<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 4/23/2021

SHARE

Hacking

Supernova Malware Actors Masqueraded as Remote Workers to Access Breached Network

Members of an advanced persistent threat (APT) group, masquerading as teleworking employees with legitimate credentials, accessed a US organization's network and planted a backdoor called Supernova on its SolarWinds Orion server for conducting reconnaissance, domain mapping, and data theft. The attackers had access to the network for nearly one year, from March 2020 to February 2021. READ MORE...


REvil's Big Apple Ransomware Gambit Looks to Pay Off

The REvil ransomware gang is known for audacious attacks on the world's biggest organizations, and its demands for astronomical ransoms to match. But the gang's latest squeeze on Apple just hours before its splashy new product launch was a bold move, even for the notorious ransomware-as-a-service gang. The original attack was launched against Quanta, a Global Fortune 500 manufacturer of electronics, which claims Apple among its customers. READ MORE...

Malware

Botnet backdoors Microsoft Exchange servers, mines cryptocurrency

Unpatched Microsoft Exchange servers are being targeted by the Prometei botnet and added to its operators' army of Monero (XMR) cryptocurrency mining bots. This modular malware can infect both Windows and Linux systems, and it was first spotted last year while using the EternalBlue exploit to spread across compromised networks and enslave vulnerable Windows computers. READ MORE...


Files on QNAP NAS Devices Encrypted in Qlocker Ransomware Attacks

Following a wave of ransomware attacks, network-attached storage (NAS) appliance manufacturer QNAP Systems says it is urgently working on finding a solution to remove malware from infected NAS devices. The Taiwanese company, which makes both NAS and professional network video recorder (NVR) solutions, has long been urging users to improve the security of their devices. READ MORE...

Information Security

Twitter accidentally sends suspicious emails asking to confirm accounts

Twitter caused quite the panic Thursday night when they accidentally sent emails asking users to confirm their accounts, which looked suspiciously like a phishing attack. These emails began around 10 PM EST, with numerous Twitter accounts operated by BleepingComputer and its writers receiving the emails. These emails used the subject "Confirm your Twitter account" and included a button labeled 'Confirm Now. READ MORE...

Exploits/Vulnerabilities

Stanford student finds glitch in ransomware payment system to save victims $27,000

The hackers behind a nascent strain of ransomware hit a snag this week when a security researcher found a flaw in the payment system and, he says, helped victims save $27,000 in potential losses. Stanford University student and security researcher Jack Cable got a call Wednesday from a family friend, who is a doctor, asking for help because cybercriminals had locked the doctor's computer. READ MORE...


Apple AirDrop Flaws Could Let Hackers Grab Users' Phone Numbers and Email Addresses

Users of Apple products have long loved the ability to wirelessly share files with each other, using AirDrop to transmit files between their iPhones and Macbooks. But researchers at the Technical University of Darmstadt in Germany have discovered that security weaknesses could allow an attacker to obtain a victim's phone number and even email address. READ MORE...


A Clubhouse bug let people lurk in rooms invisibly

"Basically, I'm going to keep talking to you, but I'm going to disappear," longtime security researcher Katie Moussouris told me in a private Clubhouse room in February. "We'll still be talking, but I'll be gone." And then her avatar vanished. I was alone, or at least that's how it seemed. "That's it," she said from the digital beyond. "That's the bug. I am a f***ing ghost." READ MORE...

On This Date

  • ...in 1858, German physicist and Nobel laureate Max Planck, the originator of quantum theory, is born in Kiel, Germany.
  • ...in 1914, Weeghman Park in Chicago hosts its first-ever baseball game. Thirteen years later, the park was renamed Wrigley Field.
  • ...in 1936, early rock singer/songwriter Roy Orbison ("Only the Lonely", "Oh, Pretty Woman") is born in Vernon, TX.
  • ...in 1985, Coca-Cola releases the ill-fated "New Coke" to a negative response from consumers; three months later, the old formula is back in stores.