IT Security Newsletter - 04/01/2021
Ubiquiti cyberattack may be far worse than originally disclosed
The data breach report from Ubiquiti in January is allegedly a cover-up of a massive incident that put at risk customer data and devices deployed on corporate and home networks. In the short communication, the company said that an attacker had accessed some of its IT systems hosted by a third party cloud provider and that it found no indication of unauthorized activity impacting user accounts. Despite any evidence of access to any databases with user info. READ MORE...
SolarWinds breach severity perception increasing over time
(ISC)² has published the results of an online survey of 303 cybersecurity professionals from around the globe in which respondents compared their perception of the severity of the SolarWinds Orion software breach between when it was first reported and several weeks later as more information was revealed. Respondents also relayed how the breach has impacted their jobs, recommended changes to organizational security practices and provided lessons learned. READ MORE...
Child Tweets Gibberish from U.S. Nuke Account
Telecommuting social-media manager for the U.S. Strategic Command left the laptop open and unsecured while stepping away. A nonsense tweet sent out from the official account of U.S. Strategic Command is no reason for alarm, according to the department. The social media manager's kid found an open laptop, pounded on a few random keys and sent the tweet, which read, ",l,,gmlxzssaw" last Sunday. The tweets were met with alarm since @USSTRATCOM controls the launch codes for the country's nuclear arsenal. READ MORE...
North Korean hackers return, target infosec researchers in new operation
In January, Google and Microsoft outed what they said was North Korean government-sponsored hackers targeting security researchers. The hackers spent weeks using fake Twitter profiles-purportedly belonging to vulnerability researchers-before unleashing an Internet Explorer zero-day and a malicious Visual Studio Project, both of which installed custom malware. Now, the same hackers are back, a Google researcher said on Wednesday, this time with a new batch of social media profiles. READ MORE...
800Gbps DDoS extortion attack hits gambling company
Distributed denial-of-service (DDoS) attacks started strong this year, setting new records and taking the extortion trend that started last August to the next level. Internet security services company Akamai has already dealt with the largest known ransom DDoS (RDDoS) attack, which was also more complex than previously seen incidents of the same type. Akamai says that in February they dealt with "three of the six biggest volumetric DDoS attacks" the company has ever recorded. READ MORE...
DeepDotWeb boss pleads guilty to laundering millions
The administrator of a dark web marketplace that served as a gateway for purchasing heroin, firearms and hacking tools pleaded guilty to money laundering charges on Wednesday. The Justice Department said that Tal Prihar administered DeepDotWeb, where he received $8.4 million in kickbacks from dark web marketplaces for providing prospective customers with direct links to those sites, which sold illegal goods but weren't easily found via search engines. READ MORE...
BazarCall malware uses malicious call centers to infect victims
For the past two months, security researchers have been waging an online battle against a new 'BazarCall' malware that uses call centers to distribute some of the most damaging Windows malware. The new malware was discovered being distributed by call centers in January and is named BazarCall, or BazaCall, as the threat actors initially used it to install the BazarLoader malware. While other malware is now being distributed, researchers continue to identify the distribution campaign as BazarCall. READ MORE...
Back in a Bit: Attacker Use of the Windows Background Intelligent Transfer Service
Microsoft introduced the Background Intelligent Transfer Service (BITS) with Windows XP to simplify and coordinate downloading and uploading large files. Applications and system components, most notably Windows Update, use BITS to deliver operating system and application updates so they can be downloaded with minimal user disruption. Applications interact with the Background Intelligent Transfer Service by creating jobs with one or more files to download or upload. READ MORE...
Fraud Ring Launders Money Via Fake Charity Donations
The Cart Crasher gang is testing stolen payment cards while cleaning ill-gotten funds. A money-laundering fraud ring is targeting donation sites, taking advantage of the outpouring of charity sparked by the global pandemic. Dubbed Cart Crasher by the Sift security firm, the fraud ring leverages guest checkout options on donation sites to steal money and launder stolen payment cards. The scheme is straightforward: First, fraudsters set up recipient accounts on various donation sites. READ MORE...
Mayorkas pledges to modernize US cyber-defenses after their failure to detect alleged Russian spies
A suspected Russian hacking campaign exposed glaring shortcomings in the U.S. government's approach to cybersecurity, Homeland Security Secretary Alejandro Mayorkas said Wednesday while promising to harness federal resources to improve public and private-sector defenses. Mayorkas pledged to improve nearly every major facet of DHS's cybersecurity work, from helping federal agencies recover from hacks to thwarting them in the first place. READ MORE...
Dutch Data Protection Authority Fines Booking.com Over Incident Notification
The Dutch Data Protection Authority announced on Wednesday that it has issued a fine of €475,000 (roughly $550,000) to online travel agency Booking.com for failing to report a data security incident within the required timeframe. According to the privacy watchdog, the incident took place in December 2018 and it involved cybercriminals using voice phishing (vishing) and social engineering to trick the employees of 40 hotels in the United Arab Emirates into handing over their credentials. READ MORE...
VMware vROps Flaws Can Provide 'Unlimited Opportunities' in Attacks on Companies
A couple of serious vulnerabilities patched recently by VMware in its vRealize Operations (vROps) product can pose a significant risk to organizations, according to a researcher involved in the discovery of the security bugs. The vROps IT operations management product, specifically the vRealize Operations Manager API, is affected by a server-side request forgery (SSRF) vulnerability tracked as CVE-2021-21975, and an arbitrary file write issue tracked as CVE-2021-21983. READ MORE...
Websites of EU Mobile Providers Fail to Properly Secure User Data: Report
Sensitive data pertaining to the customers of top mobile services providers in the European Union is at risk of compromise due to improperly secured websites, data security and privacy firm Tala reveals. An analysis of the websites of 13 of the top mobile telecom companies in the EU has revealed that none of them has in place even the minimum necessary protections to be considered secure. "With over 235 million customers between them, none of the mobile providers scored a passing grade [...]" READ MORE...
- ...in 1920, Japanese actor Toshiro Mifune, who starred in numerous films directed by Akira Kurosawa ("Seven Samurai", "Yojimbo"), is born in Qingdao, China.
- ...in 1929, The yo-yo is introduced in the United States by Louis Marx.
- ...in 1976, Apple Inc. is formed by Steve Jobs, Steve Wozniak, and Ronald Wayne in Cupertino, CA.
- ...in 1982, The United States transfers control of the Panama Canal Zone to Panama.