<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 04/05/2021

SHARE

Breaches

Ransomware gang leaks data from Stanford, Maryland universities

Personal and financial information stolen from Stanford Medicine, University of Maryland Baltimore (UMB), and the University of California was leaked online by the Clop ransomware group. The threat actors obtained the documents after hacking the universities' Accellion File Transfer Appliance (FTA) software used to share and store sensitive information. Data stolen in the attack targeting Stanford Medicine's Accellion server includes names, addresses, email addresses, and Social Security numbers. READ MORE...


Ragnarok Ransomware Hits Boggi Milano Menswear

Luxury Italian men's clothing line Boggi Milano has confirmed what Ragnarok was already bragging about on the Dark Web: The brand was hit with a ransomware attack, according to multiple sources. Ragnarok and Boggi Milano representatives who spoke to Bloomberg agree on the facts, the ransomware attack exfiltrated 40 gigabytes of data, including human resources files and salary information. Bloomberg was provided access to documents confirming the breach. READ MORE...

Hacking

Malware attack is preventing car inspections in eight US states

A malware cyberattack on emissions testing company Applus Technologies is preventing vehicle inspections in eight states, including Connecticut, Georgia, Idaho, Illinois, Massachusetts, Utah, and Wisconsin. On Tuesday, March 30th, vehicle emissions testing platform Applus Technologies suffered a "malware" attack that caused them to disconnect their IT systems. "Unfortunately, incidents such as this are fairly common and no one is immune," said Darrin Greene, CEO of the US entity. READ MORE...


Asteelflash electronics maker hit by REvil ransomware attack

Asteelflash, a leading French electronics manufacturing services company, has suffered a cyberattack by the REvil ransomware gang who is demanding a $24 million ransom. Asteelflash is a world-leading French electronics manufacturing services (EMS) company that specializes in the design, engineering, and printing of printed circuit boards. While Asteelflash has not publicly disclosed an attack, BleepingComputer found this week a sample of the REvil ransomware. READ MORE...

Malware

Malicious cheats for Call of Duty: Warzone are circulating online

Criminals have been hiding malware inside publicly available software that purports to be a cheat for Activision's Call of Duty: Warzone, researchers with the game maker warned earlier this week. Cheats are programs that tamper with in-game events or player interactions so that users gain an unfair advantage over their opponents. The software typically works by accessing computer memory during gameplay and changing health, ammo, score, lives, inventories, or other information. READ MORE...

Information Security

CNA shares details about ransomware attack, recovery effort

Major U.S. insurer CNA confirmed this week that it was the victim of a ransomware attack and that it has taken several steps on the road to recovery. The company, one of the biggest players in cybersecurity insurance specifically, had previously acknowledged an attack, but stopped short of specifying exactly what kind. In an update on Thursday, the company said it had restored normal email operations after a ransomware attack. READ MORE...


How Deliveroo Scared Customers into Believing They Had Been Scammed

Food-delivery company Delveroo thought it would be fun to play an April Fool's trick on its customers in France. After all, who wouldn't find a corporation demonstrating its human side by causing a chuckle a welcome relief amid a global pandemic? Unfortunately, what Deliveroo France did just wasn't funny. It sent an email to thousands of its customers, claiming that they had ordered €466.40 (almost USD $500) worth of pizza. READ MORE...

Exploits/Vulnerabilities

As ransomware stalks the manufacturing sector, victims are still keeping quiet

Halvor Molland was asleep on a brisk night in Oslo, Norway's capital, two years ago when his phone rang around 3 a.m. The computer servers of Norsk Hydro, the global aluminum producer where Molland is senior vice president for communications, had seized up as a crippling ransomware infection spread through the company's networks. "The feeling is: You really don't believe it," Molland recalled in a recent interview. "There was a decision then to shut down the network altogether [...]" READ MORE...


After Hack, Officials Draw Attention to Supply Chain Threats

The U.S. government is working to draw attention to supply chain vulnerabilities, an issue that received particular attention late last year after suspected Russian hackers gained access to federal agencies and private corporations by sneaking malicious code into widely used software. The National Counterintelligence and Security Center warned Thursday that foreign hackers are increasingly targeting vendors and suppliers that work with the government to compromise their products. READ MORE...

Encryption

Encryption is either secure or it's not - there is no middle ground

The principle of end-to-end encryption underpins a system of communication where only the communicating users can read the messages. To this end, it exists to prevent any potential eavesdroppers (telecom providers, internet provider, law enforcement agencies) from being able to access the cryptographic keys needed to decrypt the conversation. We remain deeply concerned, therefore, that the Council of the European Union is seeking to adopt new rules that would effectively do away with encryption. READ MORE...

Science & Culture

US Lawmakers Press Online Ad Auctioneers Over User Data

A bipartisan group of US senators on Friday sent letters to major digital ad exchanges, including Google and Twitter, asking whether user data was sold to foreign entities who could use it for blackmail or other malicious ends. In the real-time bidding process to decide which personalized ads a user sees when a web page loads, hundreds of businesses receive a user's personal information, including search history, IP address, age and gender. READ MORE...

On This Date

  • ...in 1792, President Washington exercises the very first veto of a bill passed by Congress. A changed version is passed five days later as the Apportionment Act of 1792.
  • ...in 1917, crime and horror writer Robert Bloch, best known as the author of "Psycho", is born in Chicago, IL.
  • ...in 1984, Kareem Abdul-Jabbar breaks Wilt Chamberlain's all-time career scoring record. He would go on to score 38,387 points before retiring in 1989.
  • ...in 1987, the Fox television network airs its first prime-time lineup, starting with "Married With Children" and "The Tracey Ullman Show."