IT Security Newsletter

IT Security Newsletter - 3/31/2022

Written by Cadre | Thu, Mar 31, 2022

FBI arrests 65 in BEC scams that took $51M from US businesses

The FBI and global partners carried out an operation that resulted in the arrest of 65 U.S. individuals that allegedly scammed more than $51 million from U.S. businesses, the bureau announced Wednesday. "Operation Eagle Sweep" also led to 12 arrests in Nigeria, eight in South Africa, two in Canada and one in Cambodia. The operation was conducted in parallel with operations by authorities in Australia, Japan and Nigeria. READ MORE...

FBI Warns of Phishing Attacks Targeting US Election Officials

The Federal Bureau of Investigation (FBI) this week warned US election officials of potential invoice-themed phishing attacks meant to steal their login credentials. Such attacks have already hit US election officials in at least nine states, and the FBI expects the phishing attempts to continue and even ramp up. The phishing emails take the recipients to websites where they are prompted to provide their login credentials. Seemingly legitimate, the sites were designed to harvest the victim's username and password. READ MORE...

US telecommunications company likely targeted by Russian hackers shares details of Feb. 24 attack

The U.S. telecommunications company targeted as the Russian military attacked Ukraine on Feb. 24 said Wednesday that a misconfigured virtual private network allowed hackers to gain the access needed to knock key modems offline - an attempt to cripple the Ukrainian government's communications as part of a "multifaceted and deliberate cyber-attack." READ MORE...

DPRK hackers go after crypto assets using trojanized DeFi Wallet app

Hackers associated with the North Korean government have been distributing a trojanized version of the DeFi Wallet for storing cryptocurrency assets to gain access to the systems of cryptocurrency users and investors. The threat actor relied in this attack on web servers located in South Korea to push the malware and to communicate with the installed implants. READ MORE...

QNAP Customers Adrift, Waiting on Fix for OpenSSL Bug

Customers of Taiwan-based QNAP Systems are in a bit of limbo, waiting until the company releases a patch for an OpenSSL bug that the company has warned affects most of its network-attached storage (NAS) devices. The vulnerability can trigger an infinite loop that creates a denial-of-service (DoS) scenario. Though the bug has been patched by OpenSSL, QNAP hasn't gotten around to applying a fix yet for its NAS devices affected by the vulnerability. READ MORE...

Cyberattackers Target UPS Backup Power Devices in Mission-Critical Environments

Cyberattackers are targeting uninterruptible power supply (UPS) devices, which provide battery backup power during power surges and outages. UPS devices are usually used in mission-critical environments, safeguarding critical infrastructure installations and important computer systems and IT equipment, so the stakes are high. Further, cyberattackers could also execute remote code to alter the operation of the UPSs themselves, or physically damage them (or the devices connected to them). READ MORE...

Mazda Infotainment Crash Shows How Fragile Car Security Really Is

Another day, another crash in automotive device software. This time, the bug was found in the infotainment system of older model Mazdas from 2014-2017. Drivers reported that their HD radio receivers crashed when connecting to a local radio station. The radio and its display, bluetooth capabilities, built-in maps, and digital clocks were all fried. READ MORE...

Nvidia DGX systems prone to side channel, covert attacks

Nvidia's ultra-dense GPU-driven AI training and inference systems are prone to covert and side channel attacks, according to research just published from a team led by Pacific Northwest National Laboratory (PNNL). This might be less concerning for those with on-prem DGX systems, but for cloud vendors selling time on the AI training boxes, the vulnerabilities are worth noting. READ MORE...

  • ...in 1889, the Eiffel Tower is dedicated in Paris in a ceremony presided over by Gustave Eiffel, whose company built and designed it.
  • ...in 1918, daylight saving time goes into effect in the United States for the first time.
  • ...in 1943, stage and screen actor Christopher Walken ("The Deer Hunter", "Batman Returns") is born in Queens, NY.
  • ...in 1998, Netscape releases their Mozilla source code under an open-source license, paving the way for the Firefox web browser and its various spinoffs.