<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 12/21/2020

SHARE

Breaches

Physical addresses of 270K Ledger owners leaked on hacker forum

A threat actor has leaked the stolen email and mailing addresses for Ledger cryptocurrency wallet users on a hacker forum for free. Ledger is a hardware cryptocurrency wallet that is used to store, manage, and sell cryptocurrency. The funds held in these wallets are secured using a 24-word recovery phrase and an optional secret passphrase that only the owner knows. In June 2020, Ledger suffered a data breach after a website vulnerability allowed threat actors to access customers' contact details. READ MORE...

Hacking

Russia's hacking frenzy is a reckoning

Last week, several major United States government agencies-including the Departments of Homeland Security, Commerce, Treasury, and State-discovered that their digital systems had been breached by Russian hackers in a months-long espionage operation. The breadth and depth of the attacks will take months, if not longer, to fully understand. But it's already clear that they represent a moment of reckoning, both for the federal government and the IT industry that supplies it. READ MORE...


Flavors designer Symrise halts production after Clop ransomware attack

Flavor and fragrance developer Symrise has suffered a Clop ransomware attack where the attackers allegedly stole 500 GB of unencrypted files and encrypted close to 1,000 devices. Symrise is a major developer of flavors and fragrances used in over 30,000 products worldwide, including those from Nestle, Coca-Cola, and Unilever. Symrise generated €3.4 billion in revenue for 2019 and employs over 10,000 people. Last week, German media reported that Symrise suffered a cyberattack. READ MORE...


FBI Warns of DoppelPaymer Attacks on Critical Infrastructure

The FBI is warning businesses of DoppelPaymer ransomware attacks and a change in tactics among operators, who are now cold-calling victims to pressure them into paying the ransom. This update comes from a private industry notification (PIN), a type of alert the FBI issues to private sector organizations to keep them informed on security threats. DoppelPaymer first emerged in summer 2019, since then, it has infected a range of industries and targets. READ MORE...

Information Security

Script for detecting vulnerable TCP/IP stacks released

Just as ICS-CERT published a new advisory detailing four new vulnerabilities in the Treck TCP/IP stack, Forescout released an open-source tool for detecting whether a network device runs one of the four open-source TCP/IP stacks (and their variations) affected by the Amnesia:33 vulnerabilities. New vulnerabilities in the Treck TCP/IP stack. Reported by Intel researchers and confirmed by Treck Inc., four newly discovered vulnerabilities affect Treck TCP/IP stack Version 6.0.1.67 and prior. READ MORE...


VMware, Cisco Reveal Impact of SolarWinds Incident

VMware and Cisco have shared information on the impact of the SolarWinds incident, and VMware has responded to reports that one of its products was exploited in the attack. An advisory published last week by the NSA warned that malicious actors have been "abusing trust in federated authentication environments to access protected data." The agency noted that the recent SolarWinds Orion product hack is "one serious example of how on-premises systems can be compromised [...]" READ MORE...

Exploits/Vulnerabilities

US think tank breached three times in a row by SolarWinds hackers

An advanced hacking group believed to be working for the Russian government has compromised the internal network of a think tank in the U.S. three times. Incident responders from cybersecurity company Volexity investigating the attacks between late 2019 and July 2020 named the threat actor Dark Halo, a versatile adversary capable to quickly switch to different tactics and techniques to carry out long-term, stealthy operations. In one attack, Dark Halo leveraged a newly disclosed vulnerability. READ MORE...


US officials shut down scam websites impersonating Moderna, Regeneron

U.S. Justice Department officials on Friday said they had seized two internet domains purporting to belong to biotechnology firms developing treatments for the coronavirus, but which really were used to collect visitors' personal data as part of a scam. The scammers appeared to impersonate pharmaceutical giants Moderna and Regeneron, and collected information that could be used for fraud, or to steal users' credentials and deploy malicious software, the U.S. Attorney for the District of Maryland said. READ MORE...

Encryption

Iranian Hackers Target Israeli Companies With Pay2Key Ransomware

Attacks conducted by Iranian hackers against Israeli companies involved the deployment of ransomware and theft of information, threat intelligence company ClearSky reported last week. Observed in November and December 2020 and collectively referred to as operation Pay2Key, the attacks appear to be the work of Iranian state-sponsored threat actor Fox Kitten. Also referred to as Parisite and PIONEER KITTEN, the activity associated with Fox Kitten. READ MORE...

Science & Culture

Law banning "rental" fees for customer-owned routers takes effect Sunday

Broadband and TV providers will finally be required to stop charging "rental" fees for equipment that customers own themselves, thanks to a new US law that takes effect on Sunday. The bogus fees were outlawed by the Television Viewer Protection Act (TVPA), which was approved by Congress and signed by President Trump in December 2019. The law was originally scheduled to take effect on June 20, but Congress gave the Federal Communications Commission leeway to delay enforcement by six months if the FCC. READ MORE...

On This Date

  • ...in 1935, TV talk show host and producer Phil Donahue is born in Cleveland, OH.
  • ...in 1937, Disney's "Snow White and the Seven Dwarfs", the world's first full-length animated feature, premieres in Los Angeles.
  • ...in 1948, actor Samuel L. Jackson ("Pulp Fiction", "Unbreakable") is born in Washington, D.C.
  • ...in 1968, the Apollo 8 mission launches from Cape Canaveral. It will be the first time that a human-crewed craft reaches the Moon and achieves lunar orbit.