IT Security Newsletter

IT Security Newsletter - 5/20/2021

Written by Cadre | Thu, May 20, 2021

SolarWinds CEO reveals much earlier hack timeline, regrets company blaming intern

SolarWinds saw signs of hackers invading their networks as early as January of 2019, about eight months earlier than the previously publicly disclosed timeline for the sweeping cyber-espionage campaign, and nearly two years before anyone discovered the breach. SolarWinds CEO Sudhakar Ramakrishna said that though they had once estimated the hackers' first suspicious activity at around September or October of 2019, the company has "recently" learned that the attackers may have in fact "been in our environment" much earlier. READ MORE...

Member of Russian Gang That Hacked Tax Prep Firms Sentenced to Prison in U.S.

The United States Department of Justice this week announced the sentencing of a Russian national for his role in a group that attempted to obtain $1.5 million in tax refunds from the Department of the Treasury. The man, Anton Bogdanov, 35, who used the online moniker "Kusok," was arrested in Thailand in November 2018 and extradited to the U.S. in March 2019. He was charged with wire fraud, aggravated identity theft, and computer intrusion in May 2019 and pleaded guilty in January 2020. READ MORE...

4 vulnerabilities under attack give hackers full control of Android devices

Unknown hackers have been exploiting four Android vulnerabilities that allow the execution of malicious code that can take complete control of devices, Google warned on Wednesday. All four of the vulnerabilities were disclosed two weeks ago in Google's Android Security Bulletin for May. Google has released security updates to device manufacturers, who are then responsible for distributing the patches to users. READ MORE...

Krebs on Security: Recycle Your Phone, Sure, But Maybe Not Your Number

Many online services allow users to reset their passwords by clicking a link sent via SMS, and this unfortunately widespread practice has turned mobile phone numbers into de facto identity documents. Which means losing control over one thanks to a divorce, job termination or financial crisis can be devastating. Even so, plenty of people willingly abandon a mobile number without considering the potential fallout to their digital identities when those digits invariably get reassigned to someone else. READ MORE...

Colonial Pipeline attack: Hacking the physical world

While detractors have argued that threats against physical infrastructure are overstated and largely theoretical, the growing list of organizations that have been successfully attacked suggests otherwise. And now the media is full of reports of the flow-on effects of the ransomware attack leveled against Colonial Pipeline by the DarkSide cybercriminal gang. In fact, a lot has happened since. READ MORE...

Data of 100+ million Android users exposed via misconfigured cloud services

Security researchers discovered that personal data of more than 100 million Android users has been exposed due to various misconfigurations of cloud services. The data was found in unprotected real-time databases used by 23 apps with download counts ranging from 10,000 to 10 million and also includes internal developer resources. While misconfigured real-time databases are not a surprise, the discovery shows that some Android developers do not follow basic security practices to restrict access to the app's database. READ MORE...

Attackers Took 5 Minutes to Start Scanning for Exchange Server Flaws

Criminals began to scan the Internet for vulnerable Microsoft Exchange Servers within five minutes of the disclosure of critical zero-day flaws patched in early March, researchers report. In the "2021 Cortex Xpanse Attack Surface Threat Report, " Palo Alto Networks researchers examine threat data from 50 organizations, and some 50 million IP addresses, collected in the first quarter. Their analysis reveals attackers scan to inventory vulnerable Internet assets once per hour and even more often following the disclosure of CVEs. READ MORE...

  • ...in 1873, Levi Strauss and Jacob Davis receive a patent for rugged work pants with riveted seams, better known today as Levi's 501 blue jeans.
  • ...in 1899, Jacob German, operator of a taxicab for the Electric Vehicle Company, becomes the first driver to be arrested for speeding. He is driving 12 mph.
  • ...in 1911, comics and sci-fi writer Gardner Fox, the creator of The Flash and the Justice League of America, is born in Brooklyn, NY.
  • ...in 1927, Charles Lindbergh takes off in his custom-built plane, The Spirit of St. Louis, for the first-ever solo transatlantic flight.