IT Security Newsletter

IT Security Newsletter - 4/27/2023

Written by Cadre | Thu, Apr 27, 2023

Google leaking 2FA secrets - researchers advise against new "account sync" feature for now

The Google Authenticator 2FA app has featured strongly in cybersecurity news stories lately, with Google adding a feature to let you backup your 2FA data into the cloud and then restore it onto other devices. To explain, a 2FA (two-factor authentication) app is one of those programs that you run on your mobile phone or tablet to generate one-time login codes that help to secure your online accounts with more than just a password. READ MORE...

Ukrainian arrested for selling data of 300M people to Russians

The Ukrainian cyber police have arrested a 36-year-old man from the city of Netishyn for selling the personal data and sensitive information of over 300 million people, citizens of Ukraine, and various European countries. The seller was using Telegram to promote the stolen data to interested buyers, asking between $500 and $2,000 depending on the amount of data and its value. READ MORE...

Malware-Free Cyberattacks Are on the Rise, Here's How to Detect Them

With little more than smart reconnaissance and existing tools, adversaries are increasingly capable of compromising an enterprise network without making any noise or leaving a trace behind. In fact, according to CrowdStrike CEO George Kurtz and president Michael Sentonas, 71% of enterprise cyberattacks in calendar year 2022 were done without malware. At this year's RSA Conference, Kurtz and Sentonas returned to the keynote stage to walk the audience through a case study. READ MORE...

NSA sees 'significant' Russian intel gathering on European, U.S. supply chain entities

Russian hackers are focused on using ransomware to attack supply chains both within Ukraine and in European countries being used to provide weapons and humanitarian aid in support of the Ukrainian war effort, a top National Security Agency official said Wednesday. And as the war drags on, Russian hackers could be looking to attack logistics targets more broadly, including in the United States, said Rob Joyce, the NSA's director of cybersecurity. READ MORE...

Why juice jacking is overhyped

Travelers should avoid public USB charging stations at airports, hotels, and other venues, as they may harbor malicious software. Designed for both data and power transmission, USB connections lack a solid barrier between the two. Over the years, as smartphones gained popularity, malicious individuals exploited USB connections to discreetly transfer hidden data payloads, which users might assume were simply transmitting electrical power. This process is known as juice jacking. READ MORE...

APC warns about critical vulnerabilities in online UPS monitoring software

In a security notification, APC has warned home and corporate users about critical vulnerabilities in the software used to monitor and control their UPS systems online. APC, which started as the American Power Conversion in 1981, today is a part of Schneider Electric™. APC is an industry leader in physical infrastructure and software solutions, and one of the most popular uninterruptible power supply (UPS) brands. READ MORE...

Cisco discloses XSS zero-day flaw in server management tool

Cisco disclosed today a zero-day vulnerability in the company's Prime Collaboration Deployment (PCD) software that can be exploited for cross-site scripting attacks. This server management utility enables admins to perform migration or upgrade tasks on servers in their organization's inventory. Tracked as CVE-2023-20060, the bug was found in the web-based management interface of Cisco PCD 14 and earlier by Pierre Vivegnis of the NATO Cyber Security Centre (NCSC). READ MORE...

  • ...in 1981, Xerox PARC introduces the 8010 Star workstation, the first personal computer to ship with a mouse peripheral.
  • ...in 1988, singer/songwriter Lizzo (born Melissa Viviane Jefferson) is born in Detroit, MI.
  • ...in 1989, protesting students from Peking University take over Tiananmen Square in Beijing, China.
  • ...in 1994, Nelson Mandela wins the presidency in South Africa's first democratic and multiracial general election.