IT Security Newsletter - 9/28/2021
Crypto Developer Pleads Guilty to North Korean Plot
A former Ethereum developer has pleaded guilty to helping North Korea escape US sanctions by providing technical advice on cryptocurrency. Singapore resident and US citizen Virgil Griffith, 38, conspired to violate the International Emergency Economic Powers Act (IEEPA) on one count, which carries a maximum term of 20 years in prison. According to the Department of Justice (DoJ), he began developing and funding cryptocurrency infrastructure in the hermit nation as far back as 2018. READ MORE...
California Hospital Sued Over Data Breach
An academic health-care system in California is facing legal action over a data breach that potentially exposed the information of nearly half a million patients, employees, and students. UC San Diego Health disclosed a security incident in July via a public notice. The notice indicated that unauthorized access to "some employee email accounts" had taken place from December 2, 2020, to April 8, 2021. READ MORE...
3.8 Billion Users' Combined Clubhouse, Facebook Data Up for Sale
On its own, the database of 3.8 billion phone numbers leaked from social-media platform Clubhouse didn't have much value on the underground market. In fact, they were eventually dumped in a hacker forum for free. But an enterprising threat actor has reportedly combined those phone numbers with 533 million Facebook profiles leaked last April and is selling that enhanced trove of personal identifiable information (PII) to the highest bidder on the underground market. READ MORE...
Trend Micro Patches Critical Vulnerability in Server Protection Solution
Trend Micro has released patches for a critical authentication bypass vulnerability in Trend Micro ServerProtect. Tracked as CVE-2021-36745 and featuring a CVSS score of 9.8, the security hole could be exploited by remote attackers to completely bypass authentication on a vulnerable system. The enterprise-grade real-time malware detection solution provides virus, spyware and rootkit protection for servers, while also automating security operations. READ MORE...
Google releases emergency fix to plug zero-day hole in Chrome
Google has released an emergency update for its Chrome web browser to fix a zero-day vulnerability that is known to be actively exploited in the wild by malicious actors. The security loophole affects the Windows, macOS, and Linux versions of the popular browser. "Google is aware that an exploit for CVE-2021-37973 exists in the wild," Google revealed about the newly disclosed zero-day vulnerability. The bug classified as high in severity is a use-after-free flaw in Google's webpage navigation component. READ MORE...
Microsoft: Nobelium uses custom malware to backdoor Windows domains
Microsoft has discovered new malware used by the Nobelium hacking group to deploy additional payloads and steal sensitive info from Active Directory Federation Services (AD FS) servers. Nobelium, the threat actor behind last year's SolarWinds supply-chain attack that led to the compromise of several US federal agencies, is the hacking division of the Russian Foreign Intelligence Service (SVR), commonly known as APT29, The Dukes, or Cozy Bear. READ MORE...
New malware steals Steam, Epic Games Store, and EA Origin accounts
A new malware sold on dark web forums is being used by threat actors to steal accounts for multiple gaming platforms, including Steam, Epic Games Store, and EA Origin. Kaspersky security researchers who spotted the new trojan in March dubbed it BloodyStealer and found that it's capable of collecting and stealing a wide range of sensitive information, including cookies, passwords, bank cards, as well as sessions from various applications. READ MORE...
- ...in 1867, the US takes control of Midway Island.
- ...in 1924, a team of US Army aviators completes the first ever aerial circumnavigation of the world, covering 27,553 miles in 175 days.
- ...in 1959, Explorer VI, the U.S. satellite, takes the first video pictures of Earth.
- ...in 2008, SpaceX launches the first private spacecraft, Falcon 1.