<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 4/12/2022

SHARE

Top News

CISA warns orgs of WatchGuard bug exploited by Russian state hackers

The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal civilian agencies and urged all US organizations on Monday to patch an actively exploited bug impacting WatchGuard Firebox and XTM firewall appliances. Sandworm, a Russian-sponsored hacking group, believed to be part of the GRU Russian military intelligence agency, also exploited this high severity privilege escalation flaw to build a new botnet dubbed Cyclops Blink out of compromised WatchGuard Small Office/Home Office network devices. READ MORE...


Former DHS Acting IT Chief Convicted in Software, Database Theft Scheme

The former acting branch chief of the US Department of Homeland Security's Information Technology Division today was convicted on several federal charges related to pilfering government proprietary software and databases. Murali Y. Venkata, 56, of Aldie, Va., was found guilty of conspiracy to defraud the US government, theft of government property, wire fraud, aggravated identity theft, and obstruction. READ MORE...

Breaches

Luxury fashion house Zegna confirms August ransomware attack

The Italian luxury fashion house Ermenegildo Zegna has confirmed an August 2021 ransomware attack that resulted in an extensive IT systems outage. The disclosure came in today's filing of an SEC Form 424B3 that updates their investment prospectus to alert investors of business disruption and data breach risks resulting from sophisticated cyberattacks. To highlight the potential investment risks, the report provides an example of a ransomware attack that hit the firm in August 2021. READ MORE...


500,000 Impacted by Email Breach at Illinois Healthcare Firm

Christie Business Holdings Company (Christie Clinic), a major medical practice in Illinois, is informing roughly 500,000 individuals that their personal information was potentially compromised in a data breach. Christie Clinic said the data breach occurred last year, when a third party gained unauthorized access to a single business email account, likely in an attempt to intercept financial transactions. READ MORE...

Malware

Android banking malware intercepts calls to customer support

A banking trojan for Android that researchers call Fakecalls comes with a powerful capability that enables it to take over calls to a bank's customer support number and connect the victim directly with the cybercriminals operating the malware. Disguised as a mobile app from a popular bank, Fakecalls displays all the marks of the entity it impersonates, including the official logo and the customer support number. READ MORE...


Conti ransomware offshoot targets Russian organizations

Conti, the infamous ransomware created by a group of Russian and Eastern European cybercriminals, has again made headlines after a hacking group used its leaked source code to create another variant of the ransomware and target Russian businesses. The hacking group calls itself Network Battalion '65 (@xxNB65), and it is highly motivated by Russia's invasion of Ukraine. READ MORE...

Exploits/Vulnerabilities

Hospital hallway robots get patches for potentially serious bugs

Rolling robots used at hospitals for a variety of tasks - including transporting medication - have been patched for five vulnerabilities that could have allowed attackers to potentially disrupt patient care or capture sensitive information, researchers said Tuesday. Health care cybersecurity company Cynerio said it found the bugs in Aethon's TUG robots in December, and then "worked closely" from January onward with the manufacturer. READ MORE...


USPS "Your package could not be delivered" text is a smishing scam

A scam is doing the rounds which begins with a text from what claims to be the US Postal Service. The bit.ly link hides the actual URL being sent to people's phones. You can view stats for a bit.ly link by placing "+" at the end of the URL. Detailed stats about the shortener's creation date, number of clicks, and more are available through this method. On this occasion, data is hidden with the message "This link has been flagged as redirecting to malicious or spam content". READ MORE...

Science & Culture

Researchers home in on possible "day zero" for Antikythera mechanism

The mysterious Antikythera mechanism-an ancient device believed to have been used for tracking the heavens-has fascinated scientists and the public alike since it was first recovered from a shipwreck over a century ago. Much progress has been made in recent years to reconstruct the surviving fragments and learn more about how the mechanism might have been used. And now, members of a team of Greek researchers believe they have pinpointed the start date for the Antikythera mechanism. READ MORE...

On This Date

  • ...in 1945, President Franklin D. Roosevelt dies in office; Vice President Harry S. Truman assumes the Presidency after only 82 days as VP.
  • ...in 1954, Bill Haley & His Comets record "Rock Around the Clock," widely credited as the song that brought rock and roll into the mainstream world culture.
  • ...in 1961, Cosmonaut Yuri Gagarin becomes the first man to reach outer space and achieve Earth orbit, giving Russia a temporary lead in the Space Race.
  • ...in 1996, early Internet giant Yahoo! has its initial public offering, selling 2.6 million shares at $13 each.