<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 12/2/2021

SHARE

Top News

Former Ubiquiti employee charged with stealing data, extorting employer

The FBI arrested a former employee of a U.S. technology company for allegedly breaching and stealing confidential data from his employer and then extorting the company for nearly $2 million. The defendant, Nickolas Sharp, after allegedly stealing sensitive information posed as a whistleblower to plant misleading news about the company's breach, according to an indictment released Wednesday. The articles caused the company's share price to drop, causing it to lose market value. READ MORE...

Hacking

Data Hacked for 400,000 Planned Parenthood LA Patients

The Los Angeles branch of Planned Parenthood was hit by a data breach involving about 400,000 patients, but there is no indication that the information was used "for fraudulent purposes," the group said. A hacker installed computer malware between Oct. 9 and Oct. 17 and "exfiltrated" files containing patient names and possibly addresses, insurance and medical information, including procedures they may have undergone, Planned Parenthood Los Angeles warned Tuesday. READ MORE...

Software Updates

Mozilla fixes critical bug in cross-platform cryptography library

Mozilla has addressed a critical memory corruption vulnerability affecting its cross-platform Network Security Services (NSS) set of cryptography libraries. NSS can be used to develop security-enabled client and server apps with support for SSL v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and various other security standards. READ MORE...

Malware

New malware hides as legit nginx process on e-commerce servers

eCommerce servers are being targeted with remote access malware that hides on Nginx servers in a way that makes it virtually invisible to security solutions. The threat received the name NginRAT, a combination of the application it targets and the remote access capabilities it provides and is being used in server-side attacks to steal payment card data from online stores. READ MORE...

Information Security

Russian Administrator of Bulletproof Hosting Sentenced to Prison in U.S.

A Russian national who founded and led a bulletproof hosting organization was sentenced to 60 months in prison in the United States. The man, Aleksandr Grichishkin, 34, admitted in court earlier this year to being the leader of an organization that rented infrastructure - including domains, IP addresses, and servers - to cybercriminals. The service was used for the distribution of malware, the creation of botnets, and the theft of banking credentials. READ MORE...

Exploits/Vulnerabilities

Nine WiFi routers used by millions were vulnerable to 226 flaws

Security researchers analyzed nine popular WiFi routers and found a total of 226 potential vulnerabilities in them, even when running the latest firmware. The tested routers are made by Asus, AVM, D-Link, Netgear, Edimax, TP-Link, Synology, and Linksys, and are used by millions of people. The front-runners in terms of the number of vulnerabilities are the TP-Link Archer AX6000, having 32 flaws, and the Synology RT-2600ac, which has 30 security bugs. READ MORE...


Jumping the air gap: 15 years of nation-state effort

Air-gapping is used to protect the most sensitive of networks. In the first half of 2020 alone, four previously unknown malicious frameworks designed to breach air-gapped networks emerged, bringing the total, by our count, to 17. ESET Research decided to revisit each framework known to date and to put them in perspective, side by side. In our white paper, linked below, we describe how malware frameworks targeting air-gapped networks operate, and we provide a side-by-side comparison of their most important TTPs. READ MORE...

On This Date

  • ...in 1823, President James Monroe proclaims American neutrality in future European conflicts, and warns Europe not to interfere in American affairs.
  • ...in 1902, The first working V-8 engine is patented in France by engineer Leon Levavasseur.
  • ...in 1942, Enrico Fermi directs and controls the first nuclear chain reaction in his laboratory at the University of Chicago.
  • ...in 1968, actress and producer Lucy Liu ("Ally McBeal", "Kill Bill") is born in Queens, NY.