IT Security Newsletter

IT Security Newsletter - 5/27/2021

Written by Cadre | Thu, May 27, 2021

Japanese government agencies suffer data breaches after Fujitsu hack

Offices of multiple Japanese agencies were breached via Fujitsu's "ProjectWEB" information sharing tool. Fujitsu states that attackers gained unauthorized access to projects that used ProjectWEB, and stole some customer data. It is not yet clear if this breach occurred because of a vulnerability exploit, or a targeted supply-chain attack, and an investigation is ongoing. READ MORE...

Operator of Deer.io, a hosting platform for cybercriminal services, is sentenced to 2.5 years

A Russian man was sentenced to 30 months in prison for running a website that sold stolen credit card data and other personal information to cybercriminals, according to a Department of Justice announcement. The Russian man, Kirill Victorovich Firsov, was first arrested last year, and pleaded guilty to hacking-related charges in January. Firsov was accused of having run the site, Deer.io, which hosted other cybercriminals' shops, since 2013. READ MORE...

Possible Chinese hackers pose as UN, human rights group to eavesdrop on beleaguered Uyghur population

Researchers say that suspected Chinese hackers are posing as the United Nations and a fake human rights organization in an ongoing campaign to target Uyghurs, an ethnic group that's repeatedly been on the receiving end of surveillance and cyberattacks this year. "We believe that these cyber-attacks are motivated by espionage, with the end-game of the operation being the installation of a backdoor into the computers of high-profile targets in the Uyghur community," said Lotem Finkelsteen, head of threat intelligence at Check Point. READ MORE...

PDF Feature 'Certified' Widely Vulnerable to Attack

Certified portable document format (PDF) files are used to securely sign agreements between two parties while keeping the contents' integrity protected, but a new report found the security protections on most certified PDF applications were inadequate and left organizations exposed to a number of attacks. Researchers from Ruhr University Bochum explained certified PDFs use two specific signatures to authenticate the document, an Approval signature and a Certification signature. READ MORE...

Siemens Addresses Code Execution Vulnerabilities Found in Popular CAD Library

Siemens on Tuesday released an advisory to inform customers about several high-severity vulnerabilities affecting its Solid Edge product. The flaws are introduced by fourth-party software that is also used by many other organizations. The vulnerabilities were discovered in Siemens Solid Edge last year by security researcher Andrea Micalizzi (aka rgod), who has identified many vulnerabilities in industrial systems over the past years. READ MORE...

  • ...in 1897, Bram Stoker's vampire novel "Dracula" is published.
  • ...in 1927, the last Model-T rolls off the assembly line.
  • ...in 1937, San Francisco's Golden Gate Bridge opens.
  • ...in 1941, the British Navy sinks the German battleship Bismarck.