<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 3/7/2023

SHARE

Breaches

LastPass aftermath leaves long to-do list for business customers

Business administrators that entrusted LastPass with their organization's login credentials have some work to do to regain a defensive posture. A monthslong cyberattack compromised most of the highly sensitive customer account data held by the password manager, with the exception of users' master passwords, which LastPass said it doesn't store or maintain. READ MORE...


Acer Confirms Breach After Hacker Offers to Sell Stolen Data

Electronics giant Acer has confirmed getting hacked after a hacker offered to sell 160 Gb of files allegedly stolen from the company's systems. "We have recently detected an incident of unauthorized access to one of our document servers for repair technicians. While our investigation is ongoing, there is currently no indication that any consumer data was stored on that server," Acer told SecurityWeek in an emailed statement. READ MORE...

Software Updates

Android March 2023 update fixes two critical code execution flaws

Google has released March 2023 security updates for Android, fixing a total of 60 flaws, and among them, two critical-severity remote code execution (RCE) vulnerabilities impacting Android Systems running versions 11, 12, and 13. The flaws fixed this time are delivered via two separate security patch levels, namely 2023-03-01 and 2023-03-05. The first pack contains 31 fixes for core Android components like Framework, System, and Google Play. READ MORE...

Malware

Threat actors are using advanced malware to backdoor business-grade routers

Researchers have uncovered advanced malware that's turning business-grade routers into attacker-controlled listening posts that can sniff email and steal files in an ongoing campaign hitting North and South America and Europe. Besides passively capturing IMAP, SMTP, and POP email, the malware also backdoors routers with a remote-access Trojan that allows the attackers to download files and run commands of their choice. READ MORE...


New malware infects business routers for data theft, surveillance

An ongoing hacking campaign called 'Hiatus' targets DrayTek Vigor router models 2960 and 3900 to steal data from victims and build a covert proxy network. DrayTek Vigor devices are business-class VPN routers used by small to medium-size organizations for remote connectivity to corporate networks. The new hacking campaign, which started in July 2022 and is still ongoing, relies on three components. READ MORE...

Information Security

DoppelPaymer ransomware supsects arrested in Germany and Ukraine

You've almost certainly heard of the ransomware family known as DoppelPaymer, if only because the name itself is a reminder of the double-barrelled blackmail technique used by many contemporary ransomware gangs. To increase the pressure on you to pay up, so-called double-extortionists not only scramble all your data files so your business stops running, but also steal copies of those files to use as extra leverage. READ MORE...

Exploits/Vulnerabilities

NIST's Quantum-Proof Algorithm Has a Bug, Analysts Say

One of the four post-quantum computing encryption algorithm standards selected by the US National Institute of Standards and Technology (NIST) for public key encryption is open to side-channel attacks, researchers warn. A new paper published by a team from the Royal Institute of Technology in Sweden reported that Crystal-Kyber implementations under certain masked implementation conditions could be vulnerable. READ MORE...


Vulnerability in DJI drones may reveal pilot's location

Serious security vulnerabilities have been identified in multiple DJI drones. These weaknesses had the potential to allow users to modify crucial drone identification details such as its serial number and even bypass security mechanisms that enable authorities to track both the drone and its pilot. In special attack scenarios, the drones could even be brought down remotely in flight. READ MORE...

Science & Culture

Why the floppy disk just won't die

When Mark Necaise got down to his last four floppy disks at a rodeo in Mississippi in February, he started to worry. Necaise travels to horse shows around the state, offering custom embroidery on jackets and vests: "All of the winners would get a jacket and we'd put the name of the farm or the name of the horse or whatever on it," he says. Five years ago, he paid $18,000 for a second-hand machine, manufactured in 2004 by the Japanese embroidery equipment specialist Tajima. READ MORE...

On This Date

  • ...in 1872, Dutch abstract painter Piet Mondrian, who co-founded the minimalist De Stijl art movement, is born in Amersfoort, Netherlands.
  • ...in 1876, Alexander Graham Bell is granted a patent on his invention of the telephone.
  • ...in 1900, the German ocean liner SS Kaiser Wilhelm der Grosse becomes the first ship to transmit wireless signals (via telegraph) to shore.
  • ...in 1985, the charity single "We Are the World" by USA for Africa is released internationally, going on to sell more than 20 million copies.