IT Security Newsletter - 03/17/2021
Mimecast Says SolarWinds Hackers Stole Source Code
Email security company Mimecast on Tuesday said it completed its forensic investigation into the impact of the SolarWinds supply chain attack, and revealed that the threat actor managed to steal some source code. Mimecast was one of the several cybersecurity companies to confirm being targeted by the hackers who breached the systems of IT management solutions provider SolarWinds. READ MORE...
Twitter hacker pleads guilty, sentenced to 3 years
A Florida teenager has admitted to orchestrating the hijacking of celebrity Twitter accounts last year as part of a plea deal that will see him serve three years in a juvenile facility, prosecutors said Tuesday. Graham Ivan Clark, 18, admitted to being behind a scheme that saw him steal more than $117,000 by taking over the Twitter accounts of numerous public figures and then blasted out tweets promoting cryptocurrency, according to prosecutors in Hillsborough County, Fla. READ MORE...
Mom & Daughter Duo Hack Homecoming Crown
A Florida high-school student faces jail time for rigging her school's Homecoming Queen election. A 17-year-old high school senior along with her mother, Laura Rose Carroll, were arrested this week, charged with accessing student records in a fraudulent attempt to rig her school's Homecoming Queen election. Carroll worked as an assistant principal at Bellview Elementary School in the Escambia County School District in Cantonment, Fla. - the same district where her daughter attended Tate High School. READ MORE...
Microsoft explains the cause of yesterday's massive service outage
Microsoft has shed some light on the root cause behind yesterday's massive Azure authentication outage that affected multiple Microsoft services and blocked users from logging into their accounts. Customers experienced authentication errors across many Microsoft services, including Microsoft 365, Microsoft Teams, Exchange Online, Forms, Xbox Live, Intune, Outlook.com, Office Web, SharePoint Online, OneDrive for Business, Yammer, and more. READ MORE...
Microsoft's Azure SDK site tricked into listing fake package
A security researcher was able to add a counterfeit test package to the official list of Microsoft Azure SDK latest releases. The simple trick if abused by an attacker can give off the impression that their malicious package is part of the Azure SDK suite. New package added to Azure SDK releases page. This month security researcher Alex Birsan demonstrated how anyone could add their own package to the list of official Azure SDK Latest Releases. READ MORE...
Another Mirai variant used in attempted hacks on routers, switches
Four years after being used in one of the most powerful distributed denial-of-service attacks on record, the so-called Mirai malware continues to haunt the internet. Researchers on Monday evening revealed that attackers used a new variant of the malicious software in a string of ongoing hacking attempts against devices like routers and switches. The attackers are using no less than eight flaws in popular networking gear to try to remotely commandeer the devices. READ MORE...
Magecart Attackers Save Stolen Credit-Card Data in .JPG File
Magecart attackers have found a new way to hide their nefarious online activity by saving data they've skimmed from credit cards online in a .JPG file on a website they've injected with malicious code. Researchers at website security firm Sucuri discovered the elusive tactic recently during an investigation into a compromised website using the open-source e-commerce platform Magento 2, Luke Leal from Sucuri's malware research team said in a report posted online last week. READ MORE...
FBI Warns of PYSA Ransomware Attacks on Education Institutions in US, UK
An alert issued on Tuesday by the FBI warns about an increase in PYSA ransomware attacks on education institutions in the United States and the United Kingdom. Last year, authorities in the UK and France also issued alerts for the PYSA ransomware, following attacks on government and other types of organizations. According to the FBI, PYSA attacks have been launched by "unidentified cyber actors" against higher education, K-12 schools and seminaries in a dozen U.S. states, as well as the U.K. READ MORE...
- ...in 1905, Albert Einstein finishes his scientific paper detailing his Quantum Theory of Light, one of the foundations of modern physics.
- ...in 1948, science fiction author William Gibson, whose 1984 novel "Neuromancer" helped popularize the concept of cyberspace, is born in Conway, SC.
- ...in 1959, Tenzin Gyatso, the 14th Dalai Lama, flees Tibet for India, where he lives as a refugee to this day.
- ...in 1969, Golda Meir becomes the first female Prime Minister of Israel.