IT Security Newsletter

IT Security Newsletter - 8/11/2021

Written by Cadre | Wed, Aug 11, 2021

Krebs on Security: Microsoft Patch Tuesday, August 2021 Edition

Microsoft today released software updates to plug at least 44 security vulnerabilities in its Windows operating systems and related products. The software giant warned that attackers already are pouncing on one of the flaws, which ironically enough involves an easy-to-exploit bug in the software component responsible for patching Windows 10 PCs and Windows Server 2019 machines. READ MORE...

Over $600 Million Stolen in Biggest Ever Cryptocurrency Theft

The largest hack in recorded history took place yesterday when attackers exploited a vulnerability that could change the "keeper role" of a blockchain contract and make any transaction such as a withdrawal, according to a Medium post by Poly Network. Poly Network, a platform that looks to connect different blockchains so that they can work together, confirmed that the vulnerability was due to the leakage of a keeper's private key. READ MORE...

Crytek confirms Egregor ransomware attack, customer data theft

Game developer and publisher Crytek has confirmed that the Egregor ransomware gang breached its network in October 2020, encrypting systems and stealing files containing customers' personal info later leaked on the gang's dark web leak site. The company acknowledged the attack in breach notification letters sent to impacted individuals earlier this month and shared by one of the victims with BleepingComputer today. READ MORE...

Chinese hackers posed as Iranians to breach Israeli targets, FireEye says

Suspected Chinese spies masqueraded as Iranian hackers in a two-year campaign to break into government and telecommunication networks in Israel, security firm FireEye said Tuesday. The alleged Chinese intruders used a hacking tool previously associated with Iranian operatives, and embedded some of their malicious code with Farsi, the predominant language in Iran. READ MORE...

Adobe fixes critical preauth vulnerabilities in Magento

Adobe has released a large Patch Tuesday security update that fixes critical vulnerabilities in Magento and important bugs in Adobe Connect. In total, Adobe fixed 29 vulnerabilities with today's updates. Almost all Critical vulnerabilities could lead to arbitrary code execution, allowing threat actors to execute commands on vulnerable computers. Out of the Adobe security updates released today, Magento has the most fixes, with 26 vulnerabilities. READ MORE...

Nine Critical and High-Severity Vulnerabilities Patched in SAP Products

German enterprise software giant SAP has released 19 new and updated security notes, including for nine new vulnerabilities that have been rated critical or high severity. One of the critical vulnerabilities is CVE-2021-33698, an unrestricted file upload issue affecting SAP Business One. According to Onapsis, a company that specializes in protecting business-critical applications, the flaw can be exploited by an attacker to upload script files, which suggests that it can be exploited for arbitrary code execution. READ MORE...

Ransomware turncoat leaks Conti data, lifts the lid on the ransomware business

Last week, The Record broke the news that a self-described "pen tester" for the infamous Conti ransomware gang, who goes by the handle m1Geelka, had leaked manuals, technical guides, and software on the underground forum XSS. According to the screenshot of m1Geelka's original forum post-and screenshots of later ones from several security researchers being passed around on Twitter-their problem seems to be (surprise, surprise) money: Conti isn't paying "hard workers" enough of what it extorts. READ MORE...

Chaos Malware Walks Line Between Ransomware and Wiper

An under-construction malware called Chaos has been spotted, which is being advertised on an underground forum as being available for testing. While it calls itself ransomware, an analysis revealed that it's actually more of a wiper. According to Trend Micro researcher Monte de Jesus, Chaos has been around since June, and has already cycled through four different versions, with the last one being released on August 5. READ MORE...

  • ...in 1929, Babe Ruth becomes the first baseball player to hit 500 home runs, at League Park in Cleveland, OH.
  • ...in 1942, film actress and inventor Hedy Lamarr receives a patent for a frequency-switching communication system. It later becomes the basis for cellular and Wi-Fi technology.
  • ...in 1950, computer scientist, programmer, and Apple Computer cofounder Steve Wozniak is born in San Jose, CA.
  • ...in 1952, guitarist Robert "Bob 1" Mothersbaugh of new wave band Devo is born in Akron, OH.