<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter -04/16/2021

SHARE

Breaches

Codecov Bash Uploader Dev Tool Compromised in Supply Chain Hack

Security response professionals are scrambling to measure the fallout from a software supply chain compromise of Codecov Bash Uploader that went undetected since January and exposed sensitive secrets like tokens, keys and credentials from organizations around the world. The hack occurred four months ago but was only discovered in the wild by a Codecov customer on the morning of April 1, 2021, the company said in a note acknowledging the severity of the breach. READ MORE...

Hacking

Celsius email system breach leads to phishing attack on customers

Cryptocurrency rewards platform Celsius Network has disclosed a security breach exposing customer information that led to a phishing attack. Today, Celsius CEO Alex Mashinsky stated that Celsius' third-party marketing server was compromised, and threat actors gained access to a partial Celsius customer list. "An unauthorized party managed to gain access to a back-up third-party email distribution system which had connections to a partial customer email list. READ MORE...


IBM: 44 Organizations Targeted in Attacks Aimed at COVID-19 Vaccine Cold Chain

More than 40 organizations have been targeted in a global campaign focused on the COVID-19 vaccine cold chain infrastructure, which handles the distribution of vaccines and their storage at the required temperatures. Following an initial report in December 2020, IBM Security X-Force now reveals that the number of affected organizations is higher compared to the previous assessment. A total of 44 organizations in 14 countries were targeted. READ MORE...


University of Hertfordshire pulls the plug on, well, everything after cyber attack

Another UK institution topples at the hands of miscreants. The University of Hertfordshire has fallen victim to a cyber attack that has resulted in the establishment pulling all its systems offline to deal with the situation. The result has been a suspension of all online teaching today and in-person, on-campus teaching only happening if computer access is not required. The university's Wi-Fi is down and there is no student access (either in-person or remote) to its computer facilities. READ MORE...

Software Updates

Mozilla drops Firefox support on Amazon Fire TV

This month, Mozilla has announced plans to phase out support for the Firefox web browser app on the Amazon Fire TV product line. Amazon Fire TV exists both as an app and a physical stick that TV owners can install on their television sets to access a plethora of streaming services. Although Firefox will be no longer supported on Fire TV effective at the end of this month, Amazon Silk web browser app remains available to Fire TV users. Mozilla Firefox support to end on Amazon Fire TV. READ MORE...

Malware

Popular NFT marketplace Rarible targeted by scammers and malware

Nothing attracts a scammer more than money, and with the NFT craze generating a ton of sales, threat actors are trying to capitalize on it. An NFT, or Non-Fungible Token, is data stored on a cryptocurrency blockchain that a digital certificate has signed to prove that it is unique and cannot be copied. ver the past year, NFTs have reached mainstream attention as artists sell their digital art for cryptocurrency at popular websites such as Rarible and OpenSea. READ MORE...

Information Security

White House launches plan to protect US critical infrastructure against cyber attacks

The White House is reportedly moving swiftly forward with a plan to harden the security of the US power grid against hacking attacks. According to Bloomberg, Biden administration has a plan to dramatically improve how power utilities defend themselves against attacks from countries considered to be adversaries in cyberspace - such as Russia, Iran, North Korea, and China. The six-page draft plan, drawn up by the National Security Council, is said to provide incentives for electricity companies. READ MORE...


Consumers worry about the cybersecurity of connected vehicles

U.S. motorists worry about the cybersecurity of their connected vehicles, according to a survey by HSB, part of Munich Re. Some even believe a hacker could confront them over their car audio systems or disable automotive safety features. Connected vehicles and cybersecurity. The HSB poll by Zogby Analytics found that 37 percent of consumers who responded were somewhat or very concerned about the cyber security and safety of connected and automated vehicles. READ MORE...

Exploits/Vulnerabilities

Nation-State Attacks Force a New Paradigm: Patching as Incident Response

IT no longer has the luxury of thoroughly testing critical vulnerability patches before rolling them out. Patching security vulnerabilities has always been the most important security activity an IT team does. For the 25+ years I've spent in security, keeping systems up to date with security patches has been recommendation No. 1 in any set of IT best practices. And during most of this time, we have had the luxury of patching at our own pace. READ MORE...


Reddit Launches Public Bug Bounty Program

Reddit this week announced the launch of a public bug bounty program on the vulnerability hunting platform HackerOne. Following a three-year private bug bounty program on HackerOne, which has resulted in over $140,000 being awarded in bug bounties for 300 vulnerability reports focusing on reddit.com, the program is going public with an expanded scope. The purpose of the program, Reddit notes, is to keep users' accounts, identities, and private data protected, including chats, messages... READ MORE...

On This Date

  • ...in 1940, Bob Feller of the Cleveland Indians throws a no-hitter.
  • ...in 1952, voice actor Billy West, best known as Fry on "Futurama" and Stimpy on "Ren & Stimpy", is born in Detroit, MI.
  • ...in 1963, The Beatles perform on BBC TV for the first time on The 625 Show.
  • ...in 1972, Apollo 16 is launched from Cape Canaveral. It will be the fifth lunar landing of the Apollo program.