IT Security Newsletter - 4/5/2022
Hackers breach MailChimp's internal tools to target crypto customers
Email marketing firm MailChimp disclosed on Sunday that they had been hit by hackers who gained access to internal customer support and account management tools to steal audience data and conduct phishing attacks. Sunday morning, Twitter was abuzz with reports from owners of Trezor hardware cryptocurrency wallets who received phishing notifications claiming that the company suffered a data breach. READ MORE...
Notorious hacking group FIN7 adds ransomware to its repertoire
The long-running cybercrime group FIN7, known for breaking into payment systems and corporate networks, has been moving into ransomware operations, according to researchers at security firm Mandiant. The company said it has identified increased data-theft extortion or ransomware deployment associated with FIN7 attacks in recent years. Ransomware strains used in connection with the group's operators include Maze, Ryuk and ALPHV - also known as BlackCat - the researchers said Monday. READ MORE...
Ukraine spots Russian-linked 'Armageddon' phishing attacks
The Computer Emergency Response Team of Ukraine (CERT-UA) has spotted new phishing attempts attributed to the Russian threat group tracked as Armageddon (Gamaredon). The malicious emails attempt to trick the recipients with lures themed after the war in Ukraine and infect the target systems with espionage-focused malware. CERT-UA has identified two separate cases, one targeting Ukrainian organizations and the other focusing on government agencies in the European Union. READ MORE...
Zyxel patches critical vulnerability that can allow Firewall and VPN hijacks
Hardware manufacturer Zyxel has issued patches for a highly critical security flaw that gives malicious hackers the ability to take control of a wide range of firewalls and VPN products the company sells to businesses. The flaw is an authentication bypass vulnerability that stems from a lack of a proper access-control mechanism in the CGI (common gateway interface) of affected devices, the company said. READ MORE...
GitLab issues security updates, watch out for hard coded passwords
GitLab has issued several critical security updates, with users of the version control software urged to upgrade their installations as soon as possible. One of the fixes is for a hard coded password issue. Distributed version control is a way for an organisation's codebase to be mirrored on the devices of anyone who needs access. Where people occasionally become confused is when they see a number of services using the word "Git" in their name. READ MORE...
New Android Spyware Uses Turla-Linked Infrastructure
Lab52 security researchers have dissected a new piece of Android malware that they discovered while analyzing infrastructure associated with Russian cyberespionage group Turla. While it's the only malware family to connect to a specific IP address associated with Turla, the spyware can't be attributed to the infamous APT, "given its threat capabilities," Lab52 says. READ MORE...
Academics Devise Side-Channel Attack Targeting Multi-GPU Systems
A group of academic researchers has devised a side-channel attack targeting architectures that rely on multiple graphics processing units (GPUs) for resource-intensive computational operations. Used in high performance computing and cloud data centers, multi-GPU machines are shared between multiple users, meaning that the protection of applications and data flowing through them is critical. READ MORE...
- ...in 1792, President Washington exercises the very first veto of a bill passed by Congress. A changed version is passed five days later as the Apportionment Act of 1792.
- ...in 1917, crime and horror writer Robert Bloch, best known as the author of "Psycho", is born in Chicago, IL.
- ...in 1984, Kareem Abdul-Jabbar breaks Wilt Chamberlain's all-time career scoring record. He would go on to score 38,387 points before retiring in 1989.
- ...in 1987, the Fox television network airs its first prime-time lineup, starting with "Married With Children" and "The Tracey Ullman Show."