<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 10/14/2019

SHARE

Breaches_ITSEC-1

Click2Mail Suffers Data Breach

Email service Click2Mail today said it is alerting customers of a data breach that may have exposed their personal data. The company initially discovered the breach after some customer user names and email addresses were found being abused in spam messages. Names, organization names, account mailing addresses, email addresses, and phone numbers "may have been compromised" in the cyberattack, the company said in its notification to customers.

Hacking_ITSEC

The top ten password-cracking techniques used by hackers

Understanding the password-cracking techniques hackers use to blow your online accounts wide open is a great way to ensure it never happens to you. You will certainly always need to change your password, and sometimes more urgently than you think, but mitigating against theft is a great way to stay on top of your account security. You can always head to www.haveibeenpwned.com to check if you're at risk but simply thinking your password is secure enough to not be hacked into, is a bad mindset to have.

Malware_ITSEC

Sodinokibi Ransomware: Following the Affiliate Money Trail

After a Sodinokibi ransomware affiliate posted partial transaction IDs for ransomware payments, researchers were able to use that information to follow the money trail for affiliates and in some cases, how they spend their illicit earnings. Earlier this month, McAfee provided a look at the GandCrab Ransomware-as-an-Affiliate operation and how the Sodinokibi Ransomware recruited the top performers to build an all-star team of affiliates after GandCrab was shut down.


Attackers Create Elaborate Crypto Trading Scheme to Install Malware

Attackers have created an elaborate scheme to distribute a cryptocurrency trading program that installs a backdoor on a victim's Mac or Windows PC. Security researcher MalwareHunterTeam discovered a scheme where an attacker has created a fake company that is offering a free cryptocurrency trading platform called JMT Trader. When this program is installed, it will also infect a victim with a backdoor Trojan.

Exploits_ITSEC

Planting Tiny Spy Chips in Hardware Can Cost as Little as $200

More than a year has passed since Bloomberg Businessweek grabbed the lapels of the cybersecurity world with a bombshell claim: that Supermicro motherboards in servers used by major tech firms, including Apple and Amazon, had been stealthily implanted with a chip the size of a rice grain that allowed Chinese hackers to spy deep into those networks. But even as the facts of that story remain unconfirmed, the security community has warned that the possibility of the supply chain attacks it describes is all too real.

Encryption_ITSEC

Computing enthusiast cracks ancient Unix code

Old passwords never die – they just become easier to decode. That’s the message from a tight-knit community of tech history enthusiasts who have been diligently cracking the passwords used by some of the original Unix engineers four decades ago. On 3 October, an enthusiast on the Unix Heritage Society mailing list asked a question about cracking passwords stored in old Unix systems.