IT Security Newsletter

IT Security Newsletter - 03/26/2021

Written by Cadre | Fri, Mar 26, 2021

FBI exposes weakness in Mamba ransomware, DiskCryptor

An alert from the U.S. Federal Bureau of Investigation about Mamba ransomware reveals a weak spot in the encryption process that could help targeted organizations recover from the attack without paying the ransom. The FBI warns that Mamba ransomware attacks have been directed at entities in the public and private sector, including local governments, transportation agencies, legal services, technology services, industrial, commercial, manufacturing, and construction businesses. READ MORE...

Insurance giant CNA hit by new Phoenix CryptoLocker ransomware

Insurance giant CNA has suffered a ransomware attack using a new variant called Phoenix CryptoLocker that is possibly linked to the Evil Corp hacking group. This week, BleepingComputer reported that CNA had suffered a cyberattack impacting their online services and business operations. Soon after we reported on the attack, CNA issued a statement confirming that they had suffered a cyber attack last weekend. READ MORE...

The Growing Need for a New Security Platform

The idea of a security platform is not new. Neither are the issues related to security and vendor sprawl inside an organization. The original idea behind the Next-Gen Firewall was to blend several products into a single platform to reduce IT overhead and simplify wiring closets that had been overrun with security devices. And it worked. NGFW solutions quickly became the cornerstone for security implementations in virtually every organization in the world. READ MORE...

Defence Industrial Strategy suggests the UK is ready to start taking its homegrown infosec industry seriously

In a change from its recent bombastic blather, the British government has published a new Defence Industrial Strategy that looks like it wants to put the infosec industry on a gold-plated pedestal. "Government also needs to provide complementary support to industry and ensure that the public sector can access the right skills to remain an intelligent customer," said the Defence and Security Industrial Strategy whitepaper published this week. READ MORE...

Vulnerabilities Can Allow Attackers to Remotely Gain Control of Weintek HMIs

A cybersecurity researcher who specializes in industrial control systems (ICS) has identified three types of critical vulnerabilities in products made by human-machine interface (HMI) manufacturer Weintek. The Taiwan-based vendor's products are used worldwide. The company has posted a technical advisory instructing customers to install available patches and take steps to mitigate risks. It noted that the risk of exploitation is more significant if the devices are connected to an open network. READ MORE...

Manufacturing's Cloud Migration Opens Door to Major Cyber-Risk

Web-facing applications continue to be one of the highest security risks present for organizations, with more than 40 percent of them actively leaking data in a way that can have a ripple affect across businesses and their partners, research has found. Moreover, manufacturing is particularly vulnerable to attacks through these apps, with 70 percent of applications having at least one serious vulnerability open over the previous 12 months, researchers found. READ MORE...

Microsoft Offers Up To $30K For Teams Bugs

A bug-bounty program launched for the Teams desktop videoconferencing and collaboration application has big payouts for finding security holes. Microsoft wants to send the message the company is serious about the security of its popular Teams desktop application and it's willing to put some cash behind the talk. A new bug-bounty program offers up to $30,000 for security vulnerabilities, with top payouts going to those with the most potential to expose Teams user data. READ MORE...

OpenSSL shuts down two high-severity bugs: Flaws enable cert shenanigans, denial-of-service attacks

Two high-severity vulnerabilities in the OpenSSL software library were disclosed on Thursday alongside the release of a patched version of the software, OpenSSL 1.1.1k. OpenSSL is widely used to implement the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols, which support encrypted network connections. Alternatives include BoringSSL and LibreSSL, among others. READ MORE...

3D printer waste can be recycled into truck parts, Ford finds

Fuel clips made from the plastic are cheaper, lighter, and more resistant. Slowly but surely, car companies are beginning to make themselves more sustainable. We most often hear about this in the context of using clean energy to power the production lines and assembly plants that put together new electric vehicles, but it shows up in smaller examples, too. Take Ford, for example. Working with HP, it has come up with a use for plastic waste left over from 3D printing. READ MORE...

  • ...in 1812, the term "gerrymander" is coined in a political cartoon published in the Boston Gazette.
  • ...in 1930, former Supreme Court Justice Sandra Day O'Connor, the first woman to serve on the Court, is born in El Paso, TX.
  • ...in 1931, actor Leonard Nimoy, best known for playing Spock on the original "Star Trek", is born in Boston, MA.
  • ...in 1953, Dr. Jonas Salk of the University of Pittsburgh announces that he has successfully tested his polio vaccine.