<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter -12/22/2020

SHARE

Breaches

Cyberattack Hit Key US Treasury Systems: Senator

Hackers broke into systems used by top US Treasury officials during a massive cyberattack on government agencies and may have stolen essential encryption keys, a senior lawmaker said Monday. Senator Ron Wyden, who sits on both the Senate Intelligence and Finance Committees, said after a closed-door briefing that the hack at the US Treasury Department "appears to be significant." Dozens of email accounts were compromised, he said in a statement. READ MORE...


SolarWinds Claims Execs Unaware of Breach When They Sold Stock

Texas-based IT management and monitoring solutions provider SolarWinds told the U.S. Securities and Exchange Commission (SEC) that its executives were not aware that the company had been breached when they decided to sell stock. News that SolarWinds was breached as part of what appears to be a sophisticated cyber-espionage campaign had a significant impact on the value of the company's shares. READ MORE...

Hacking

Zero-click iPhone exploit, NSO Group spyware used to target Mideast journalists, Citizen Lab says

Hackers suspected to work for the governments of Saudi Arabia and the United Arab Emirates breached 36 devices belonging to Al Jazeera journalists in recent months by using a zero-click iPhone exploit and NSO Group spyware, according to new Citizen Lab research published Sunday. The suspected government hackers behind the operations had a particularly pernicious tactic for accessing their targets - an iPhone iMessage that requires zero interaction from the target to work. READ MORE...


Hacker publishes stolen email and mailing addresses of 270,000 Ledger cryptocurrency wallet users

The phone numbers, email and postal addresses of over 270,000 owners of the Ledger cryptocurrency hardware wallet have been made freely available for download from a hacking forum. The information, which is accompanied by the email addresses of over one million people who have subscribed to the Ledger newsletter, is believed to have originally fallen into the hands of criminals following a security breach at the firm back in June 2020. Initially made available for sale through underground hacking forums. READ MORE...

Information Security

Smart Doorbell Disaster: Many Brands Vulnerable to Attack

Investigation reveals device sector is problem plagued when it comes to security bugs. Smart doorbells, designed to allow homeowners to keep an eye on unwanted and wanted visitors, can often cause more security harm than good compared to their analog door bolt alternatives. Consumer-grade digital doorbells are riddled with potential cybersecurity vulnerabilities ranging from hardcoded credentials, authentication issues and devices shipping with unpatched and longstanding critical bugs. READ MORE...


Dark Web Pricing Skyrockets for Microsoft RDP Servers, Payment-Card Data

Cybercriminals are vying for Remote Desktop Protocol (RDP) access, stolen payment cards and DDoS-for-Hire services, based on a recent analysis of underground marketplace pricing. During the COVID-19 pandemic, cybercriminals have profited with "increasingly advantageous positions to benefit from the disruption," said researchers - and this has also been reflected on underground markets, where new services like targeted ransomware and advanced SIM swapping are popping up. READ MORE...

Exploits/Vulnerabilities

Critical Vulnerabilities Expose Dell Wyse Thin Client Devices to Attacks

Dell on Monday informed customers that updates released for some of its Wyse Thin Client products patch a couple of critical vulnerabilities that can be exploited remotely without authentication to compromise devices. The vulnerabilities were discovered by researchers at CyberMDX, a company that specializes in healthcare cybersecurity, and they can be leveraged to access arbitrary files on affected devices and execute malicious code. READ MORE...

On This Date

  • ...in 1883, avant-garde composer Edgard Varese, who once declared "The present-day composers refuse to die", is born in Paris, France.
  • ...in 1948, singer-songwriter and Cheap Trick lead guitarist Rick Nielsen is born in Elmhurst, IL.
  • ...in 1962, actor Ralph Fiennes ("Schindler's List", "The English Patient") is born in Ipswich, England.
  • ...in 1964, the SR-71 Blackbird reconnaissance plane has its first test flight in the skies above Palmdale, CA.