Security News

Colonial Pipeline has started sending out notification letters to inform more than 5000 people that their personal information was compromised in a ransomware attack earlier this year. The attack, which took place in May 2021, involved the Darkside ransomware and resulted in the Georgia-based company temporarily shutting down operations and paying $5 million to the attackers to recover stolen information.

Destructive attacks that targeted Iran's transport ministry and national train system were coordinated by a threat actor dubbed Indra, who previously deployed wiper malware on the networks of multiple Syrian organizations. "The attacks on Iran were found to be tactically and technically similar to previous activity against multiple private companies in Syria which was carried at least since 2019," Check Point Research analysts who made the connection said.

A Rockport, Massachusetts, man has pleaded guilty over his role in a scheme targeting people who had high-value social media accounts or who were believed to have large amounts of cryptocurrency. The man, Declan Harrington, 21, together with co-conspirator Eric Meiggs and others, targeted people who were believed to have significant amounts of cryptocurrency or high-value social media accounts, also referred to as OG accounts, through a method called SIM swapping.

Colonial Pipeline, the largest fuel pipeline in the United States, is sending notification letters to individuals affected by the data breach resulting from the DarkSide ransomware attack that hit its network in May. The company says that it "Recently learned" that DarkSide operators were also able to collect and exfiltrate documents containing personal information of a total of 5,810 individuals during their attack."The affected records contained certain personal information, such as name, contact information, date of birth, government-issued ID, and health-related information," Colonial Pipeline reveals in the data breach notification letters.

Concentric announced that it has extended its AI-based data access governance solution to help organizations protect business-critical data from the waves of ransomware attacks currently afflicting organizations across the globe. Semantic Intelligence from Concentric autonomously and continuously profiles data access and usage activities to help organizations prepare for, detect, and recover from ransomware attacks.

Dubbed the "Glowworm attack," the findings were published by a group of academics from the Ben-Gurion University of the Negev earlier this week, describing the method as "An optical TEMPEST attack that can be used by eavesdroppers to recover sound by analysing optical measurements obtained via an electro-optical sensor directed at the power indicator LED of various devices." While both methods retrieve sound from light via an electro-optical sensor, they are also different in that while the Lamphone attack "Is a side-channel attack that exploits a light bulb's miniscule vibrations, which are the result of sound waves hitting the bulb," Glowworm is a "TEMPEST attack that exploits the way that electrical circuits were designed. It can recover sound from devices like USB hub splitters that do not move in response to the acoustic information played by the speakers."

Dubbed the "Glowworm attack," the findings were published by a group of academics from the Ben-Gurion University of the Negev earlier this week, describing the method as "An optical TEMPEST attack that can be used by eavesdroppers to recover sound by analysing optical measurements obtained via an electro-optical sensor directed at the power indicator LED of various devices." While both methods retrieve sound from light via an electro-optical sensor, they are also different in that while the Lamphone attack "Is a side-channel attack that exploits a light bulb's miniscule vibrations, which are the result of sound waves hitting the bulb," Glowworm is a "TEMPEST attack that exploits the way that electrical circuits were designed. It can recover sound from devices like USB hub splitters that do not move in response to the acoustic information played by the speakers."

The US Financial Industry Regulatory Authority warns US brokerage firms and brokers of an ongoing phishing campaign impersonating FINRA officials and asking them to hand over sensitive information under the threat of penalties. In a notice issued on Friday, the US financial industry regulator said that the phishing messages are being sent from multiple domains impersonating FINRA official sites.

In his Black Hat presentation last week, Devcore principal security researcher Orange Tsai said that a survey shows more than 400,000 Exchange servers on the internet that are exposed to the attack via port 443. Breakdown of Exchange servers on Shodan vulnerable to ProxyShell or ProxyLogon, it's just under 50% of internet facing Exchange servers.

Researchers have described a voltage glitching attack that shows AMD's Secure Encrypted Virtualization technology may not provide proper protection for confidential data in cloud environments. The TU Berlin researchers showed that an attacker who has physical access to the targeted system can gain access to SEV-protected VM memory content by launching a voltage fault injection attack on SP. In order to work as intended, integrated circuits need to operate within specific temperature, clock stability, electromagnetic field, and supply voltage ranges.