IT Security Newsletter

IT Security Newsletter - 8/2/2021

Written by Cadre | Mon, Aug 2, 2021

DOJ: SolarWinds hackers breached emails from 27 US Attorneys' offices

The US Department of Justice says that the Microsoft Office 365 email accounts of employees at 27 US Attorneys' offices were breached by the Russian Foreign Intelligence Service (SVR) during the SolarWinds global hacking spree. "The APT is believed to have access to compromised accounts from approximately May 7 to December 27, 2020." the DOJ said in a statement issued earlier today. The compromised data included all sent, received, and stored emails and attachments found within those accounts during that time. READ MORE...

Novel Meteor Wiper Used in Attack that Crippled Iranian Train System

An attack earlier this month on Iran's train system, which disrupted rail service and taunted Iran's leadership via hacked public transit display screens, used a never-before-seen wiper malware called Meteor that appears to have been design for reuse, a security researcher has found. The initial attack, dubbed MeteorExpress, occurred July 9, when "a wiper attack paralyzed the Iranian train system," according to a report by Juan Andres Guerrero-Saade at Sentinel Systems. READ MORE...

Ransomware via a call center? BazaCall means no email attachment or link required for infection

Unsuspecting users of Office 365 are being tricked by a cybercriminal gang into calling a bogus call centre, with the eventual intention of installing ransomware onto their computers. Microsoft has warned that fraudulent emails are being sent out, attempting to trick users into calling a phone number operated by a cybercrime group. Examples shared by experts at Microsoft include emails that pose as coming from a photo editing service or recipe website. READ MORE...

NSA Warns Public Networks are Hacker Hotbeds

The U.S. National Security Agency is offering advice to security teams looking for wireless best practices to protect corporate networks and personal devices. The recommendations, while pedestrian in scope, do offer system administrators a solid cheat sheet to share with their work-from-home crowd and mobile workforces. For starters the NSA, in a public service announcement posted on Thursday (PDF), urged security teams to be mindful of the wireless threats employees face when using Wi-Fi networks. READ MORE...

CISA launches US federal vulnerability disclosure platform

Bug hunters who want to help the US federal government secure their online assets can now source all the relevant information from a vulnerability disclosure policy (VDP) platform offered by the Cybersecurity and Infrastructure Security Agency (CISA). Through this crowdsourcing platform, Federal Civilian Executive Branch (FCEB) agencies will now be able to coordinate with the security research community in a streamlined fashion. READ MORE...

Basic flaws put pneumatic tube transport systems in hospitals at risk

Researchers have identified several high-risk vulnerabilities in a popular model of pneumatic tube systems (PTS) that are used by many hospitals to transport sensitive materials including lab specimens, blood products, tests and medications between different departments. The flaws could enable attackers to sabotage or hold the systems hostage, which can potentially have a negative impact on patient care. The vulnerabilities affect the Translogic PTS system made by Swisslog Healthcare. READ MORE...

  • ...in 1776, the Declaration of Independence is signed by every member of the Continental Congress.
  • ...in 1932, physicist Carl Anderson discovers the positron (the antimatter counterpart to the electron) while studying particles in cosmic rays.
  • ...in 1939, physicists Albert Einstein and Leo Szilard send a historic letter to President Franklin D. Roosevelt, urging the U.S. to build an atomic weapon.
  • ...in 2018, Apple Inc. becomes the first company to be valued at over $1 trillion USD.