<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter

Get the latest headlines, summaries, and security news!

IT Security Newsletter - 01/14/2021

Breaches

SolarWinds Attackers May Have Hit Mimecast, Driving New Concerns

The discovery of a data breach at email service provider Mimecast could indicate attackers behind the massive SolarWinds incident may have pursued multiple paths to infiltrate target organizations, a new report states. Earlier this week, Mimecast confirmed an attacker had compromised a certificate provided to certain customers to authenticate Mimecast products to Microsoft 365 Exchange Web Services. READ MORE...

Hacking

Cybercriminals are Bypassing Multi-factor Authentication to Access Organisation's Cloud Services

The US Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning to companies to better protect their cloud-based accounts after several recent successful attacks. According to an advisory published by CISA, an increasing number of attacks have succeeded as more employees have begun to work remotely with a variety of corporate laptops and personal devices during the COVID-19 pandemic. READ MORE...


Capcom Says Personal Data of Thousands More Stolen in Ransomware Attack

Video game giant Capcom this week revealed that thousands more people than initially believed had their personal information stolen in a ransomware attack in November 2020. Known for video games such as Devil May Cry, Monster Hunter, Resident Evil, Street Fighter, Ace Attorney and Mega Man, the Japanese company has operations in Asia, Europe, and the United States. On November 4, the game maker announced that it detected unauthorized access to its network. READ MORE...

Malware

Hackers used 4 zero-days to infect Windows and Android devices

Google researchers have detailed a sophisticated hacking operation that exploited vulnerabilities in Chrome and Windows to install malware on Android and Windows devices. Some of the exploits were zero-days, meaning they targeted vulnerabilities that at the time were unknown to Google, Microsoft, and most outside researchers (both companies have since patched the security flaws). The hackers delivered the exploits through watering-hole attacks. READ MORE...

Information Security

Telegram-based phishing service Classiscam hits European marketplaces

Dozens of cybercriminal gangs are publishing fake ads on popular online marketplaces to lure interested users to fraudulent merchant sites or to phishing pages that steal payment data. Some of the brands abused through this scam are extremely popular in Europe and include LeBonCoin, Allegro, OLX, Sbazar, FAN Courier, Lalafo, Kufar and DHL. At least 40 cybercriminal gangs are using a scam-as-a-service that relies on Telegram bots to provide pages that impersonate popular classifieds. READ MORE...

Exploits/Vulnerabilities

Windows 10 bug corrupts your hard drive on seeing this file's icon

An unpatched zero-day in Microsoft Windows 10 allows attackers to corrupt an NTFS-formatted hard drive with a one-line command. In multiple tests by BleepingComputer, this one-liner can be delivered hidden inside a Windows shortcut file, a ZIP archive, batch files, or various other vectors to trigger hard drive errors that corrupt the filesystem index instantly. In August 2020, October 2020, and finally this week, infosec researcher Jonas L drew attention to an NTFS vulnerability impacting Windows 10. READ MORE...


Vulnerabilities Can Allow Hackers to Create Backdoors in Comtrol Industrial Gateways

Several vulnerabilities have been identified in Pepperl+Fuchs Comtrol IO-Link Master industrial gateways, including flaws that researchers claim can be exploited to gain root access to a device and create backdoors. A researcher at Austria-based cybersecurity consultancy SEC Consult discovered five types of vulnerabilities in Pepperl+Fuchs Comtrol industrial products, including cross-site request forgery (CSRF), reflected cross-site scripting (XSS), blind command injection. READ MORE...

Science & Culture

Oracle Database 21c introduces 200+ innovations

Oracle announced that Oracle Database 21c, the latest version of the world's leading converged database, is available on Oracle Cloud, including the Always Free tier of Oracle Autonomous Database. Oracle Database 21c contains more than 200 new innovations, including immutable blockchain tables, In-Database JavaScript, native JSON binary data type, AutoML for in-database machine learning (ML), and persistent memory store, as well as enhancements for in-memory, graph processing performance. READ MORE...

On This Date

  • ...in 1784, the Continental Congress ratifies the Second Treaty of Paris, ending the Revolutionary War.
  • ...in 1952, NBC's "Today" debuts with host Dave Garroway.
  • ...in 1969, musician Dave Grohl (Nirvana, Foo Fighters) is born in Warren, OH.
  • ...in 1973, Elvis Presley's "Aloha from Hawaii" concert is broadcast live via satellite. It still holds the record as the most-watched TV broadcast by a single entertainer.