IT Security Newsletter

IT Security Newsletter - 7/1/2021

Written by Cadre | Thu, Jul 1, 2021

Netgear Authentication Bypass Allows Router Takeover

Netgear has patched three bugs in one of its router families that, if exploited, can allow threat actors to bypass authentication to breach corporate networks and steal data and credentials. Microsoft security researchers discovered the bugs in Netgear DGN-2200v1 series routers while they were researching device fingerprinting, Microsoft 365 Defender research team's Jonathan Bar Or said in a blog post, posted Wednesday. READ MORE...

Twitter Enables Use of Security Keys as Sole Two-Factor Authentication Method

Twitter this week announced that it allows users to enroll security keys and use them as the only form of two-factor authentication (2FA) to secure their accounts. "Security keys offer the strongest protection for your Twitter account because they have built-in protections to ensure that even if a key is used on a phishing site, the information shared can't be used to access your account," Twitter explains. READ MORE...

Dropbox Used to Mask Malware Movement in Cyberespionage Campaign

Chinese-speaking cyberespionage actors have targeted the Afghan government, using Dropbox for command-and-control (C2) communications and going so far as to impersonate the Office of the President to infiltrate the Afghan National Security Council (NSC), researchers have found. According to a report published by Check Point Research (CPR) on Thursday, this is just the latest in a long-running operation that goes back as far as 2014. READ MORE...

CISA releases new ransomware self-assessment security audit tool

The US Cybersecurity and Infrastructure Security Agency (CISA) has released the Ransomware Readiness Assessment (RRA), a new module for its Cyber Security Evaluation Tool (CSET). RRA is a security audit self-assessment tool for organizations that want to understand better how well they are equipped to defend against and recover from ransomware attacks targeting their information technology (IT), operational technology (OT), or industrial control system (ICS) assets. READ MORE...

Microsoft Exec: Targeting of Americans' Records 'Routine'

Federal law enforcement agencies secretly seek the data of Microsoft customers thousands of times a year, according to congressional testimony Wednesday by a senior executive at the technology company. Tom Burt, Microsoft's corporate vice president for customer security and trust, told members of the House Judiciary Committee that federal law enforcement in recent years has been presenting the company with between 2,400 to 3,500 secrecy orders a year, or about seven to 10 a day. READ MORE...

  • ...in 1863, the Battle of Gettysburg begins in Gettysburg, PA.
  • ...in 1934, blues musician and songwriter Willie Dixon is born in Vicksburg, MS.
  • ...in 1963, ZIP codes are introduced for US Mail.
  • ...in 1979, Sony introduces the Walkman.