<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 02/10/2021

Cadre
Wed, Feb 10, 2021
SHARE

Breaches

Antivirus Firm Emsisoft Discloses Data Breach

Antivirus solutions provider Emsisoft revealed last week that a third-party had accessed a publicly exposed database containing technical logs. The issue, Emsisoft said, was a misconfiguration that resulted in a database from a test system becoming exposed to the Internet. The database was initially exposed on January 18, 2021, and remained so until the data breach was identified, on February 3. The affected system was used for evaluation and benchmarking of the storage and management of log data. READ MORE...

Supply-Chain Hack Breaches 35 Companies, Including PayPal, Microsoft, Apple

An ethical hacker has demonstrated a novel supply-chain attack that breached the systems of more than 35 technology players, including Microsoft, Apple, PayPal, Shopify, Netflix, Tesla and Uber, by exploiting public, open-source developer tools. The attack, devised by security researcher Alex Birsan, injects malicious code into common tools for installing dependencies in developer projects which typically use public depositories from sites like GitHub. READ MORE...

Hacking

Cyberpunk 2077 developer hit with ransomware attack

Cyberpunk 2077 developer CD Projekt Red announced that it has "become the victim of a targeted cyberattack" that allegedly exposed the source code for many of its games. In a message the developer shared on Twitter Tuesday morning, the hackers allege that they stole the closely guarded source code for Cyberpunk 2077, Gwent, and The Witcher 3 (including an unreleased prototype of the last). Documents "relating to accounting, administration, legal, HR, investors relations and more." READ MORE...

HelloKitty ransomware behind CD Projekt Red cyberattack, data theft

The ransomware attack against CD Projekt Red was conducted by a ransomware group that goes by the name 'HelloKitty,' and yes, that's the name the threat actors utilize. Today, CD Project disclosed that they were the target of a ransomware attack that encrypted devices on their network and led to the theft of unencrypted files. "Yesterday we discovered that we have become a victim of a targeted cyber attack, due to which some of our internal systems have been compromised. READ MORE...

Malware

New hacking tool targeting Bangladesh Android users blurs lines between spying and stealing

In one of his regular sweeps for new malicious software targeting Android phones, security researcher Vitor Ventura came across what looked like a run-of-the mill hacking tool. Like so many pieces of code before it, the malware was capable of stealing information from a mobile device and sending it back to a command and control server. But when Ventura dug deeper, he found that the remote access trojan (or RAT as the tool is commonly known) was capable of surreptitiously recording conversations. READ MORE...

Information Security

42% of Gmail scams targeted American users, Google finds

Who you are, where you are and how you experience online life are all major factors in whether you're targeted for phishing and malware campaigns on Gmail, a joint Stanford University-Google study concluded. The examination of 1.2 billion email-based phishing and malware attacks against Gmail users found that the risk of getting hit correlated at least in some significant measure to age, country, frequency of Gmail usage and past breach exposure. Users in the U.S. were most frequently targeted. READ MORE...

Exploits/Vulnerabilities

Vulnerabilities in NextGEN Gallery Plugin Exposed Many WordPress Sites to Takeover

Two severe vulnerabilities in the NextGEN Gallery WordPress plugin could have exposed more than 800,000 websites to complete takeover, WordPress security company Defiant reported on Monday. Available for more than a decade, the plugin provides users with a broad range of gallery management capabilities, such as batch upload of photos, metadata import, thumbnail editing, photo and gallery management, and more. READ MORE...

Microsoft fixes Windows 10 bug letting attackers trigger BSOD crashes

Microsoft has fixed a bug that could allow a threat actor to create specially crafted downloads that crash Windows 10 simply by opening the folder where they are downloaded. Last month, we reported on a bug in the Windows 10 console multiplexer driver, condrv.sys, that caused a blue screen of death crash (BSOD) when attempting to connect to the following path. When connecting to the device, developers are meant to pass the 'attach' extended attribute. READ MORE...

On This Date

  • ...in 1893, musician and comedian Jimmy Durante, known for his gravelly voice and distinctive "Schnozzola", is born in Manhattan, NY. Ha-cha-cha-cha!
  • ...in 1929, film and television composer Jerry Goldsmith ("Star Trek: The Motion Picture", "Patton", "Planet of the Apes") is born in Los Angeles, CA.
  • ...in 1942, RCA Victor awards bandleader Glenn Miller the first gold record, for his orchestra's recording of "Chattanooga Choo Choo".
  • ...in 1996, IBM supercomputer Deep Blue beats chess grandmaster Garry Kasparov, becoming the first AI to best a human world champion.

Cadre

Related posts

IT Security Newsletter - 9/19/2022

Uber was breached to its core, purportedly by an 18-year-old. Here's what's known Uber employees on...
Read more

IT Security Newsletter - 01/04/2021

Data breach broker selling user records stolen from 26 companies A data breach broker is selling...
Read more

IT Security Newsletter - 3/2/2020

US Railroad Contractor Reports Data Breach After Ransomware Attack RailWorks Corporation, one of...
Read more