<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 2/22/2022



Cookware Distribution Giant Meyer Discloses Data Breach

Cookware and bakeware distribution giant Meyer Corporation has started informing employees of a cyberattack that resulted in the theft of some of their personal data. A subsidiary of Meyer Manufacturing Co. Ltd, the California-based company is the largest distributor of cookware in the United States, and the second largest in the world. Last week, Meyer started notifying employees that some of their data might have been compromised in a cyber incident that was discovered on October 25, 2021. READ MORE...


Police bust phishing group that used 40 sites to steal credit cards

The Ukrainian cyberpolice have arrested a group of phishing actors who managed to steal payment card data from at least 70,000 people after luring them to fake mobile service top up sites. According to the announcement from law enforcement, the actors used the stolen information to empty their victims' bank accounts. Five individuals have been arrested for running a well set up phishing operation that relied on marketing and advertising services to increase visibility on search engines and social media platforms. READ MORE...

NFT Investors Lose $1.7M in OpenSea Phishing Attack

Over the weekend, hackers stole millions of dollars worth of non-fungible tokens (NFTs) belonging to 17 members of the OpenSea NFT marketplace. On Saturday, a small number of OpenSea users noticed their NFTs were missing. (NFTs are digital tokens on the blockchain that represent ownership over virtual assets, such as digital drawings or music.) "Panic erupted" wrote Molly White, who runs the blog Web3 is Going Great, because "many others feared the same could happen to them." READ MORE...


Carpet bombing DDoS attacks spiralled in 2021

Neustar Security Services has released a report which details the ongoing rise in cyberattacks in 2021, with an unprecedented number of carpet bombing distributed denial of service (DDoS) attacks. Carpet bombing, in which a DDoS attack targets multiple IP addresses of an organization within a very short time, accounted for 44% of total attacks last year, but the disparity between the first and second half of 2021 was stark. READ MORE...


New Xenomorph Android malware targets customers of 56 banks

A new malware called Xenomorph distributed through Google Play Store has infected more than 50,000 Android devices to steal banking information. Still in early development stage, Xenomorph is targeting users of dozens of financial institutions in Spain, Portugal, Italy, and Belgium. Researchers at fraud and cybercrime prevention company ThreatFabric analyzing Xenomorph found code that is similar to Alien banking trojan. READ MORE...

Researchers Devise Method to Decrypt Hive Ransomware-Encrypted Data

A group of academic researchers has found a way to exploit a security flaw in the encryption algorithm used by the Hive ransomware to recover hijacked and encrypted data. In a research paper published last week, academics from the Kookmin University of Seoul documented how a vulnerability in Hive's encryption allowed them to recover the master key and restore data without having the attacker's RSA private key. READ MORE...

Information Security

CISA offers guidance on dealing with information manipulation

Malicious actors use influence operations, like spreading false information, to shape public opinion, undermine trust, amplify division, and create dissension. In response, the Cybersecurity & Infrastructure Security Agency (CISA) has released CISA Insights: Preparing for and Mitigating Foreign Influence Operations Targeting Critical Infrastructure, which provides proactive steps organizations can take to assess and mitigate the risks of information manipulation. READ MORE...


FBI warns of fake CEO attacks taking place via video conferencing systems

The FBI has issued a warning that organisations should be on their guard against BEC (Business Email Compromise) attacks involving virtual meeting platforms. In its alert, the FBI's Internet Crime Complaint Center (IC3) warns that it has received an increasing number of reports that BEC scammers are using virtual meeting platforms (such as video conferencing systems) to instruct workers to transfer funds to fraudulent accounts. READ MORE...

Airtag clones can sidestep Apple anti-stalker tech

An infosec startup says it has built an Apple Airtag clone that bypasses anti-stalking protection features while running on Apple's Find My protocol. Source code for the clones were published online by Berlin-based infosec startup Positive Security (not to be confused with US-sanctioned cybersecurity outfit Positive Technologies), which said its tags "successfully tracked an iPhone user... for over five days without triggering a tracking notification." READ MORE...

On This Date

  • ...in 1732, American general and first President of the United States George Washington is born in Virginia.
  • ...in 1918, TV and radio announcer Don Pardo, who lent his voice to 39 seasons of "Saturday Night Live", is born in Westfield, MA.
  • ...in 1924, Calvin Coolidge becomes the first US President to deliver a radio address from the White House.
  • ...in 1959, TV and film actor Kyle MacLachlan ("Twin Peaks", "Portlandia") is born in Yakima, WA.
  • ...in 1997, Scottish scientists announce the first successful cloning of a mammal from an adult cell, a sheep named Dolly.