<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 8/25/2021

SHARE

Breaches

38 million records exposed online-including contact-tracing info

More than a thousand web apps mistakenly exposed 38 million records on the open Internet, including data from a number of COVID-19 contact-tracing platforms, vaccination sign-ups, job application portals, and employee databases. The data included a range of sensitive information, from people's phone numbers and home addresses to Social Security numbers and COVID-19 vaccination status. READ MORE...

Hacking

Cyber-thieves Scam New Hampshire Town Out of $2.3m

A New Hampshire town is reeling from the "very shocking" cybercrime that claimed more than 14% of its annual budget. Peterborough is a 7,000-person town with a budget for the fiscal year of just over $15.8m. Cyber-thieves conned the town out of $2.3m through two business email compromise (BEC) scams. First the criminals used forged documents and compromised email accounts to pose as staff at the local school district. READ MORE...


FBI Issues Ransomware Group Flash Alert

The Federal Bureau of Investigation's Cyber Division has issued a flash warning over an organized cyber-criminal gang calling itself OnePercent Group. In a TLP: WHITE alert published Monday, the FBI said the group has been targeting companies in the United States since November 2020. OnePercent's modus operandi is to use the threat emulation software Cobalt Strike to perpetuate ransomware attacks. The infection process begins in the victim's inbox. READ MORE...


California Man Hacked iCloud Accounts to Steal Photos

A California man impersonated an Apple customer support technician in a socially engineered email campaign that stole people's iCloud passwords to break into accounts and collected upwards of 620,000 private photos and videos. Hao Kuo Chi, 40, of La Puente, has agreed to plead guilty to four felonies, including conspiracy to gain unauthorized access to a computer, in a scam that ultimately aimed to steal and share images of young women, according to court records and a report by the Los Angeles Times. READ MORE...

Malware

The SideWalk may be as dangerous as the CROSSWALK

ESET researchers have recently discovered a new undocumented modular backdoor, SideWalk, being used by an APT group we've named SparklingGoblin, this backdoor was used during one of SparklingGoblin's recent campaigns that targeted a computer retail company based in the USA. This backdoor shares multiple similarities with another backdoor used by the group: CROSSWALK. READ MORE...

Information Security

Samsung can remotely disable their TVs worldwide using TV Block

Samsung says that it can disable any of its Samsung TV sets remotely using TV Block, a feature built into all television products sold worldwide. This was revealed by the company South Korean multinational in a press release issued earlier this month in response to the July South African riots that led to large-scale looting, which also impacted Samsung warehouses and stores. READ MORE...


Poly Network Recoups $610M Stolen from DeFi Platform

A threat actor called "Mr. White Hat" has returned the $610 million they stole from the decentralized finance platform Poly Network. The breached company did everything from threaten to sic law enforcement on the attacker on up to its ultimate offer: the position of chief security officer in exchange for getting its money back. Instead of falling victim to the largest DeFi heist in history, all it wound up costing Poly Networks was a bit of embarrassment. READ MORE...

Exploits/Vulnerabilities

OpenSSL Vulnerability Can Be Exploited to Change Application Data

The OpenSSL Project on Tuesday announced the availability of OpenSSL 1.1.1l, which patches a high-severity vulnerability that could allow an attacker to change an application's behavior or cause the app to crash. The flaw, tracked as CVE-2021-3711, has been described as a buffer overflow related to SM2 decryption. The OpenSSL Project's Matt Caswell told SecurityWeek that the changes an attacker could make depend on the targeted application. READ MORE...

On This Date

  • ...in 1910, Walden W. Shaw and John D. Hertz forms the Walden W. Shaw Livery Company, which will later become the Yellow Cab Company.
  • ...in 1944, after more than four years of Nazi occupation, Paris is liberated by the U.S. 4th Infantry Division.
  • ...in 1985, New York Mets pitcher Dwight Gooden becomes the youngest 20-game winner in Major League Baseball history.
  • ...in 1989, NASA scientists receive stunning photographs of Neptune and its moons from Voyager 2.