IT Security Newsletter

IT Security Newsletter - 03/03/2021

Written by Cadre | Wed, Mar 3, 2021

Oxfam Australia confirms data breach after stolen info sold online

Oxfam Australia has confirmed a data breach after suffering a cyberattack and their donor databases put up for sale on a hacker forum in January. Oxfam Australia is a charity focused on alleviating poverty in Africa, Asia, and the middle east. The charity is part of a confederation of twenty individual charities operating under the Oxfam name. first to report that a threat actor was selling a stolen Oxfam Australia database containing 1.7 million user records. READ MORE...

Malaysia Airlines discloses a nine-year-long data breach

Malaysia Airlines has suffered a data breach spanning nine years that exposed the personal information of members in its Enrich frequent flyer program. Starting yesterday, Malaysia Airlines began emailing members of their Enrich rewards program to disclose that they were affected by a data breach. According to Malaysia Airlines, the breach occurred at a third-party IT service provider who notified the airline that member data was exposed between March 2010 and June 2019. READ MORE...

Microsoft Fixes Exchange Server Zero-Days Exploited in Active Attacks

Microsoft fixes multiple Exchange Server vulnerabilities being weaponized in attacks from a group it believes operates out of China. Microsoft has released patches for four critical vulnerabilities being used to target on-premises versions of Microsoft Exchange Server in "limited and targeted" attacks. It attributes the activity to a group called Hafnium, which officials believe is state-sponsored and operates out of China. READ MORE...

Mobile Adware Booms, Online Banks Become Prime Target for Attacks

A snapshot of the 2020 mobile threat landscape reveals major shifts toward adware and threats to online banks. Hackers painted a bullseye on the backs of online financial institutions in 2020 as the pandemic shuttered local branch offices and forced customers online. Over the past 12 months, incidents of adware nearly tripled. And, overall in 2020 researchers saw a slight drop in the number of mobile cyberattacks, according to a report released Monday by Kaspersky. READ MORE...

Malware Loader Abuses Google SEO to Expand Payload Delivery

The Gootloader malware loader, previously used for distributing the Gootkit malware family, has undergone what researchers call a "renaissance" when it comes to payload delivery. New research released this week paints Gootloader as an increasingly sophisticated loader framework, which has now expanded the number of payloads its delivers beyond Gootkit (and in some cases, the previously-distributed REvil ransomware), to include the Kronos trojan and the Cobalt Strike commodity malware. READ MORE...

Cash App phishing kit deployed in the wild, courtesy of 16Shop

The developer of the 16Shop phishing platform has added a new component that targets users of the popular Cash App mobile payment service. Deployment of the new 16Shop product started as soon as it became available, luring potential victims into providing sensitive details that would give fraudsters access to the account and the associated payment information. 16Shop is a complex phishing kit from a developer known as DevilScream. READ MORE...

Number of investigations into SolarWinds breach grows, along with cleanup cost

SolarWinds, the federal contractor breached by suspected Russian hackers, acknowledged investigations and inquiries from the Securities and Exchange Commission, the Department of Justice and several state attorneys general, in a filing on Monday. The Texas-based company disclosed the investigations, which include inquiries related to the European Union's General Data Protection Regulation, in its annual report to investors Monday. READ MORE...

Intel hit with $2.2 billion patent judgment

A Texas jury has ordered Intel to pay $2.18 billion in damages for infringing two patents. The lawsuit was filed by VLSI Technology LLC, a 4-year-old firm that Intel says has no products and no sources of revenue besides patent litigation. The patents at issue in the case previously belonged to NXP Semiconductors, a Dutch company that spun off from Philips in 2006. NXP acquired the patents when it bought Freescale Semiconductor (itself a spinoff of Motorola) in 2015. READ MORE...

  • ...in 1845, Congress overrides presidential veto for first time with a two-thirds majority vote, forcing President John Tyler to get Congressional approval to build new ships.
  • ...in 1923, the first issue of TIME magazine is published. The first cover subject is then-Speaker of the US House of Representatives Joseph Cannon.
  • ...in 1931, President Herbert Hoover signs a congressional act making "The Star-Spangled Banner" the official national anthem of the United States.
  • ...in 1959, radio host and producer Ira Glass ("This American Life") is born in Baltimore, MD.