IT Security Newsletter - 7/15/2021
iOS zero-day let SolarWinds hackers compromise fully updated iPhones
The Russian state hackers who orchestrated the SolarWinds supply chain attack last year exploited an iOS zero-day as part of a separate malicious email campaign aimed at stealing Web authentication credentials from Western European governments, according to Google and Microsoft. In a post Google published on Wednesday, researchers said a "likely Russian government-backed actor" exploited the then-unknown vulnerability by sending messages to government officials over LinkedIn. READ MORE...
Tulsa Says Network Hack Gained Some Social Security Numbers
Hackers gained access to the Social Security numbers of more than two dozen people during a ransomware attack that forced the city of Tulsa to shut down parts of its computer network for months, officials said. The hackers got Social Security numbers for 27 people in the cyberattack Tulsa detected May 6, Michael Dellinger, the city's chief information officer, said Tuesday. READ MORE...
Explosion of 0-day exploits: The bad news and the good news
Have you noticed that lately we've been hearing more about in-the-wild attacks exploiting 0-day vulnerabilities? "Halfway into 2021, there have been 33 0-day exploits used in attacks that have been publicly disclosed this year - 11 more than the total number from 2020," researchers with Google's Threat Analysis Group (TAG) have pointed out in a recent blog post. Does this mean that threat actors are leveraging more 0-day exploits than ever? Or that researchers and threat analysts are getting better at detecting these attacks? READ MORE...
Lenovo Working on Patches for BIOS Vulnerabilities Affecting Many Laptops
Lenovo this week published information on three vulnerabilities that impact the BIOS of two of its desktop products and approximately 60 laptop and notebook models. Tracked as CVE-2021-3452 and affecting tens of ThinkPad models, the first of the bugs impacts the system shutdown SMI callback function and could be abused by a local attacker that already has elevated privileges on the device to execute arbitrary code. READ MORE...
Trickbot Malware Rebounds with Virtual-Desktop Espionage Module
The Trickbot trojan is in resurgence mode, with its operators filling out infrastructure globally and releasing an updated version of its "vncDll" module, used for monitoring and intelligence gathering, researchers said. According to an analysis this week from Bitdefender, there has been "a significant increase in [Trickbot] command-and-control (C2) centers deployed around the world," in the wake of an October takedown by Microsoft and partners. READ MORE...
- ...in 1799, the Rosetta Stone is found in Egypt by French Army officer Pierre-Francois Bouchard.
- ...in 1961, actor Forest Whitaker ("Bird", "The Last King of Scotland") is born in Longview, TX.
- ...in 1967, "MythBusters" co-host and special effects artist Adam Savage is born in New York City.
- ...in 2003, the Mozilla Foundation is established following the disbanding of its precursor company, Netscape.