IT Security Newsletter

IT Security Newsletter - 5/18/2021

Written by Cadre | Tue, May 18, 2021

Codecov hackers gained access to Monday source code

Monday has recently disclosed the impact of the Codecov supply-chain attack that affected multiple companies. Monday is an online workflow management platform used by project managers, sales and CRM professionals, marketing teams, and various other organizational departments. The platform's customers include prominent names like Uber, BBC Studios, Adobe, Universal, Hulu, L'Oreal, Coca-Cola, and Unilever. READ MORE...

FBI spots spear-phishing posing as Truist Bank bank to deliver malware

Threat actors impersonated Truist, the sixth-largest US bank holding company, in a spear-phishing campaign attempting to infect recipients with what looks like remote access trojan (RAT) malware. They also tailored the phishing campaign "to spoof the financial institution through registered domains, email subjects, and an application, all appearing to be related to the institution," the FBI said in a TLP:WHITE private industry notification. READ MORE...

47% of Criminals Buying Exploits Target Microsoft Products

RSA CONFERENCE 2021 - Microsoft products accounted for 47% of the CVEs that cybercriminals request across underground forums, according to researchers who conducted a yearlong study into the exploit market. The research spanned more than 600 English and Russian language forums, said Mayra Rosario Fuentes, senior threat researcher at Trend Micro, who presented some of the findings in her RSA Conference talk "Tales from the Underground: The Vulnerability Weaponization Lifecycle." READ MORE...

Double-extortion ransomware attacks on the rise

Zscaler announced a report featuring analysis of key ransomware trends and details about the most prolific ransomware actors, their attack tactics and the most vulnerable industries being targeted. The research team analyzed over 150 billion platform transactions and 36.5 billion blocked attacks between November 2019 and January 2021 to identify emerging ransomware variants, their origins, and how to stop them. READ MORE...

Krebs on Security: Try This One Weird Trick Russian Hackers Hate

In a Twitter discussion last week on ransomware attacks, KrebsOnSecurity noted that virtually all ransomware strains have a built-in failsafe designed to cover the backsides of the malware purveyors: They simply will not install on a Microsoft Windows computer that already has one of many types of virtual keyboards installed - such as Russian or Ukrainian. So many readers had questions in response to the tweet that I thought it was worth a blog post exploring this one weird cyber defense trick. READ MORE...

Magecart Goes Server-Side in Latest Tactics Changeup

Magecart Group 12, known for skimming payment information from online shoppers, was fingered for last September's gonzo attack on more than 2,000 e-Commerce sites, and now researchers have issued a report explaining how they did it, detailing a new technical approach. The skimmers are still "very active," according to the analysis. The credit-card skimmer group is using PHP web shells to gain remote administrative access to the sites under attack to steal credit-card data. READ MORE...

Bizarro Banking Trojan Sports Sophisticated Backdoor

A never-before-documented Brazilian banking trojan, dubbed Bizarro, is targeting customers of 70 banks scattered throughout Europe and South America, researchers said. According to an analysis from Kaspersky released Monday, Bizarro is a mobile malware, aimed at capturing online-banking credentials and hijacking Bitcoin wallets from Android users. It spreads via Microsoft Installer packages, which are either downloaded directly by victims from links in spam emails or installed via a trojanized app. READ MORE...

RaaS gangs go "private" after stirring a hornet's nest

After a decade or so of ransomware attacks against sometimes very prominent targets, the recent Colonial Pipeline ransomware attack by the Darkside gang has been the proverbial straw that broke the camel's back, as the attack was followed by a temporary shut down of the pipeline, which then led to widespread fuel shortages in the Southeast United States and the government issuing a state of emergency for 18 states. READ MORE...

  • ...in 1950, composer/visual artist Mark Mothersbaugh, best known as lead singer for the new wave band Devo, is born in Akron, OH.
  • ...in 1955, actor and international action star Chow Yun-fat ("Hard Boiled", "Crouching Tiger, Hidden Dragon") is born in Hong Kong.
  • ...in 1969, the Apollo 10 mission is launched, a final test run of orbit and landing systems before the historic Apollo 11 landing two months later.
  • ...in 1991, chemist Helen Sharman becomes the first Briton to orbit space on the Soyuz TM-12 mission.