<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 04/15/2021

SHARE

Breaches

Lawmakers press spy leaders on lagging efforts to block foreign hackers

When companies become aware they have been targeted by criminal or nation-state hackers, they need to fess up and come to the U.S. government with information to help feds get a better handle on foreign nation-state hacking, FBI Director Chris Wray emphasized during testimony on Capitol Hill Wednesday. Wray noted that companies coming forward when they are impacted in cyberattacks is a crucial part of developing a sort of early-warning system for foreign hackers. READ MORE...


Irish Watchdog Opens Another Facebook Probe, Over Data Dump

Ireland's privacy regulator said Wednesday it has opened an investigation into Facebook after data on more than 500 million users was reportedly found dumped online, in a suspected violation of strict European Union privacy rules. The Data Protection Commission said it decided to start investigating following "multiple international media reports" about the data dump. News reports earlier this month said the data was found on a website for hackers and contained information. READ MORE...

Hacking

Attackers Target ProxyLogon Exploit to Install Cryptojacker

Cryptojacking can be added to the list of threats that face any unpatched Exchange servers that remain vulnerable to the now-infamous ProxyLogon exploit, new research has found. Researchers discovered the threat actors using Exchange servers compromised using the highly publicized exploit chain-which suffered a barrage of attacks from advanced persistent threat (APT) groups to infect systems with everything from ransomware to webshells-to host Monero cryptomining malware. READ MORE...

Malware

Ransomware disrupts food supply chain, Exchange exploitation suspected

When malware found its way into the network of Bakker Logistiek, a company specializing in the transport and warehousing of food and other products, on the night of 4 to 5 April, its IT systems ground to a halt. And, along with them, the reception of orders from clients, and the delivery of goods to branches of Albert Heijn, the largest supermarket chain in the Netherlands. With systems down, companies affected have resorted to using pen and paper for the time being. READ MORE...

Information Security

School janitor says she was fired for not installing smartphone tracking app

A school janitor has lost her job, and she says it's because she refused to download a smartphone app that would track her location. According to Canadian media reports, Michelle Dionne lost her job cleaning at an elementary school in Darwell, Alberta, after her employer ordered staff to install an app on their personal smartphones that would keep track of their location and work hours. Upon receiving the request, Dionne expressed concerns about her privacy. READ MORE...

Exploits/Vulnerabilities

Second Google Chrome zero-day exploit dropped on twitter this week

A second Chromium zero-day remote code execution exploit has been released on Twitter this week that affects current versions of Google Chrome, Microsoft Edge, and likely other Chromium-based browsers. A zero-day vulnerability is when detailed information about a vulnerability or an exploit is released before the affected software developers can fix it. These vulnerabilities pose a significant risk to users as they allow threat actors to begin using them before a fix is released. READ MORE...


NSA: Top 5 vulnerabilities actively abused by Russian govt hackers

A joint advisory from the U.S. National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI) warn that the Russian Foreign Intelligence Service (SVR) is exploiting five vulnerabilities in attacks against U.S. organizations and interests. In an advisory issued today, the NSA said that it is aware of the Russian SVR using these vulnerabilities against public-facing services to obtain authentication credentials. READ MORE...

Encryption

Report: Aussie biz Azimuth cracked San Bernardino shooter's iPhone, ending Apple-FBI privacy standoff

Australian security firm Azimuth has been identified as the experts who managed to crack a mass shooter's iPhone that was at the center of an encryption standoff between the FBI and Apple. Until this week it had largely been assumed that Israeli outfit Cellebrite was hired to forcibly unlock an encrypted iPhone 5C used by Syed Farook - who in 2015 shot and killed colleagues at a work event in San Bernardino, California, claiming inspiration from ISIS. READ MORE...

On This Date

  • ...in 1452, Italian painter, sculptor, and architect Leonardo da Vinci is born in Florence.
  • ...in 1865, at 7:22 a.m., Abraham Lincoln, the 16th president of the United States, dies from a bullet wound inflicted the night before by John Wilkes Booth.
  • ...in 1912, the British ocean liner Titanic sinks into the North Atlantic Ocean about 400 miles south of Newfoundland, Canada.
  • ...in 1947, Jackie Robinson, age 28, becomes the first African American player in Major League Baseball.