<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 04/09/2021

SHARE

Breaches

600K Payment Card Records Leaked After Swarmshop Breach

A leaked database also contains the nicknames, hashed passwords, contact details, and activity history of Swarmshop admins, sellers, and buyers. A breach of Swarmshop, an online hub for selling stolen personal and payment records, has led to the exposure of more than 600,000 payment card numbers and nearly 70,000 sets of US Social Security numbers and Canadian Social Insurance numbers, Group-IB researchers report. READ MORE...

Hacking

Windows and Linux devices are under attack by a new cryptomining worm

A newly discovered cryptomining worm is stepping up its targeting of Windows and Linux devices with a batch of new exploits and capabilities. Research company Juniper started monitoring what it's calling the Sysrv botnet in December. One of the botnet's malware components was a worm that spread from one vulnerable device to another without requiring any user action. It did this by scanning the Internet for vulnerable devices and, when found, infecting them using a list of exploits. READ MORE...


Belden says health benefits data stolen in 2020 cyberattack

Belden has disclosed that additional data was accessed and copied during their November 2020 cyberattack related to employees' healthcare benefits and family members covered under their plan. Belden is a US-based manufacturer of network connectivity devices, including routers, firewalls, switches, cabling, and connectors. Belden generated $2.5 billion in revenue for 2019 and employs approximately 9,000 people. READ MORE...

Software Updates

Google Chrome blocks port 10080 to stop NAT Slipstreaming attacks

Google Chrome is now blocking HTTP, HTTPS, and FTP access to TCP port 10080 to prevent the ports from being abused in NAT Slipstreaming 2.0 attacks. Last year, security researcher Samy Kamkar disclosed a new version of the NAT Slipstreaming vulnerability that allows scripts on malicious websites to bypass visitors' NAT firewall and gain access to any TCP/UDP port on the visitor's internal network. Using these vulnerabilities, threat actors can perform a wide range of attacks. READ MORE...

Malware

Collaboration Platforms Increasingly Abused for Malware Distribution, Data Exfiltration

Threat actors are increasingly abusing collaboration platforms for nefarious purposes, including malware delivery and data exfiltration, security researchers with Cisco's Talos division report. With the COVID-19 pandemic forcing many organizations to switch to telework, interactive communication platforms such as Discord and Slack saw increased adoption and adversaries didn't wait long to start abusing these tools. READ MORE...


Adware Spreads via Fake TikTok App, Laptop Offers

Cybercriminals are encouraging users to send the "offers" via WhatsApp to their friends as well. Malicious Android apps disguised as TikTok and offers for free Lenovo laptops are being used in ad-stuffing attacks underway against devices on the Jio telecom network in India, security researchers warn. Researchers from Zscaler report this threat actor has been operating various phishing scams since March 2020, all using recent headlines as lures. READ MORE...

Information Security

US intelligence report warns of increased offensive cyber, disinformation around the world

Over the course of the next 20 years, nation-states will see a rise in targeted offensive cyber-operations and disinformation in an increasingly "volatile and confrontational" global security landscape, according to a new U.S. intelligence assessment. The U.S. intelligence community's Global Trends report, issued on Thursday, notes many of theses offensive cyber-operations will likely target civilian and military infrastructure. READ MORE...


Online testing firm agrees to security audit after inquiry from senator

A company whose software has been widely used to administer law school entrance exams during the coronavirus pandemic has agreed to an independent audit of the software after a U.S. senator raised cybersecurity concerns about the product. Alabama-based ProctorU's web-browser extension software has allowed people across the U.S. to take the LSAT exam from home during the pandemic. But Sen. Ron Wyden, D-Ore. , worried that that same accessibility, if left unsecured. READ MORE...

Exploits/Vulnerabilities

Library Dependencies and the Open Source Supply Chain Nightmare

It's a bigger problem than is immediately apparent, and has the potential for hacks as big as Equifax and as widespread as SolarWinds. The universal need for speed and lack of resource in commercial app development requires developers to use free open-source software libraries. The difficulty is that there is no easy way to manage the open-source vulnerabilities that get included via the libraries into the finished commercial app. READ MORE...


Zero-Day Bug Impacts Problem-Plagued Cisco SOHO Routers

Cisco Systems said it will not fix a critical vulnerability found in three of its SOHO router models. The bug, rated 9.8 in severity out of 10, could allow unauthenticated remote users to hijack targeted equipment and gain elevated privileges within effected systems. The three Cisco router models (RV110W, RV130, and RV215W) and one VPN firewall device (RV130W) are of varying age and have reached "end of life" and will not be patched, according to Cisco. READ MORE...

On This Date

  • ...in 1865, Gen. Robert E. Lee surrenders to Ulysses S. Grant at Appomattox Court House in Virginia, ending the American Civil War
  • ...in 1898, singer, actor, and social activist Paul Robeson ("Show Boat", ) is born in Princeton, New Jersey.
  • ...in 1928, musical satirist and mathematician Tom Lehrer, known for such novelty songs as "The Elements" and "The Vatican Rag", is born in New York City.
  • ...in 1992, former Panamanian dictator Manuel Noriega is found guilty by a U.S. Federal Court of drug and racketeering charges, and sentenced to 30 years in prison.