<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 4/27/2021

SHARE

Top News

DC Police Department Hit by Apparent Extortion Attack

The Washington, D.C., police department said Monday that its computer network was breached, and a Russian-speaking ransomware syndicate claimed to have stolen sensitive data, including on informants, that it threatened to share with local criminal gangs unless police paid an unspecified ransom. The cybercriminals posted screenshots on their dark web site supporting their claim to have stolen more than 250 gigabytes of data. READ MORE...


US warns of Russian state hackers still targeting US, foreign orgs

The FBI, the US Department of Homeland Security (DHS), and the Cybersecurity and Infrastructure Security Agency (CISA) warned today of continued attacks coordinated by the Russian Foreign Intelligence Service (SVR) (aka APT29) against US and foreign organizations. "The SVR activity [...] primarily targets government networks, think tank and policy analysis organizations, and information technology companies and seeks to gather intelligence information," CISA said. READ MORE...

Breaches

Accellion data breaches drive up average ransom price

The data breaches caused by the Clop ransomware gang exploiting a zero-day vulnerability have led to a sharp increase in the average ransom payment calculated for the first three months of the year. Clop's attacks did not encrypt a single byte but stole data from large companies that relied on Accellion's legacy File Transfer Appliance (FTA) and tried to extort them with high ransom demands. READ MORE...

Hacking

Zoom deepfaker fools politicians…twice

We recently said deepfakes "remain the weapon of choice for malign interference campaigns, troll farms, and occasionally humorous celebrity face-swaps". Skepticism that these techniques would work on a grand scale such as an election, remains in place. In the realm of malign interference and smaller scale antics, however, deepfakes continue to forge new ground. READ MORE...

Software Updates

Apple Patches Zero-Day MacOS Bug That Can Bypass Anti-Malware Defenses

Apple patched a zero-day vulnerability in its MacOS that can bypass critical anti-malware capabilities and which a variant of the notorious Mac threat Shlayer adware dropper already has been exploiting for several months. Security researcher Cedric Owens first discovered the vulnerability, tracked as CVE-2021-30657 and patched in macOS 11.3, an update dropped by Apple on Monday. READ MORE...

Malware

Flubot Spyware Spreading Through Android Devices

Android mobile phone users across the U.K. are being targeted by text messages containing a particularly nasty piece of spyware called "Flubot," according to the country's National Cyber Security Centre. The malware is delivered to targets through SMS texts and prompts them to install a "missed package delivery" app. Instead, it takes victims to a scam website where they download the "app" - which is really just the spyware. READ MORE...

Information Security

Pentagon explains odd transfer of 175 million IP addresses to obscure company

The US Department of Defense puzzled Internet experts by apparently transferring control of tens of millions of dormant IP addresses to an obscure Florida company just before President Donald Trump left the White House, but the Pentagon has finally offered a partial explanation for why it happened. The Defense Department says it still owns the addresses but that it is using a third-party company in a "pilot" project to conduct security research. READ MORE...

Exploits/Vulnerabilities

Nvidia Warns: Severe Security Bugs in GPU Driver, vGPU Software

Nvidia has disclosed a group of security vulnerabilities in the Nvidia graphics processing unit (GPU) display driver, which could subject gamers and others to privilege-escalation attacks, arbitrary code execution, denial of service (DoS) and information disclosure. Meanwhile, the Nvidia virtual GPU (vGPU) software also has a group of bugs that could lead to a range of similar attacks. READ MORE...

On This Date

  • ...in 1981, Xerox PARC introduces the 8010 Star workstation, the first personal computer to ship with a mouse peripheral.
  • ...in 1988, singer/songwriter Lizzo (born Melissa Viviane Jefferson) is born in Detroit, MI.
  • ...in 1989, protesting students from Peking University take over Tiananmen Square in Beijing, China.
  • ...in 1994, Nelson Mandela wins the presidency in South Africa's first democratic and multiracial general election.