IT Security Newsletter - 5/10/2021
Major U.S. Pipeline Crippled in Ransomware Attack
A ransomware attack is being blamed for halting pipeline activities for the Colonial Pipeline Company, which supplies the East Coast with roughly 45 percent of it liquid fuels. In a statement released Saturday, the Colonial Pipeline Company said it temporarily halted pipeline operations in response to a cyberattack impacting the company on Friday. As a precaution the company proactively took key systems offline to avoid further infections. READ MORE...
Cyberattack on US Pipeline is Linked to Criminal Gang
The cyberextortion attempt that has forced the shutdown of a vital U.S. pipeline was carried out by a criminal gang known as DarkSide that cultivates a Robin Hood image of stealing from corporations and giving a cut to charity, two people close to the investigation said Sunday. The shutdown, meanwhile, stretched into its third day, with the Biden administration loosening regulations for the transport of petroleum products on highways as part of an "all-hands-on-deck" effort to avoid disruptions in the fuel supply. READ MORE...
SolarWinds Shares More Information on Cyberattack Impact, Initial Access Vector
Texas-based IT management company SolarWinds on Friday shared more information on the impact of the significant breach disclosed late last year, and claimed that less than 100 of its customers were actually hacked. The hackers, which have officially been linked by the United States and others to Russia's Foreign Intelligence Service (SVR), breached SolarWinds systems in 2019 or possibly even earlier. READ MORE...
Microsoft: Business email compromise attack targeted dozens of orgs
Microsoft detected a large-scale business email compromise (BEC) campaign that targeted more than 120 organizations using typo-squatted domains registered a few days before the attacks started. BEC scammers use various tactics (including social engineering, phishing, or hacking) to compromise business email accounts, later used to redirect payments to bank accounts under their control or target employees in gift card scams. READ MORE...
How North Korean APT Kimsuky Is Evolving Its Tactics
North Korean APT group Kimsuky is adopting new tactics, techniques, and procedures in global attacks, report researchers whose findings indicate the group's operations have sufficient differences to warrant splitting it into two smaller subgroups: CloudDragon and KimDragon. Kimsuky is not a new group but has adopted new methods to support its mission of collecting intelligence. A US government alert issued in October 2020 reported the group had been operating since 2012. READ MORE...
Bulletproof hosting admins plead guilty to running cybercrime safe haven
Four individuals from Eastern Europe face 20 years in prison for Racketeer Influenced Corrupt Organization (RICO) charges after pleading guilty to running a bulletproof hosting service as a safe haven for cybercrime operations targeting US entities. The bulletproof hosting service was founded by Russian citizens Aleksandr Grichishkin and Andrei Skvortsov, who hired Lithuanian Aleksandr Skorodumov and Estonian Pavel Stassi as the organization's system admin and administrator, respectively. READ MORE...
Apple brass discussed disclosing 128-million iPhone hack, then decided not to
In September 2015, Apple managers had a dilemma on their hands: should, or should they not notify 128 million iPhone users of what remains the worst mass iOS compromise on record? Ultimately, all evidence shows, they chose to keep quiet. The mass hack first came to light when researchers uncovered 40 malicious App Store apps, a number that mushroomed to 4,000 as more researchers poked around. The apps contained code that made iPhones and iPads part of a botnet that stole potentially sensitive user information. READ MORE...
Millions put at risk by old, out of date routers
Since the first stay-at-home measures were imposed by governments to keep everyone safe from the worsening COVID-19 pandemic, we at Malwarebytes have been making sure that you, dear reader, are as cyber-secure as possible in your home network, while you try to work and while your children attend online classes. There has been much discussion of antivirus protection, patching your software, and using VPNs. But what if the security flaws aren't in your phones or laptops, but the router your ISP gave you? READ MORE...
Foxit Reader bug lets attackers run malicious code via PDFs
Foxit Software, the company behind the highly popular Foxit Reader, has published security updates to fix a high severity remote code execution (RCE) vulnerability affecting the PDF reader. This security flaw could allow attackers to run malicious code on users' Windows computers and, potentially, take over control. Foxit claims to have more than 650 million users from 200 countries, with its software currently being used by over 100,000 customers. READ MORE...
- ...in 1869, a ceremonial golden spike is driven to connect the Central Pacific and Union Pacific railroads, officially dedicating the First Transcontinental Railroad.
- ...in 1899, classic Hollywood dancer and singer Fred Astaire is born in Omaha, NE.
- ...in 1962, Marvel Comics publishes the first issue of "The Incredible Hulk."
- ...in 1994, Nelson Mandela is inaugurated as South Africa's first Black president.