IT Security Newsletter

IT Security Newsletter - 12/17/2020

Written by Cadre | Thu, Dec 17, 2020

FBI, CISA officially confirm US govt hacks after SolarWinds breach

The compromise of multiple US federal networks following the SolarWinds breach was officially confirmed for the first time in a joint statement released earlier today by the FBI, DHS-CISA, and the Office of the Director of National Intelligence (ODNI). "Over the course of the past several days, the FBI, CISA, and ODNI have become aware of a significant and ongoing cybersecurity campaign," the US intelligence agencies said. READ MORE...

Malicious Domain in SolarWinds Hack Turned into 'Killswitch'

A key malicious domain name used to control potentially thousands of computer systems compromised via the months-long breach at network monitoring software vendor SolarWinds was commandeered by security experts and used as a "killswitch" designed to turn the sprawling cybercrime operation against itself, KrebsOnSecurity has learned. READ MORE...

"Evil mobile emulator farms" used to steal millions from US and EU banks

Researchers from IBM Trusteer say they've uncovered a massive fraud operation that used a network of mobile device emulators to drain millions of dollars from online bank accounts in a matter of days. The scale of the operation was unlike anything the researchers have seen before. In one case, crooks used about 20 emulators to mimic more than 16,000 phones belonging to customers whose mobile bank accounts had been compromised. READ MORE...

Trend Micro Patches Serious Flaws in Product Used by Companies, Governments

Trend Micro informed customers this week that an update for its InterScan Web Security Virtual Appliance (IWSVA) patches several potentially serious vulnerabilities, including ones that can be exploited to remotely take control of the appliance. The vulnerabilities were discovered by Wolfgang Ettlinger, a researcher at Austria-based cybersecurity consultancy SEC Consult, and they were reported to Trend Micro in the summer of 2019. READ MORE...

FBI Warns of DoppelPaymer Ransomware Targeting Critical Infrastructure

The Federal Bureau of Investigation has released a Private Industry Notification to warn of DoppelPaymer ransomware attacks on critical infrastructure. DoppelPaymer emerged as a forked version of BitPaymer (also known as FriedEx), both believed to be the work of TA505, the threat actor best known for the infamous Dridex Trojan and Locky ransomware families. READ MORE...

Malicious Chrome, Edge extensions with 3M installs still in stores

Malicious Chrome and Edge browser extensions with over 3 million installs, most of them still available on the Chrome Web Store and the Microsoft Edge Add-ons portal, are capable of stealing users' info and redirecting them to phishing sites. The malware-laced extensions found by Avast Threat Intelligence researchers are designed to look like helper add-ons for Instagram, Facebook, Vimeo, and other high-profile online platforms. READ MORE...

Smart toy security: How to keep your kids safe this Christmas

Christmas is coming, and so are the smart toys. The ever-present pandemic has meant a lot more staying at home this year. Videogame playing has increased considerably, because why not? Screentime for kids has gone up, because again, it's bound to. It hasn't brought about the end of civilisation and the kids are still alright. Here's how to keep smart toy security top of your Christmas list, and keep your kids safe from harm. READ MORE...

Google sees major services outages two days in a row

Google has been having a rough time this week with service outages. It has now had two days, maybe even three days depending on who you ask, of major downtime. On Monday, Google's authentication system went down for about an hour, taking down Gmail, YouTube, Google Maps, Google Docs, and most other Google services. Google blamed the outage on "an internal storage quota issue," which sounds a lot like Google ran out of storage space. READ MORE...

HPE discloses critical zero-day in server management software

Hewlett Packard Enterprise (HPE) has disclosed a zero-day bug in the latest versions of its proprietary HPE Systems Insight Manager (SIM) software for Windows and Linux. While security updates are not yet available for this remote code execution (RCE) vulnerability, HPE has provided Windows mitigation info and is working on addressing the zero-day. Zero-days are publicly disclosed vulnerabilities not yet patched by the vendor which, in some cases, are also actively exploited in the wild. READ MORE...

  • ...in 1903, Orville and Wilbur Wright make the first successful flight of a self-propelled, heavier-than-air airplane.
  • ...in 1936, Pope Francis (born Jorge Mario Bergoglio) is born in Buenos Aires, Argentina.
  • ...in 1969, the US Air Force ends Project Blue Book, officially closing its study of UFO sightings but giving rise to endless theories about alien visitors in the decades to follow.
  • ...in 1989, the very first episode of "The Simpsons" airs as a Christmas special.