<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 3/25/2022

SHARE

Top News

North Korean hackers unleashed Chrome 0-day exploit on hundreds of US targets

Hackers backed by North Korea's government exploited a critical Chrome zero-day in an attempt to infect the computers of hundreds of people working in a wide range of industries, including the news media, IT, cryptocurrency, and financial services, Google said Thursday. The flaw, tracked as CVE-2022-0609, was exploited by two separate North Korean hacking groups. READ MORE...

Hacking

Russian Nationals Indicted for Epic Triton/Trisis and Dragonfly Cyberattacks on Energy Firms

The US government today unsealed two blockbuster indictments handed down in 2021 charging four Russian nationals working for that nation's government with allegedly perpetrating two major industrial system cyberattack campaigns that targeted the global energy sector between 2012 and 2018. In a now-unsealed June 2021 indictment, the US Department of Justice charged Evgeny Viktorovich Gladkikh, a Russian Ministry of Defense research institute employee, and two co-conspirators. READ MORE...


British cops arrest seven in Lapsus$ crime gang probe

British cops investigating a cyber-crime group have made a string of arrests. Though City of London Police gave few details on Thursday, officers are said to be probing the notorious extortionware gang Lapsus$, and have detained and released seven people aged 16 to 21. In a statement, the force said: "Seven people between the ages of 16 and 21 have been arrested in connection with an investigation into a hacking group. They have all been released under investigation. Our inquiries remain ongoing." READ MORE...

Exploits/Vulnerabilities

Honda bug lets a hacker unlock and start your car via replay attack

Researchers have disclosed a 'replay attack' vulnerability affecting select Honda and Acura car models, that allows a nearby hacker to unlock your car and even start its engine from a short distance. The attack consists of a threat actor capturing the RF signals sent from your key fob to the car and resending these signals to take control of your car's remote keyless entry system. READ MORE...


Microsoft Azure Developers Awash in PII-Stealing npm Packages

Researchers have found hundreds of malicious packages in the npm repository of open-source JavaScript code, designed to steal personally identifiable information (PII) in a large-scale typosquatting attack against Microsoft Azure cloud users. That's according to the JFrog Security Research team, which said that the set of packages appeared earlier this week and steadily grew since then, from about 50 packages to more than 200. READ MORE...

On This Date

  • ...in 1655, Saturn's largest moon, Titan, is discovered by Dutch scientist Christiaan Huygens using only a 50 power refracting telescope of his own design.
  • ...in 1807, British Parliament passes the Slave Trade Act, abolishing the slave trade in the British Empire.
  • ...in 1969, John Lennon and Yoko Ono hold their first "Bed-In for Peace" at the Amsterdam Hilton, lasting for a full week.
  • ...in 1995, computer programmer Ward Cunningham launches WikiWikiWeb, the world's first user-created "wiki" website community.