IT Security Newsletter

IT Security Newsletter - 11/21/2022

Written by Cadre | Mon, Nov 21, 2022

Security Researchers Looking at Mastodon as Its Popularity Soars

Cybersecurity researchers are increasingly looking at Mastodon now that the decentralized social media platform's popularity has soared, and they have started finding vulnerabilities and other security issues. After Elon Musk acquired Twitter, he made a series of significant changes, including firing staff and modifying features, which have had a negative impact on the platform's security. This has led to a Twitter security chief resigning and the FTC saying that they were deeply concerned. READ MORE...

Atlassian Patches Critical Vulnerabilities in Bitbucket, Crowd

Atlassian informed customers this week that it has patched critical vulnerabilities in its Crowd and Bitbucket products. In the Bitbucket source code repository hosting service, Atlassian fixed CVE-2022-43781, a critical command injection vulnerability that affects Bitbucket Server and Data Center version 7 and, in some cases, version 8. Updates that patch the flaw have been released for both BitBucket 7 and 8. Atlassian Cloud sites are not affected. READ MORE...

New ransomware encrypts files, then steals your Discord account

The new 'AXLocker' ransomware family is not only encrypting victims' files and demanding a ransom payment but also stealing the Discord accounts of infected users. When a user logs into Discord with their credentials, the platform sends back a user authentication token saved on the computer. This token can then be used to log in as the user or to issue API requests that retrieve information about the associated account. READ MORE...

Google seeks to make Cobalt Strike useless to attackers

Google Cloud's intelligence research and applications team has created and released a collection of 165 YARA rules to help defenders flag Cobalt Strike components deployed by attackers. "Our intention is to move the tool back to the domain of legitimate red teams and make it harder for bad guys to abuse," says Greg Sinclair, a security engineer with Google Cloud Threat Intelligence. READ MORE...

Researchers Quietly Cracked Zeppelin Ransomware Keys

Peter is an IT manager for a technology manufacturer that got hit with a Russian ransomware strain called "Zeppelin" in May 2020. He'd been on the job less than six months, and because of the way his predecessor architected things, the company's data backups also were encrypted by Zeppelin. After two weeks of stalling their extortionists, Peter's bosses were ready to capitulate and pay the ransom demand. Then came the unlikely call from an FBI agent. "Don't pay," the agent said. READ MORE...

Cybercriminals strike understaffed organizations on weekends and holidays

More than one-third of respondents said it took their organization longer to assess the scope, stop and recover from a holiday or weekend attack compared to a weekday, according to a Cybereason survey published Wednesday. Larger organizations with more than 2,000 employees were even more likely to experience delays. Organizations would lose more money as a result of a ransomware attack on a weekend or holiday than they were a year ago, according to Cybereason. READ MORE...

New attacks use Windows security bypass zero-day to drop malware

New phishing attacks use a Windows zero-day vulnerability to drop the Qbot malware without displaying Mark of the Web security warnings. When files are downloaded from an untrusted remote location, such as the Internet or an email attachment, Windows add a special attribute to the file called the Mark of the Web. This Mark of the Web (MoTW) is an alternate data stream that contains information about the file, such as the URL security zone the file originates from, its referrer, and its download URL. READ MORE...

PoC Code Published for High-Severity macOS Sandbox Escape Vulnerability

A security researcher has published details and proof-of-concept (PoC) code for a macOS vulnerability that could be exploited to escape a sandbox and execute code within Terminal. Tracked as CVE-2022-26696 (CVSS score of 7.8), the security defect was identified and reported last year. In its advisory, Apple notes that the flaw allowed a sandboxed process to circumvent sandbox restrictions, and that improved environment sanitization resolved the issue. READ MORE...

  • ...in 1877, Thomas Edison announces his invention of the phonograph, the first machine capable of recording and playing back sound.
  • ...in 1898, Surrealist painter Rene Magritte ("The Treachery of Images", "The Son of Man") is born in Lessines, Belgium.
  • ...in 1905, Albert Einstein's physics paper on the relationship between energy and mass (E=mc^2) is first published.
  • ...in 1965, Icelandic singer-songwriter and actress Bjork Gudmundsdottir AKA Bjork ("It's Oh So Quiet", "Army of Me") is born in Reykjavik.