IT Security Newsletter - 03/23/2021
Energy giant Shell discloses data breach after Accellion hack
Energy giant Shell has disclosed a data breach after attackers compromised the company's secure file-sharing system powered by Accellion's File Transfer Appliance (FTA). Shell (short for Royal Dutch Shell plc) is a multinational group of petrochemical and energy companies with more than 86,000 employees in over 70 countries. It is also the fifth-largest company in the works based on its 2020 revenue results according to Fortune's Global 500 rankings. READ MORE...
Thousands of Exchange servers breached prior to patching, CISA boss says
A U.S. government cybersecurity official on Monday warned organizations not to have a false sense of security when it comes to vulnerabilities in Microsoft Exchange Server software, noting that "thousands" of computer servers with updated software had already been breached. "Patching is not sufficient," said Brandon Wales, acting head of the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) [...]" READ MORE...
MangaDex manga site temporarily shut down after cyberattack
Manga scanlation giant MangaDex has been temporarily shut down after suffering a cyberattack and having its source code stolen. MangaDex is one of the largest manga scanlation (scanned translations) sites where visitors can read manga comics online for free. According to SimilarWeb, MangaDex is the 179th most frequently visited site on the web, with over 76 million visitors per month. READ MORE...
Recently Patched Android Vulnerability Exploited in Attacks
Google has warned Android users that a recently patched vulnerability has been exploited in attacks. The vulnerability in question, tracked as CVE-2020-11261, was patched by Google with the Android security updates released in January 2021. The vulnerability is a high-severity improper input validation issue affecting a display/graphics component from Qualcomm. The flaw was reported to Qualcomm through Google in July 2020 and it affects a long list of chipsets. READ MORE...
UK Unveils Plan for Smaller, More High-Tech Armed Forces
Britain plans to cut the size of its army and boost spending on drones, robots and a new "cyber force" under defense plans announced by the government on Monday. Defense Secretary Ben Wallace said the British Army would shrink from 76,500 soldiers to 72,500 by 2025. He said the army hadn't been at its "established strength" of 82,500 for several years. Wallace said the military would no longer be "overstretched and underequipped" and that new investment in equipment, infrastructure and technology. READ MORE...
CopperStealer Malware Targets Facebook and Instagram Business Accounts
A previously undocumented password and cookie stealer has been compromising accounts of big guns like Facebook, Apple, Amazon and Google since 2019 and then using them for cybercriminal activity. A malware that until now has gone undocumented has been quietly hijacking online accounts of advertisers and users of Facebook, Apple, Amazon, Google and other web giants since July 2019 and then using them for nefarious activity, researchers have found. READ MORE...
Electricity Distribution Systems at Increasing Risk of Cyberattacks, GAO Warns
A newly published report form the U.S. Government Accountability Office (GAO) describes the risks of cyber-attacks on the electricity grid's distribution systems, along with the scale of the potential impact of such attacks. Following a performance audit conducted between September 2019 and March 2021, GAO has discovered that the electricity grid's distribution systems are increasingly vulnerable to cyber-attacks and that the potential impact of such attacks is not yet clear. READ MORE...
US racing to address Microsoft vulnerabilities, especially for small businesses
The number of entities in the U.S. that remain vulnerable to the recently announced Microsoft Exchange Server software flaws is dropping, according to a National Security Council spokesperson. Overall, the number of vulnerable systems fell 45% last week, the National Security Council (NSC) spokesperson said in a statement, and there are now fewer than 10,000 vulnerable systems in the U.S., compared to the more than 120,000 entities that were vulnerable when the software bugs were first uncovered. READ MORE...
Hackers are exploiting new F5 bug in the wild
That didn't take long. Just days after enterprise IT provider F5 Networks disclosed critical vulnerabilities in its software, researchers say hackers have exploited one of the bugs in attempted intrusions. "Starting this week and especially in the last 24 hours … we have observed multiple exploitation attempts against our honeypot infrastructure," researchers from security firm wrote in a blog post Thursday. The situation escalated over the weekend. READ MORE...
- ...in 1857, Elisha Otis installs his first elevator, four years after demonstrating its safety locking mechanism at the 1853 New York World's Fair
- ...in 1910, Japanese film director Akira Kurosawa, ("Seven Samurai", "Rashomon") is born in Tokyo.
- ...in 1949, musician/producer Ric Ocasek of The Cars ("Just What I Needed", "You Might Think") is born in Baltimore, MD.
- ...in 2001, Russia's Mir space station is retired via a controlled atmospheric entry, burning up in the skies above Fiji before falling into the South Pacific.