IT Security Newsletter

IT Security Newsletter - 10/13/2022

Written by Cadre | Thu, Oct 13, 2022

Chinese-linked hackers targeted U.S. state legislature, researchers say

A long-running Chinese-linked cyberespionage group targeted a U.S. state legislature's network in July, marking the outfit's first confirmed attack against the U.S. in years, according to analysis published Thursday. The findings from the Symantec Threat Hunter Team point to a group the company refers to as Budworm. Other researchers call the group Bronze Union, APT27, Emissary Panda, Lucky Mouse and Temp.Hippo. READ MORE...

Insurer Medibank hit by targeted cyberattack

Medibank, a private health insurer in Australia with 3.7 million customers, has confirmed today it is the latest business down under to fall victim to a digital break-in. In a brief statement, the company confirmed it had yanked the ahm and international student policy systems offline, "and we are in the process of methodically and safety restarting systems." "The work we have done today continues to show no evidence that customer data has been accessed, however our investigation is ongoing," Medibank added. READ MORE...

Cloudflare mitigated record DDoS attack against Minecraft server

Wynncraft, one of the largest Minecraft servers, was recently hit by a 2.5 Tbps distributed denial-of-service (DDoS) attack. It was a multi-vector attack that lasted for about two minutes and consisted of UDP and TCP floods packets attempting to overwhelm the server and keep out hundreds of thousands of players, DDoS mitigation company Cloudflare says. The researchers say this was the largest bitrate attack they ever recorded and handled. READ MORE...

Prison inmate accused of orchestrating $11M fraud using cell cellphone

A US prisoner has been charged with orchestrating an $11 million scam from his cell using a hidden … cellphone. On June 8, 2020, an individual claiming to be billionaire film producer and philanthropist Sidney Kimmel contacted brokerage Charles Schwab by phone and stated that he had uploaded a wire disbursement form using the service's secure email service. READ MORE...

Aruba fixes critical RCE and auth bypass flaws in EdgeConnect

Aruba has released security updates for the EdgeConnect Enterprise Orchestrator, addressing multiple critical severity vulnerabilities that enable remote attackers to compromise the host. Aruba EdgeConnect Orchestrator is a widely used WAN management solution, offering enterprise users optimization, administration, automation, and real-time visibility and monitoring features. READ MORE...

WhatsApp Users Beware: Dangerous Mobile Trojan Being Distributed via Malicious Mod

Security researchers have detected a threat actor distributing a data-stealing mobile Trojan via a spoofed version of YoWhatsApp, a relatively widely used, modified version of the WhatsApp messaging application. Users who download the app are at risk of having their WhatsApp account details stolen and being signed up for paid subscriptions they did not want or were even aware of. READ MORE...

QBot Malware Infects Over 800 Corporate Users in New, Ongoing Campaign

More than 800 corporate users have been infected in a new QBot malware distribution campaign since September 28, Kaspersky warns. Also known as Qakbot and Pinkslipbot, QBot is an information stealer with backdoor and self-spreading capabilities that has been around since 2009 and which is often used as the initial infection vector in malicious attacks. READ MORE...

New npm timing attack could lead to supply chain attacks

Security researchers have discovered an npm timing attack that reveals the names of private packages so threat actors can release malicious clones publicly to trick developers into using them instead. The attack relies on a small time difference in the return of a "404 Not Found" error when searching for a private compared to a non-existent package in the repository. While the response time difference is only a few hundred milliseconds, it is enough to determine whether a private package exists. READ MORE...

Android Leaks Wi-Fi Traffic Even When VPN Protection Features Are On

Android devices are leaking certain traffic when a mobile device is connected to a Wi-Fi network, even when features aimed to protect data being sent over the public Internet by using virtual private networks (VPNs) are enabled. The issue could poke a hole in a user's ability to remain anonymous when using a VPN to encrypt data being sent from an Android device over a public Wi-Fi network, allowing a would-be attacker to monitor a user's traffic and even pinpoint someone's location, researchers noted. READ MORE...

  • ...in 1775, The Continental Congress authorizes construction of two warships, thus instituting an American naval force.
  • ...in 1941, singer-songwriter Paul Simon ("50 Ways to Leave Your Lover", "Bridge Over Troubled Water") is born in Newark, NJ.
  • ...in 1958, Michael Bond's children's book "A Bear Called Paddington" is first published, introducing the classic title character.
  • ...in 2010, all 33 Chilean miners trapped by a cave-in are rescued, after spending more than 69 days underground.