IT Security Newsletter - 6/28/2021
SolarWinds hackers breach new victims, including a Microsoft support agent
The nation-state hackers who orchestrated the SolarWinds supply chain attack compromised a Microsoft worker's computer and used the access to launch targeted attacks against company customers, Microsoft said in a terse statement published late on a Friday afternoon. The hacking group also compromised three entities using password-spraying and brute-force techniques, which gain unauthorized access to accounts by bombarding login servers with large numbers of login guesses. READ MORE...
Mercedes-Benz data breach exposes SSNs, credit card numbers
Mercedes-Benz USA has just disclosed a data breach impacting some of its customers. The company assessed 1.6 million customer records which included customer names, addresses, emails, phone numbers, and some purchased vehicle information to determine the impact. It appears the data breach exposed credit card information, social security numbers, and driver license numbers of under 1,000 Mercedes-Benz customers and potential buyers. READ MORE...
Here's what you'll need to upgrade to Windows 11
Since Microsoft's announcement of Windows 11 yesterday, one concern has reverberated around the web-what's this about a Trusted Platform Module requirement? Windows 11 is the first Windows version to require a TPM, and most self-built PCs (and cheaper, home-targeted OEM PCs) don't have a TPM module on board. Although this requirement is a bit of a mess, it's not as onerous as millions of people have assumed. READ MORE...
NFC flaws let researchers hack an ATM by waving a phone
For years, security researchers and cybercriminals have hacked ATMs by using all possible avenues to their innards, from opening a front panel and sticking a thumb drive into a USB port to drilling a hole that exposes internal wiring. Now, one researcher has found a collection of bugs that allow him to hack ATMs-along with a wide variety of point-of-sale terminals-in a new way: with a wave of his phone over a contactless credit card reader. READ MORE...
Cisco ASA Bug Now Actively Exploited as PoC Drops
Researchers have dropped a proof-of-concept (PoC) exploit on Twitter for a known cross-site scripting (XSS) vulnerability in the Cisco Adaptive Security Appliance (ASA). The move comes as reports surface of in-the-wild exploitation of the bug. Researchers at Positive Technologies published the PoC for the bug (CVE-2020-3580) on Thursday. One of the researchers there, Mikhail Klyuchnikov, noted that there were a heap of researchers now chasing after an exploit for the bug, which he termed "low-hanging" fruit. READ MORE...
- ...in 1846, Belgian inventor and musician Adolphe Sax patents the saxophone.
- ...in 1914, Archduke Franz Ferdinand of Austria and his wife Sophie are assassinated by Yugoslavian nationalist Gavrilo Princip, sparking the events leading to World War I.
- ...in 1926, film director and comedy legend Mel Brooks ("Blazing Saddles", "Young Frankenstein") is born in Brooklyn, New York.
- ...in 1946, comedian and original 'Saturday Night Live" cast member Gilda Radner is born in Detroit, MI.