<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter

Get the latest headlines, summaries, and security news!

IT Security Newsletter - 6/9/2021

Top News

FBI sold phones to organized crime and read 27 million "encrypted" messages

The Federal Bureau of Investigation created a company that sold encrypted devices to hundreds of organized crime syndicates, resulting in 800 arrests in 16 countries, law-enforcement authorities announced today. The FBI and agencies in other countries intercepted 27 million messages over 18 months before making the arrests in recent days, and more arrests are planned. The FBI teamed up with Australian Federal Police to target drug trafficking and money laundering. READ MORE...

Breaches

DarkSide Pwned Colonial With Old VPN Password

It took only one dusty, no-longer-used password for the DarkSide cybercriminals to breach the network of Colonial Pipeline Co. last month, resulting in a ransomware attack that caused significant disruption and remains under investigation by the U.S. government and cybersecurity experts. Attackers used the password to a VPN account that was no longer in use but still allowed them to remotely access Colonial Pipeline's network. READ MORE...

Hacking

Windows 10 targeted by PuzzleMaker hackers using Chrome zero-days

Kaspersky security researchers discovered a new threat actor dubbed PuzzleMaker, who has used a chain of Google Chrome and Windows 10 zero-day exploits in highly-targeted attacks against multiple companies worldwide. According to Kaspersky, the attacks coordinated by PuzzleMaker were first spotted during mid-April when the first victims' networks were compromised. READ MORE...

Software Updates

Krebs on Security: Microsoft Patches Six Zero-Day Security Holes

Microsoft today released another round of security updates for Windows operating systems and supported software, including fixes for six zero-day bugs that malicious hackers already are exploiting in active attacks. June's Patch Tuesday addresses just 49 security holes - about half the normal number of vulnerabilities lately. But what this month lacks in volume it makes up for in urgency: Microsoft warns that bad guys are leveraging a half-dozen of those weaknesses to break into computers in targeted attacks. READ MORE...


Adobe issues security updates for 41 vulnerabilities in 10 products

Adobe has released a giant Patch Tuesday security update release that fixes vulnerabilities in ten applications, including Adobe Acrobat, Reader, and Photoshop. The complete list of Adobe Products receiving security updates today and the number of fixed vulnerabilities are below. In total, there were 41 vulnerabilities fixed. Out of all the Adobe security updates released today, Adobe After Effects had the most fixes, with 16 vulnerabilities. READ MORE...

Malware

Ransomware hits iConstituent, a service lawmakers use to communicate with voters

The scourge of ransomware has now hit closer to home for U.S. politicians. Ransomware has impacted the newsletter service of iConstituent, a firm that U.S. lawmakers use to contact constituents, the House of Representatives' Chief Administrative Officer (CAO) said Tuesday. Individual offices choose to buy iConstituent services, which include virtual town halls, email and texting, and other data services. READ MORE...


Emerging 'Prometheus' ransomware claims 30 victims in a dozen countries, Palo Alto Networks says

A new ransomware group claims to have breached 30 organizations in government, financial services, health care services, and energy firms in the United States, United Kingdom, and a dozen more countries, according to Palo Alto Networks research published Wednesday. The group, which Palo Alto researchers have dubbed "Prometheus," most frequently targets the manufacturing industry. READ MORE...

Exploits/Vulnerabilities

Hackers can mess with HTTPS connections by sending data to your email server

When you visit an HTTPS-protected website, your browser doesn't exchange data with the webserver until it has ensured that the site's digital certificate is valid. That prevents hackers with the ability to monitor or modify data passing between you and the site from obtaining authentication cookies or executing malicious code on the visiting device. READ MORE...


Siemens, Schneider Electric Inform Customers About Tens of Vulnerabilities

Industrial automation giants Siemens and Schneider Electric on Tuesday released several security advisories to inform customers about tens of vulnerabilities affecting their products. The companies have provided patches and recommendations for reducing the risk of exploitation. The eight new advisories released by Siemens on this Patch Tuesday cover roughly two dozen vulnerabilities affecting its products. READ MORE...

On This Date

  • ...in 1915, Les Paul, the jazz musician whose name became synonymous with the electric guitar, is born in Waukesha, Wis., as Lester Poifus.
  • ...in 1934, Donald Duck makes his onscreen debut in the Disney short "The Wise Little Hen".
  • ...in 1964, the Central Intelligence Agency (CIA) submits a memo that effectively challenges the "domino theory" backbone of the Johnson administration policies
  • ...in 1973, Secretariat wins the coveted Triple Crown.