<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 8/18/2021

SHARE

Top News

T-Mobile says hackers stole records belonging to 48.6 million individuals

T-Mobile has confirmed that attackers who recently breached its servers stole files containing the personal information of tens of millions of individuals. The massive breach impacts roughly 7.8 million T-Mobile postpaid customers, 850,000 T-Mobile prepaid users, and approximately 40 million former or prospective ones. Adding it all up, the attackers stole records belonging to 48.6 million individuals, including current, former, or prospective T-Mobile customers. READ MORE...

Breaches

Indiana Contact Tracing Data Breached

Hundreds of thousands of Indiana residents are being notified of a data breach involving responses collected via the Hoosier State's COVID-19 online contact tracing survey. A software misconfiguration that left information exposed to the public was discovered by an unnamed vulnerability-hunting company. The company informed state officials of the breach on July 2 after they were able to access and download the data. READ MORE...

Hacking

Govt hackers impersonate HR employees to hit Israeli targets

Hackers associated with the Iranian government have focused attack efforts on IT and communication companies in Israel, likely in an attempt to pivot to their real targets. The campaigns have been attributed to the Iranian APT group known as Lyceum, Hexane, and Siamesekitten, running espionage campaigns since at least 2018. In multiple attacks detected in May and July, the hackers combined social engineering techniques with an updated malware variant that would ultimately give them remote access to the infected machine. READ MORE...


Analysts "strongly believe" the Russian state colludes with ransomware gangs

"We have the smoke, the smell of gunpowder and a bullet casing. But we do not have the gun to link the activity to the Kremlin." This is what Jon DiMaggio, Chief Security Stretegist for Analyst1, said in an interview with CBS News following the release of its latest whitepaper, entitled "Nation State Ransomware". The whitepaper is Analyst1's attempt to identify the depth of human relationships between the Russian government and the ransomware threat groups based in Russia. READ MORE...

Software Updates

Adobe Plugs Critical Photoshop Security Flaws

Adobe has issued a warning for a pair of major security vulnerabilities affecting its popular Photoshop image manipulation software. The flaws, rated critical, expose both Windows and MacOS users to code execution attacks, Adobe said in an advisory released Tuesday. The updates, available for Photoshop 2020 and Photoshop 2021, are being pushed via the software's automatic updating mechanism. READ MORE...

Malware

Brazilian government discloses National Treasury ransomware attack

The Brazilian Ministry of Economy has disclosed a ransomware attack that hit some of National Treasury's computing systems on Friday night, right before the start of the weekend. "On Friday night (13) a ransomware attack on the internal network of the National Treasury Secretariat was identified," the Brazilian government revealed on Saturday evening. The threat was contained after the attack was detected, and the Federal Police was contacted immediately after the containment measures were applied. READ MORE...

Information Security

Suspected Russian operatives tried to stir far-right outrage about COVID-19 on 4chan

Operators of an apparent Russian propaganda campaign shared coronavirus disinformation in an effort to influence the American far-right, according to a report out Tuesday by cybersecurity firm Recorded Future. The findings are included in a new report shedding light on a long-running Russian propaganda campaign known as Operation Secondary Infektion. The years-long campaign has used regional European websites, forged documents and throwaway accounts to further Russia's political agenda in Europe. READ MORE...

Exploits/Vulnerabilities

Critical Bug Could Allow Remote Snooping Via Millions of Devices

Security researchers have found yet another critical IoT supply chain vulnerability affecting millions of devices, which could enable attackers to eavesdrop on real-time camera feeds. Mandiant revealed the CVE-2021-28372 bug yesterday after reporting it to the Cybersecurity and Infrastructure Security Agency (CISA). It affects devices using the "Kalay" platform from Taiwanese firm ThroughTek, which makes software for OEMs to use in IP cameras, digital video recorders, and more READ MORE...

On This Date

  • ...in 1868, French astronomer Pierre Janssen discovers helium while studying the Sun's spectrum during a solar eclipse.
  • ...in 1956, Elvis Presley's single "Don't Be Cruel" (with B-side "Hound Dog") reaches #1 on the Pop, Country, and R&B charts.
  • ...in 1963, James Meredith becomes the first African-American student to graduate (with a degree in political science) from the previously segregated University of Mississippi.
  • ...in 1982, Pete Rose sets a record with his 13,941st plate appearance.