IT Security Newsletter

IT Security Newsletter - 11/18/2022

Written by Cadre | Thu, Nov 17, 2022

Iranian hackers use Log4Shell to mine crypto on federal computer system

Hackers with connections to the Iranian government broke into a U.S. government agency's network in early 2022, utilizing a well-known flaw in an open-source software library to install cryptocurrency mining software and compromise credentials, federal cybersecurity officials said Wednesday. By exploiting the Log4Shell vulnerability, the Iranian-backed hackers broke into an an unpatched VMware Horizon server in February. READ MORE...

Disneyland Malware Team: It's a Puny World After All

A financial cybercrime group calling itself the Disneyland Team has been making liberal use of visually confusing phishing domains that spoof popular bank brands using Punycode, an Internet standard that allows web browsers to render domain names with non-Latin alphabets like Cyrillic. The Disneyland Team uses common misspellings for top bank brands in its domains. For example, one domain the gang has used since March 2022 is ushank[.]com - which was created to phish U.S. Bank customers. READ MORE...

F5 fixes two remote code execution flaws in BIG-IP, BIG-IQ

F5 has released hotfixes for its BIG-IP and BIG-IQ products, addressing two high-severity flaws allowing attackers to perform unauthenticated remote code execution (RCE) on vulnerable endpoints. While these flaws require specific criteria to exist, making them very difficult to exploit, F5 warns that it could lead to a complete compromise of the devices. The first flaw is tracked as CVE-2022-41622 (CVSS v3 - 8.8) and is an unauthenticated RCE via cross-site forgery on iControl SOAP. READ MORE...

WASP malware stings Python developers

Malware dubbed WASP is using steganography and polymorphism to evade detection, with its malicious Python packages designed to steal credentials, personal information, and cryptocurrency. Researchers from Phylum and Check Point earlier this month reported seeing new malicious packages on PyPI, a package index for Python developers. Analysts at Checkmarx this week connected the same attacker to both reports and said the operator is still releasing malicious packages. READ MORE...

FBI: Hive ransomware extorted $100M from over 1,300 victims

The Federal Bureau of Investigation (FBI) said today that the notorious Hive ransomware gang has successfully extorted roughly $100 million from over a thousand companies since June 2021. To add insult to injury, the FBI says that the Hive gang will deploy additional ransomware payloads on the networks of victims who refuse to pay the ransom. "As of November 2022, Hive ransomware actors have victimized over 1,300 companies worldwide," the FBI revealed. READ MORE...

Nokia warns 5G security 'breaches are the rule, not the exception'

5G was supposed to make wireless networks more secure, but that's not panning out, according to research conducted by GlobalData and commissioned by Nokia. Nearly three-quarters of the 5G network operators surveyed said they've experienced up to six security breaches or cyberattacks in the past year, according to the report published Tuesday. These breaches resulted in network downtime, customer data leaks, regulatory liabilities, fraud and monetary theft. READ MORE...

Ukraine's 'IT Army' Stops 1,300 Cyberattacks in 8 Months of War

Ukrainian President Volodymyr Zelensky spoke to the G20 Summit's "Digital Transformation" panel this week, offering the benefits of his embattled country's cyber-defense experience to G20-allied countries. Zelensky noted that Ukraine's "IT army," made up of talent pooled from companies across the country, has successfully stopped more than 1,300 Russian cyberattacks over the past eight months of the Russian invasion. READ MORE...

Firefox fixes fullscreen fakery flaw - get the update now!

Firefox's latest once-every-four-weeks security update is out, bringing the popular alternative browser to version 107.0, or Extended Support Release (ESR) 102.5 if you prefer not to get new feature releases every month. Fortunately, there are no zero-day patches this time - all the vulnerabilities on the fix-list were either responsibly disclosed by external researchers, or found by Mozilla's own bug hunting team and tools. READ MORE...

Magento Vulnerability Increasingly Exploited to Hack Online Stores

E-commerce malware and vulnerability detection firm Sansec warns of a surge in cyberattacks targeting CVE-2022-24086, a critical mail template vulnerability affecting Adobe Commerce and Magento stores. Adobe released emergency patches for CVE-2022-24086 (CVSS score of 9.8) in February 2022, warning the owners and administrators of online stores that the security issue was already being exploited in attacks. READ MORE...

  • ...in 1872, Susan B. Anthony and 14 other women are arrested for illegally voting in that year`s US presidential election.
  • ...in 1928, Walt Disney releases "Steamboat Willie", the first animated cartoon with synchronized sound.
  • ...in 1953, comics writer Alan Moore, the creator of "Watchmen" and "V For Vendetta", is born in Northampton, England.
  • ...in 1966, Sandy Koufax, ace pitcher for the Los Angeles Dodgers, retires from baseball. He started as a basketball player for the University of Cincinnati Bearcats.