IT Security Newsletter

IT Security Newsletter - 1/31/2022

Written by Cadre | Mon, Jan 31, 2022

Windows vulnerability with new public exploits lets you become admin

A security researcher has publicly disclosed an exploit for a Windows local privilege elevation vulnerability that allows anyone to gain admin privileges in Windows 10. Using this vulnerability, threat actors with limited access to a compromised device can easily elevate their privileges to help spread laterally within the network, create new administrative users, or perform privileged commands. READ MORE...

More Russian Attacks Against Ukraine Come to Light

The WhisperGate attack is not the only operation believed to have been conducted by Russia-linked threat actors against Ukraine in recent months. Symantec on Monday disclosed the details of an espionage operation that it has tied to a known group. For years, Russian advanced persistent threat (APT) actors have been observed launching various cyberattacks against Ukrainian targets, with some of these groups believed to be part of or under the direct supervision of Moscow's secret service. READ MORE...

Qubit pleads with hacker to return $80 million of stolen funds

Qubit, a decentralized finance (DeFi) platform, has publicly offered $2,000,000 to a hacker who stole $80 million worth of cryptocurrency from it last week. Late on the evening of 27 January, according to an incident report published by Qubit Finance, a hacker exploited a vulnerability to steal over 206,000 Binance coins from the company's QBridge protocol. READ MORE...

Lazarus APT Uses Windows Update to Spew Malware

Lazarus Group is using Windows Update to spray malware in a campaign powered by a GitHub command-and-control (C2) server, researchers have found. On Thursday, the Malwarebytes Threat Intelligence team reported that they discovered the North Korean state advanced persistent threat (APT) group's latest living-off-the-land technique while analyzing a spear-phishing campaign that its researchers discovered 10 days ago, on Jan. 18. READ MORE...

Over 20,000 data center management systems exposed to hackers

Researchers have found over 20,000 instances of publicly exposed data center infrastructure management (DCIM) software that monitor devices, HVAC control systems, and power distribution units, which could be used for a range of catastrophic attacks. Data centers house costly systems that support business storage solutions, operational systems, website hosting, data processing, and more. READ MORE...

277,000 routers exposed to Eternal Silence attacks via UPnP

A malicious campaign known as 'Eternal Silence' is abusing Universal Plug and Play (UPnP) turns your router into a proxy server used to launch malicious attacks while hiding the location of the threat actors. UPnP is a connectivity protocol optionally available in most modern routers that allows other devices on a network to create port forwarding rules on a router automatically. This allows remote devices to access a particular software feature or device as necessary. READ MORE...

  • ...in 1919, Baseball Hall of Fame second baseman Jackie Robinson, the first African American MLB player, is born in Cairo, GA.
  • ...in 1949, the first television daytime soap opera, "These Are My Children", is broadcast by NBC live from Chicago.
  • ...in 1960, comics writer Grant Morrison ("The Invisibles", "All-Star Superman") is born in Glasgow, Scotland.
  • ...in 2010, director James Cameron's "Avatar" becomes the first motion picture to gross over $2 billion worldwide.