find that those sites no longer present the secure lock icon. Certificate authorities (CAs) are in the business of signing digital certificates to certify that those certs belong to the domains with which they're associated. READ MORE...

New Linux malware steals SSH credentials from supercomputers

A new backdoor has been targeting supercomputers across the world, often stealing the credentials for secure network connections by using a trojanized version of the OpenSSH software. The malware is not widespread and appears to target mostly high-performance computers (HPC) and servers on academic and research networks. Security researchers at cybersecurity company ESET discovered the malware and named it Kobalos, after the misbehaving creature in Greek mythology. READ MORE...

Sophisticated Multiplatform Malware 'Kobalos' Targets Supercomputers

Cybersecurity firm ESET on Tuesday published a report detailing what it described as a previously undocumented piece of malware that had been observed targeting high-performance computing (HPC) clusters. ESET has named this piece of malware Kobalos due to its small size (x86-64 samples are only 25 Kb) and its many tricks - Kobalos is a mischievous creature from Greek mythology. While the company's analysis focuses on the Linux version of the malware. READ MORE...

Exposed Azure bucket leaked passports, IDs of volleyball reporters

A publicly exposed cloud storage bucket was found to contain images of hundreds of passports and identity documents belonging to journalists and volleyball players from around the world. These sensitive documents were hosted on a Microsoft Azure blob storage share that was publicly accessible to anyone. Further investigation by BleepingComputer revealed that the source of the leak was Confédération Européenne de Volleyball (CEV), or European Volleyball Confederation. READ MORE...

Apple Issues Patches for NAT Slipstreaming 2.0 Attack

Apple this week released security updates to address multiple vulnerabilities in macOS and Safari, including a flaw that can be exploited for the recently disclosed NAT Slipstreaming 2.0 attack. As part of the attack, an adversary could set up a crafted website and lure the intended victim into visiting it. As soon as that happens, malicious code on the site starts sending multiple fetch requests from the victim's browser, allowing the attacker to identify and access devices on the local network. READ MORE...

Agent Tesla Trojan 'Kneecaps' Microsoft's Anti-Malware Interface

Researchers have identified new versions of the Agent Tesla remote access trojan (RAT) that target the Windows anti-malware interface used by security vendors to protect PCs from attacks. The newly discovered variants have also adopted new obfuscation capabilities, raising the stakes for businesses to fend off the ever-evolving Agent Tesla malware. Chief among the update is that the malware now targets Microsoft's anti-malware software interface (ASMI) in order to avoid detection. READ MORE...

  • ...in 1848, The Treaty of Guadelupe Hidalgo formally ends the Mexican War.
  • ...in 1876, the National League of Professional Baseball Clubs, which comes to be more commonly known as the National League (NL), is formed.
  • ...in 1922, James Joyce's serialised novel "Ulysses" is published in its first collected edition in Paris.
  • ...in 1949, actor Brent Spiner, best known as Lt. Cmdr Data on "Star Trek: The Next Generation", is born in Houston, TX.