IT Security Newsletter

IT Security Newsletter - 1/22/2024

Written by Cadre | Mon, Jan 22, 2024

US Agencies Issue Cybersecurity Guide in Response to Cybercriminals Targeting Water Systems

US federal agencies have teamed up to release a cybersecurity best practice guidance for the water and wastewater sector (WWS). The Cybersecurity and Infrastructure Security Agency (CISA), United States Environmental Protection Agency (EPA), and Federal Bureau of Investigation (FBI) have published the guide in an attempt to promote cybersecurity resilience and improve incident response in the WWS sector. READ MORE...

Russian foreign intelligence hackers gain access to top Microsoft officials, company says

Hackers working on behalf of Russia's foreign intelligence service successfully penetrated a limited number of Microsoft corporate email accounts, stealing some emails and attached documents, the company announced Friday. Microsoft detected the attack from a hacking unit tied to Russia's External Intelligence Service (SVR) on Jan. 12 "and immediately activated our response process to investigate, disrupt malicious activity, mitigate the attack, and deny the threat actor further access," the company said. READ MORE...

Trezor support site breach exposes personal data of 66,000 customers

Trezor issued a security alert after identifying a data breach that occurred on January 17 due to unauthorized access to their third-party support ticketing portal. The popular hardware cryptocurrency wallet vendor says that the investigation on the incident is ongoing but it found no evidence so far that users' digital assets were compromised in the incident. "We want to stress that none of our users' funds have been compromised through this incident," reads the announcement. READ MORE...

Subway's data torpedoed by LockBit, ransomware gang claims

The LockBit ransomware gang is claiming an attack on submarine sandwich slinger Subway, alleging it has made off with a platter of data. LockBit's post to its leak blog, published on January 21, suggests one of its affiliates breached Subway's database, stealing sensitive data on "all financial aspects" of the fast food franchise. "The biggest sandwich chain is pretending that nothing happened," the criminals said, highlighting the silence from the company's official channels. READ MORE...

Ransomware Actor Uses TeamViewer to Gain Initial Access to Networks

TeamViewer is software that organizations have long used to enable remote support, collaboration, and access to endpoint devices. Like other legitimate remote access technologies, it is also something that attackers have used with relative frequency to gain initial access on target systems. Two attempted ransomware deployment incidents that researchers at Huntress recently observed are the latest case in point. READ MORE...

Tietoevry ransomware attack halts Swedish organizations

Finnish IT software and service company Tietoevry has suffered a ransomware attack that affected several customers of one of its datacenters in Sweden. The ransomware attack took place during the night of January 19-20. "The attack was limited to one part of one of our Swedish datacenters, impacting Tietoevry's services to some of our customers in Sweden," the company noted. "Tietoevry immediately isolated the affected platform, and the ransomware attack has not affected other parts of the [company]." READ MORE...

Fujitsu bugs that sent innocent people to prison were known "from the start"

Fujitsu software bugs that helped send innocent postal employees to prison in the UK were known "right from the very start of deployment," a Fujitsu executive told a public inquiry today. "All the bugs and errors have been known at one level or not, for many, many years. Right from the very start of deployment of the system, there were bugs and errors and defects, which were well-known to all parties," said Paul Patterson, co-CEO of Fujitsu's European division. READ MORE...

Ivanti Connect Secure exploitation accelerates as Moody's calls impact credit negative

Exploitation of two chained vulnerabilities in Ivanti Connect Secure VPN is accelerating as more than 2,100 systems have been compromised by the Giftedvisitor webshell, according to a blog post released Thursday by Volexity. The suspected state-linked threat actor, which Volexity tracks as UTA0178, was observed manipulated the Integrity Checker Tool from Ivanti to make it appear there were no new or mismatched files, according to Volexity. READ MORE...

Chinese Spies Exploited VMware vCenter Server Vulnerability Since 2021

Evidence suggests that a Chinese cyberespionage group had been exploiting a recent VMware vCenter Server vulnerability as a zero-day since 2021, Mandiant reports. The flaw, tracked as CVE-2023-34048 (CVSS score of 9.8), is an out-of-bounds write bug in VMware's implementation of the DCERPC protocol that could allow an attacker with network access to execute arbitrary code remotely. READ MORE...

Hackers start exploiting critical Atlassian Confluence RCE flaw

Security researchers are observing exploitation attempts for the CVE-2023-22527 remote code execution flaw vulnerability that affects outdated versions of Atlassian Confluence servers. Atlassian disclosed the security issue last week and noted that it impacts only Confluence versions released before December 5, 2023, along with some out-of-support releases. The flaw has a critical severity score and allows unauthenticated remote attackers to execute code on vulnerable Confluence endpoints READ MORE...

Inventor of NTP protocol that keeps time on billions of devices dies at age 85

On Thursday, Internet pioneer Vint Cerf announced that Dr. David L. Mills, the inventor of Network Time Protocol (NTP), died peacefully at age 85 on January 17, 2024. The announcement came in a post on the Internet Society mailing list after Cerf was informed of David's death by Mills' daughter, Leigh. Dr. Mills created the Network Time Protocol (NTP) in 1985 to address a crucial challenge in the online world: the synchronization of time across different computer systems and networks. READ MORE...

  • ...in 1931, singer/songwriter and "King of Soul" Sam Cooke is born in Clarksdale, MS.
  • ...in 1940, veteran English actor John Hurt ("The Elephant Man", "Alien", "I, Claudius") is born in Derbyshire.
  • ...in 1953, film director Jim Jarmusch ("Down By Law", "Dead Man") is born in Cuyahoga Falls, OH.
  • ...in 1984, Apple Computer introduces the Macintosh personal computer with a Super Bowl commercial inspired by George Orwell's "1984".