IT Security Newsletter - 5/12/2021
Krebs on Security: A Closer Look at the DarkSide Ransomware Gang
The FBI confirmed this week that a relatively new ransomware group known as DarkSide is responsible for an attack that caused Colonial Pipeline to shut down 5,550 miles of pipe, stranding countless barrels of gasoline, diesel and jet fuel on the Gulf Coast. Here's a closer look at the DarkSide cybercrime gang, as seen through their negotiations with a recent U.S. victim that earns $15 billion in annual revenue. READ MORE...
200K Veterans' Medical Records May Have Been Stolen by Ransomware Gang
A database filled with the medical records of nearly 200,000 U.S. military veterans was exposed online by a vendor working for the Veterans Administration, according to an analyst, who also presented evidence the data might have been exfiltrated by ransomware attackers. The VA for it's part said that the evidence may point to internal security work rather than a cyberattack. READ MORE...
University of California Confirms Personal Information Stolen in Cyberattack
The University of California (UC) this week confirmed that personal information was stolen in a cyberattack involving the Accellion File Transfer Appliance (FTA) service. The incident, which took place in late December 2020, after a critical vulnerability was identified in the decades-old file sharing service, impacted tens of companies, government agencies, and universities. READ MORE...
Phishers using Zix to "legitimize" emails in the eyes of Office 365 users
A phishing campaign aimed at harvesting Office 365 account credentials is employing a variety of tricks to fool both email security sistems and recipients: the phishing emails come from a compromised enterprise account, through the secure email system Zix, to make recipients believe that the offered link isn't malicious. The phishing emails are sent from a compromised email account belonging to a real estate services provider (Authentic Title, LLC), and ostensibly contain a closing settlement counter offer. READ MORE...
Ransomware crooks post cops' psych evaluations after talks with DC police stall
A ransomware gang that hacked the District of Columbia's Metropolitan Police Department (MPD) in April posted personnel records on Tuesday that revealed highly sensitive details for almost two dozen officers, including the results of psychological assessments and polygraph tests, driver's license images, fingerprints, social security numbers, dates of birth, and residential, financial, and marriage histories. READ MORE...
Krebs on Security: Microsoft Patch Tuesday, May 2021 Edition
Microsoft today released fixes to plug at least 55 security holes in its Windows operating systems and other software. Four of these weaknesses can be exploited by malware and malcontents to seize complete, remote control over vulnerable systems without any help from users. On deck this month are patches to quash a wormable flaw, a creepy wireless bug, and yet another reason to call for the death of Microsoft's Internet Explorer (IE) web browser. READ MORE...
TeaBot Trojan Targets Banks via Hijacked Android Handsets
Researchers have discovered an Android trojan that can steal victims' SMS messages and credentials and completely take over devices. The trojan, dubbed TeaBot, is aimed at committing fraud against at least 60 banks in Europe. Once installed on a victim's device, attackers can use the trojan to obtain a live streaming of the device screen on demand and also interact with it via Accessibility Services. READ MORE...
FragAttacks: New Vulnerabilities Expose All Devices With Wi-Fi to Attacks
The vulnerabilities, dubbed FragAttacks (fragmentation and aggregation attacks), were discovered by researcher Mathy Vanhoef, who was also involved in the discovery of the Key Reinstallation Attack (KRACK) vulnerabilities back in 2017. FragAttacks can be leveraged by an attacker who is within range of the targeted Wi-Fi connection to hack devices and steal sensitive user information. READ MORE...
Hackers Leverage Adobe Zero-Day Bug Impacting Acrobat Reader
Adobe is warning customers of a critical zero-day bug actively exploited in the wild that affects its ubiquitous Adobe Acrobat PDF reader software. A patch is available, as part of the company's Tuesday roundup of 43 fixes for 12 of its products, including Adobe Creative Cloud Desktop Application, Illustrator, InDesign, and Magento. According to Adobe, the zero-day vulnerability, which is tracked as CVE-2021-28550, "has been exploited in the wild in limited attacks targeting Adobe Reader users on Windows." READ MORE...
- ...in 1907, actress Katharine Hepburn ("The Philadelphia Story", "The African Queen") is born in Hartford, CT.
- ...in 1937, stand-up comedian and writer George Carlin is born in New York City.
- ...in 1942, German engineer Konrad Zuse introduces the Z3, the world's first working programmable, fully automatic computer.
- ...in 1949, the Soviet Union lifts its blockade of Berlin.