<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 3/7/2022

SHARE

Breaches

Hackers leak 190GB of alleged Samsung data, source code

The Lapsus$ data extortion group leaked today a huge collection of confidential data they claim to be from Samsung Electronics, the South Korean giant consumer electronics company. The leak comes less than a week after Lapsus$ released a 20GB document archive from 1TB of data stolen from Nvidia GPU designer. In a note posted earlier today, the extortion gang teased about releasing Samsung data with a snapshot of C/C++ directives in Samsung software. READ MORE...


Adafruit suffers GitHub data breach - don't let this happen to you

Popular open-source computer hardware company Adafruit Industries accidentally exposed customer data via the GitHub account of a former employee. As you've probably figured out already, Adafruit is named after after Ada Lovelace, a nineteenth-century British intellectual who was a computer programmer long before any programmable computers existed. The company sells a wide range of miniature open-source hardware boards and kits for hobbyists and professionals alike. READ MORE...

Software Updates

Mozilla fixes Firefox zero-days exploited in the wild

Mozilla has released an out-of-band security update for Firefox, Firefox Focus, and Thunderbird, fixing two critical vulnerabilities (CVE-2022-26485, CVE-2022-26486) exploited by attackers in the wild. The two patched zero-days are both memory corruption bugs of the "use-after-free" kind, meaning that they may allow attackers to use memory that has been freed by the program. READ MORE...


Update now! Cisco fixes several vulnerabilities

Cisco has released a security advisory about two vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS). The flaws could allow an authenticated, remote attacker with read/write privileges to the application to write files or execute arbitrary code on the underlying operating system of an affected device as the root user. READ MORE...

Malware

Conti Ransomware Group Diaries, Part III: Weaponry

Part I of this series examined newly-leaked internal chats from the Conti ransomware group, and how the crime gang dealt with its own internal breaches. Part II explored what it's like to be an employee of Conti's sprawling organization. Today's Part III looks at how Conti abused popular commercial security services to undermine the security of their targets, as well as how the team's leaders strategized for the upper hand in ransom negotiations with victims. READ MORE...


HermeticWiper: A detailed analysis of the destructive malware that targeted Ukraine

Disk wipers are one particular type of malware often used against Ukraine. The implementation and quality of those wipers vary, and may suggest different hired developers. The day before the invasion on Ukraine by Russian forces on February 24, a new data wiper was found to be unleashed against a number of Ukrainian entities. This malware was given the name "HermeticWiper" based on a stolen digital certificate from a company called Hermetica Digital Ltd. READ MORE...


Massive Meris Botnet Embeds Ransomware Notes from REvil

Hey webop_geeks, you_are_already_dead, a note claiming to be left by the REvil ransomware gang declared, embedded into the attack itself as a string of text in the URL for the extortion demand. Imperva reported the interesting twist on Friday - one of several it's seen in the evolution of distributed denial-of-service (DDoS) attacks so far this year. READ MORE...

Exploits/Vulnerabilities

Leaked stolen Nvidia cert can sign Windows malware

An Nvidia code-signing certificate was among the mountain of files stolen and leaked online by criminals who ransacked the GPU giant's internal systems. At least two binaries not developed by Nvidia, but signed this week with its stolen cert, making them appear to be Nvidia programs, have appeared in malware sample database VirusTotal. This leak means sysadmins should take steps to ensure code recently signed by the rogue cert is detected and blocked as it is most likely going to be malicious. READ MORE...

On This Date

  • ...in 321, Emperor Constantine I decrees that Sunday, formerly the day of the Roman sun god Sol, shall henceforth be a day of rest.
  • ...in 1876, Alexander Graham Bell patents the telephone.
  • ...in 1900, the German ocean liner SS Kaiser Wilhelm der Grosse becomes the first ship to transmit wireless signals (via telegraph) to shore.
  • ...in 1985, the charity single "We Are the World" by USA for Africa is released internationally, going on to sell more than 20 million copies.