IT Security Newsletter - 01/20/2021
Health insurer Excellus penalized $5.1M by HHS for data breach
The Department of Health and Human Services says New York health insurer Excellus has agreed to pay a multimillion-dollar penalty after a data breach exposed sensitive information about more than 9 million people between late 2013 and May 2015. The $5.1 million fine is for violations of privacy and security rules under the Health Insurance Portability and Accountability Act (HIPAA), according to the department's Office for Civil Rights (OCR). READ MORE...
Hacker posts 1.4 million Pixlr user records for free on forum
A hacker has leaked 1.4 million Pixlr user records containing information that could be used to perform targeted phishing and credential stuffing attacks. Pixlr is a very popular and free online photo editing application with many of the same features found in a professional desktop photo editor like Photoshop. While Pixlr offers basic editing tools for free, the site also provides premium memberships that include more advanced tools, stock photos, and other features. READ MORE...
FireEye Releases New Open Source Tool in Response to SolarWinds Hack
FireEye Mandiant on Tuesday announced the release of an open source tool designed to check Microsoft 365 tenants for the use of techniques associated with UNC2452, the name currently assigned by the cybersecurity firm to the threat group that attacked IT management company SolarWinds. The SolarWinds supply chain attack has made hundreds of victims, and potentially impacted entities should check their systems for signs of an intrusion associated with this attack. READ MORE...
SolarWinds Attack Underscores 'New Dimension' in Cyber-Espionage Tactics
Meanwhile, Malwarebytes is the latest victim, Symantec discovers a fourth piece of malware used in the massive attack campaign, and FireEye Mandiant releases a free tool to help spot signs of the attack. The complex cyberattack campaign against major US government agencies and corporations including Microsoft and FireEye has driven home the reality of how attackers are setting their sights on targets' cloud-based services such as Microsoft 365 and Azure Active Directory to access user credentials. READ MORE...
Hundreds of Networks Still Host Devices Infected With VPNFilter Malware
The VPNFilter malware is still present in hundreds of networks and malicious actors could take control of the infected devices, according to researchers at cybersecurity firm Trend Micro. Identified in 2018 and mainly focusing on Ukraine, VPNFilter rose to fame quickly due to the targeting of a large number of routers and network-attached storage (NAS) devices from ASUS, D-Link, Huawei, Linksys, MikroTik, Netgear, QNAP, TP-Link, Ubiquiti, UPVEL, and ZTE. READ MORE...
Protecting the remote workforce to be enterprises' prime focus in 2021
Protecting the remote workforce will be enterprises' prime focus in 2021, according to a Cato Networks survey of 2,376 IT leaders. IT teams struggled in the early days of the pandemic, rushing to meet the urgent need for widespread remote access. Connecting users often came at the expense of other factors, such as security, performance, and management. As 81% of respondents expect to continue working-from-home (WFH), 2021 will see enterprises address those other areas. READ MORE...
Bugs in Signal, Facebook, Google chat apps let attackers spy on users
Vulnerabilities found in multiple video conferencing mobile applications allowed attackers to listen to users' surroundings without permission before the person on the other end picked up the calls. The logic bugs were found by Google Project Zero security researcher Natalie Silvanovich in the Signal, Google Duo, Facebook Messenger, JioChat, and Mocha messaging apps and are now all fixed. READ MORE...
The story of ZeroLogon
This is the story of a vulnerability that was brought about by the incorrect use of an encryption technique. After it was discovered by researchers, the vulnerability was patched and that should have been the end of the story. Unfortunately the patch caused problems of its own, which made it very unpopular. Cybercriminals seized the opportunity to use the vulnerability for their own purposes. This is the story of ZeroLogon. What is ZeroLogon? READ MORE...
A Security Practitioner's Guide to Encrypted DNS
The Domain Name System, or DNS, is the Internet's directory system. It points you where you want to go, mapping human-readable names like darkreading.com to machine-routable addresses such as 104.17.120.99. The original DNS protocol, however, is fundamentally insecure. Among other issues, the cleartext nature of the DNS protocol means that attackers with network access can intercept DNS queries to spy on your activity or forge responses to send you to a site where you don't want to go. READ MORE...
- ...in 1918, Mexican composer and bandleader Juan Garcia Esquivel, known as "The King of Space Age Pop", is born in Tampico, Mexico.
- ...in 1920, actor DeForest Kelley -- best known as Dr. Leonard "Bones" McCoy from "Star Trek" -- is born in Toccoa, GA.
- ...in 1946, film/TV director and screenwriter David Lynch ("Blue Velvet", "Twin Peaks") is born in Missoula, MT.
- ...in 2009, Barack Obama is inaugurated as the 44th President of the United States, becoming the first African-American man to hold the office.