IT Security Newsletter

IT Security Newsletter - 5/3/2021

Written by Cadre | Mon, May 3, 2021

More US agencies potentially hacked, this time with Pulse Secure exploits

At least five US federal agencies may have experienced cyberattacks that targeted recently discovered security flaws that give hackers free rein over vulnerable networks, the US Cybersecurity and Infrastructure Security Agency said on Friday. The vulnerabilities in Pulse Connect Secure, a VPN that employees use to remotely connect to large networks, include one that hackers had been actively exploiting before it was known to Ivanti, the maker of the product. READ MORE...

Contract Tracing Breach Impacts Private Info of 72K People

Employees of a vendor paid to conduct COVID-19 contact tracing in Pennsylvania may have compromised the private information of at least 72,000 people, including their exposure status and their sexual orientation, the state Health Department said Thursday. Workers at Atlanta-based Insight Global "disregarded security protocols established in the contract and created unauthorized documents" outside the state's secure data system, Health Department spokesman Barry Ciccocioppo said. READ MORE...

Your stolen ParkMobile data is now free for wannabe scammers

The account information for almost 22 million ParkMobile customers is now in the hands of hackers and scammers after the data was released for free on a hacking forum. On March 26th, 2021, ParkMobile issued a security notification on their website stating that one of their services was hacked and unauthorized people gained access to customer data. "We recently became aware of a cybersecurity incident linked to a vulnerability in a third-party software that we use." READ MORE...

Suspected Chinese state hackers target Russian submarine designer

Hackers suspected to work for the Chinese government have used a new malware called PortDoor to infiltrate the systems of an engineering company that designs submarines for the Russian Navy. They used a spear-phishing email specifically crafted to lure the general director of the company into opening a malicious document. The threat actor targeted Rubin Central Design Bureau for Marine Engineering in Saint Petersburg, a defense contractor that designed most of Russia's nuclear submarines. READ MORE...

PHP community sidesteps its third supply chain attack in three years

Swiss cybersecurity researchers recently found security holes in Composer, the software tool that programming teams use to access Packagist, the PHP ecosystems's major online repository of PHP software modules. These bugs could have allowed cybercriminals to poison the Packagist system itself, thus tainting the very watering hole at which a large part of the PHP community comes to drink. That sort of cyberassault is known, for obvious reasons, as a supply chain attack. READ MORE...

Babuk quits ransomware encryption, focuses on data-theft extortion

A new message today from the operators of Babuk ransomware clarifies that the gang has decided to close the affiliate program and move to an extortion model that does not rely on encrypting victim computers. The explanation comes after yesterday the group posted and deleted two announcements about their plan to close the project and release the source code for the malware. READ MORE...

WeSteal: A Cryptocurrency-Stealing Tool That Does Just That

Some cybercriminals try, at least, to cover their dirty work with a threadbare "this will throw off the lawsuits" blanket of legitimacy. For example, phone-tracking tools that silently install and operate and which are supposedly meant for parents to (legally) watch out for their kids (in actuality, stalkerware), ransomware gangs that blab rationalizations about "helping" by spotting zero days before their victims do. READ MORE...

A Tale of Two Hacks: From SolarWinds to Microsoft Exchange

The past four months have exposed two high-profile attacks, which both had pundits declaring them the "worst-ever" and "unprecedented." They shared other similarities - both attacked businesses rather than individuals, and affected tens of thousands of organizations. But that is where the similarity ends. The SolarWinds hack was a "supply-chain" attack on approximately 18,000 purchasers of the company's Orion software. Two things make it particularly bad. READ MORE...

SonicWall Zero-Day Exploited by Ransomware Group Before It Was Patched

A zero-day vulnerability addressed by SonicWall in its Secure Mobile Access (SMA) appliances earlier this year was exploited by a sophisticated and aggressive cybercrime group before the vendor released a patch, FireEye's Mandiant unit reported on Thursday. Over the past half a year, a new cybercrime group has been observed using a broad range of malware and employing aggressive tactics to pressure ransomware victims into making payments. READ MORE...

Tesla Car Hacked Remotely From Drone via Zero-Click Exploit

Two researchers have shown how a Tesla - and possibly other cars - can be hacked remotely without any user interaction. They carried out the attack from a drone. This was the result of research conducted last year by Ralf-Philipp Weinmann of Kunnamon and Benedikt Schmotzle of Comsecuris. The analysis was initially carried out for the Pwn2Own 2020 hacking competition but the findings were later reported to Tesla through its bug bounty program. READ MORE...

  • ...in 1919, folk singer/songwriter Pete Seeger ("Where Have All the Flowers Gone?", "If I Had a Hammer") was born in Patterson, NY.
  • ...in 1935, late-night TV pitchman and inventor Ron Popeil, of Veg-O-Matic and Pocket Fisherman fame, was born in New York City.
  • ...in 1952, the Kentucky Derby is shown on national television for the first time.
  • ...in 2003, New Hampshire's famous "Old Man of the Mountain" rock formation collapses in a rockslide.