IT Security Newsletter

IT Security Newsletter - 03/29/2021

Written by Cadre | Mon, Mar 29, 2021

Hackers target German lawmakers in an election year

Hackers have attempted to breach the private email accounts of certain German parliamentarians, a spokesperson for the legislative body confirmed Friday, in the latest example of cyber campaigns aimed at German politicians. German national security officials have briefed the parliament, known as the Bundestag, on the incident, and all the affected lawmakers have been informed, said Frank Bergmann, a Bundestag spokesperson. READ MORE...

SolarWinds Experimenting With New Software Build System in Wake of Breach

SolarWinds is experimenting with a completely new software build process that CEO Sudhakar Ramakrishna says is designed to ensure much better security against intrusions of the sort that the company disclosed last December. In addition, SolarWinds' CISO has been given full autonomy to stop product releases from happening purely due to time-to-market reasons. A new committee for cybersecurity has also been established at the board level, which includes the CEO and two CIOs. READ MORE...

Attackers tried to insert backdoor into PHP source code

The PHP development team has averted an attempted supply chain compromise that could have opened a backdoor into many web servers. What happened? "[On Sunday, March 28] two malicious commits were pushed to the php-src repo from the names of Rasmus Lerdorf and myself. We don't yet know how exactly this happened, but everything points towards a compromise of the git.php.net server (rather than a compromise of an individual git account)," developer Nikita Popov explained in a message. READ MORE...

Kaspersky Sees Rise in Ransomware Attacks on ICS Devices in Developed Countries

Cybersecurity firm Kaspersky observed a drop in ransomware attacks on industrial control system (ICS) computers in the second half of 2020, but it saw an increase in these types of attacks in developed countries. According to the company's Industrial Control System Threat Landscape report for H2 2020, globally, the percentage of ICS computers targeted with ransomware dropped from 0.63% in the first half of the year to 0.49% in the second half of 2020. READ MORE...

CompuCom MSP expects over $20M in losses after ransomware attack

American managed service provider CompuCom is expecting losses of over $20 million following this month's DarkSide ransomware attack that took down most of its systems. CompuCom is an IT managed services provider (MSP) and a wholly-owned subsidiary of The ODP Corporation (Office Depot/Office Max). The MSP's workforce of over 8,000 employees provides hardware and software repair, remote support, and other tech services to high-profile companies, including Citibank, Home Depot and target... READ MORE...

Ransomware admin is refunding victims their ransom payments

After recently announcing the end of the operation, the administrator of Ziggy ransomware is now stating that they will also give the money back. It appears that this is a planned move since the admin shared the "good news" a little over a week ago, but gave no details. Ziggy ransomware shut down in early February. In a short announcement, the administrator of the operation said that they were "sad" about what they did and that they "decided to publish all decryption keys." READ MORE...

5G Security Flaw Allows Data Access, DoS Attacks

A design flaw discovered in the architecture of 5G network slicing can allow malicious actors to access potentially sensitive data and launch denial-of-service (DoS) attacks, mobile network security company AdaptiveMobile Security warned this week. 5G network slicing enables operators to provide different amounts of resources to different types of traffic - based on their needs - by dividing the same physical network infrastructure into distinct virtual blocks. READ MORE...

Alex Salmond's Alba party website leaks data in IDOR foul-up

It's just two days since former SNP leader Alex Salmond launched a brand new political party to campaign for an independent Scotland. And already it has suffered a data breach. As Scotland's Herald on Sunday newspaper reports, a vulnerability on the Alba's website left the names of thousands of people who had signed-up to attend the party's events exposed. According to the newspaper, the names of 4,325 people were publicly visible on the Alba website due to a sloppy and easy-to-exploit coding error: READ MORE...

Microsoft: Black Kingdom ransomware group hacked 1.5K Exchange servers

Microsoft has discovered web shells deployed by Black Kingdom operators on approximately 1,500 Exchange servers vulnerable to ProxyLogon attacks. "They started later than some other attackers, with many compromises occurring between March 18 and March 20, a window when fewer unpatched systems were available," the Microsoft 365 Defender Threat Intelligence Team said. "These web shells were observed on around 1,500 systems, not all of which moved to the ransomware stage. READ MORE...

'Hades' Ransomware Hits Big Firms, but Operators Slow to Respond to Victims

Researchers from CrowdStrike, Accenture, and Awake Security have dissected some of the attacks involving the Hades ransomware and published information on both the malware itself and the tactics, techniques and procedures (TTPs) employed by its operators. Initially observed in December 2020, the self-named Hades ransomware (a different malware family from the Hades Locker ransomware that emerged in 2016) employs a double-extortion tactic, exfiltrating victim data. READ MORE...

  • ...in 1886, pharmacist John Pemberton brews the first batch of Coca-Cola in an Atlanta, GA backyard.
  • ...in 1943, comedian/musician Eric Idle, best known for his work with the Monty Python comedy troupe, is born in Durham, England.
  • ...in 1973, the last U.S. military forces withdraw from South Vietnam.
  • ...in 1974, the Mariner 10 space probe becomes the first man-made vessel to fly past the planet Mercury.