- 1. Viewing website HTML code is not illegal or “hacking,” prof. tells Missouri gov.
The cybersecurity professor who helped uncover the Missouri government's failure to protect teachers' Social Security numbers has demanded that the state cease its investigation into him and stop making "baseless accusations" that he committed a crime.
Khan hired an attorney to defend himself against the state's accusations. On Thursday last week, Khan's attorney sent a litigation hold and demand letter to Parson and several state agencies. The letter says that Parson and other state officials defamed Khan and violated his First Amendment "right to speak freely without the threat of government retaliation." The letter adds the Show Me State's investigation into Khan "would violate the prohibition on malicious prosecution."
"Professor Khan is likely to prevail on the merits of any case brought against him," the letter said. "No statute in Missouri or on the federal level prohibits members of the general public from viewing publicly available websites or viewing the website's unencrypted source code. No reasonable person would think they were unauthorized to view a publicly available website, its unencrypted source code, or any of the unencrypted translations of that source code. There is no probable cause to investigate Professor Khan, and instigation or continuation of any proceeding against him would therefore be prohibited."
- 2. SolarWinds hackers, Nobelium, once again strike global IT supply chains, Microsoft warns
Microsoft has issued a warning to organizations that the "Nobelium" hacking group behind the SolarWinds attacks has targeted some 140 technology service providers and resellers as part of a global IT supply chain attack.
- 3. Another popular npm package infected with malware
- 4. TodayZoo phishing kit borrows the code from other kits
Researchers say they have discovered a series of credential phishing campaigns in which hackers are leveraging a phishing kit dubbed "TodayZoo" that uses large portions of code lifted from various other phishing kits in order to steal credentials. According to Microsoft, TodayZoo was first identified in December 2020 and includes portions of code such as comment markers, dead links, and other elements found in other, previous phishing kits.
- 5. Groove ransomware calls on all extortion gangs to attack US interests
The Groove ransomware gang is calling on other extortion groups to attack US interests after law enforcement took down REvil's infrastructure last week.
Over the weekend, BleepingComputer reported that the REvil ransomware operation shut down again after an unknown third party hijacked their dark web domains.
- 6. Iran says cyberattack closes gas stations across country
A cyberattack crippled gas stations across Iran on Tuesday, leaving angry motorists stranded in long lines.
No group immediately claimed responsibility for the attack, which rendered useless the government-issued electronic cards that many Iranians use to buy subsidized fuel at the pump.
- 7. Unknown ransomware gang uses SQL injection bug in BillQuick Web Suite to deploy ransomware
An unknown ransomware gang leverages a critical SQL injection flaw in the BillQuick Web Suite time and billing solution to deploy ransomware.
An unknown ransomware gang is exploiting a critical SQL injection flaw, tracked as CVE-2021-42258, in the popular billing software suite BillQuick Web Suite time to deploy ransomware.