IT Security Newsletter

IT Security Newsletter - 12/28/2020

Written by Cadre | Mon, Dec 28, 2020

2020 had its share of memorable hacks and breaches. Here are the top 10

2020 was a tough year for a lot of reasons, not least of which were breaches and hacks that visited pain on end users, customers, and the organizations that were targeted. The ransomware menace dominated headlines, with an endless stream of compromises hitting schools, governments, and private companies as criminals demanded ransoms in the millions of dollars. There was a steady stream of data breaches as well. Several mass account takeovers made appearances, too. READ MORE...

Koei Tecmo discloses data breach after hacker leaks stolen data

Japanese game developer Koei Tecmo has disclosed a data breach and taken their European and American websites offline after stolen data was posted to a hacker forum. Koei Tecmo is known for its popular PC and console games, including Nioh 2, Hyrule Warriors, Atelier Ryza, Dead or Alive, etc. On December 20th, a threat actor claimed to have hacked into the koeitecmoeurope.com website on December 18th through a spear-phishing campaign sent to an employee. READ MORE...

CrowdStrike releases free Azure security tool after failed hack

Leading cybersecurity firm CrowdStrike was notified by Microsoft that threat actors had attempted to read the company's emails through compromised by Microsoft Azure credentials. Earlier this month, it was discovered that the SolarWinds network management company suffered a cyberattack where threat actors modified their software to install backdoors on customers' networks via a supply chain attack. Due to this attack, SolarWinds customers have been scrambling to analyze their networks. READ MORE...

Ransomware in 2020: A Banner Year for Extortion

From attacks on the UVM Health Network that delayed chemotherapy appointments, to ones on public schools that delayed students going back to the classroom, ransomware gangs disrupted organizations to inordinate levels in 2020. Remote learning platforms shut down. Hospital chemotherapy appointments cancelled. Ransomware attacks in 2020 dominated as a top threat vector this past year. Couple that with the COVID-19 pandemic, putting strains on the healthcare sector. READ MORE...

SaaS security in 2021

The migration toward subscription-based services via the SaaS business model isn't new this year - it's part of a larger shift away from on-premises datacenters, applications, etc., that has been underway for years. The pandemic accelerated the shift, boosting SaaS subscriptions as companies looked for virtual collaboration and meeting tools. What is new on a larger scale is the way employees interact with business applications, and that has implications for IT departments worldwide. READ MORE...

GitHub-hosted malware calculates Cobalt Strike payload from Imgur pic

A new strand of malware uses Word files with macros to download a PowerShell script from GitHub. This PowerShell script further downloads a legitimate image file from image hosting service Imgur to decode a Cobalt Strike script on Windows systems. Multiple researchers have linked this strain to MuddyWater (aka SeedWorm and TEMP.Zagros), a government-backed advanced persistent threat (APT) group, first observed in 2017 while mainly targeting Middle Eastern entities. READ MORE...

Amazon Gift Card Scam Delivers Dridex This Holiday Season

The operators behind Dridex have a nefarious trick up their sleeves this holiday season: A widespread phishing scam promises victims a $100 Amazon gift card but instead delivers the prolific banking Trojan to target machines. This campaign first appeared around Halloween and picked up in the beginning of November, the Cybereason Nocturnus team reports. Most targets are from the United States and Western Europe, where Amazon is very popular and people may be more likely to fall for a scam like this. READ MORE...

Critical Flaws in Kepware Products Can Facilitate Attacks on Industrial Firms

Several critical vulnerabilities have been found by researchers in products from PTC-owned industrial automation solutions provider Kepware. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) last week published two advisories describing vulnerabilities identified in Kepware products. One of the advisories covers three flaws discovered by researchers at industrial cybersecurity firm Claroty. READ MORE...

Third-Party APIs: How to Prevent Enumeration Attacks

When organizations use APIs - the next frontier in cybercrime - to engage with third parties, it's crucial they understand the associated security exposure they're introducing. To do so, they must think like a hacker to evaluate whether or not they are introducing a problem or a solution for their customers and their organization. From there, they can move forward by pursuing options that both create a seamless experience for customers, while at the same time protecting critical data. READ MORE...

Google: Microsoft Improperly Patched Exploited Windows Vulnerability

Google Project Zero has disclosed a Windows zero-day vulnerability caused by the improper fix for CVE-2020-0986, a security flaw abused in a campaign dubbed Operation PowerFall. Tracked as CVE-2020-17008, the new vulnerability was reported to Microsoft on September 24. As per Project Zero's policy, details were made public 90 days later, on December 23, despite the fact that Microsoft missed the patch deadline. Disclosed in May 2020, CVE-2020-0986 was initially reported to Microsoft in December 2019. READ MORE...

  • ...in 1895, German physicist Wilhelm Roentgen publishes a paper describing his discovery of a new type of radiation, which later will be known as x-rays.
  • ...in 1933, "Star Trek" actress and singer Nichelle Nichols (Lt. Uhura) is born in Robbins, IL.
  • ...in 1969, computer programmer and principal developer of the Linux kernel Linus Torvalds is born in Helsinki, Finland.
  • ...in 1973, the Endangered Species Act is signed into law by President Richard Nixon.