IT Security Newsletter

IT Security Newsletter - 2/3/2022

Written by Cadre | Thu, Feb 3, 2022

FBI says more cyber attacks come from China than everywhere else combined

US Federal Bureau of Investigation director Christopher Wray has named China as the source of more cyber-attacks on the USA than all other nations combined. In a Monday speech titled Countering Threats Posed by the Chinese Government Inside the US, Wray said the FBI is probing over 2,000 investigations of incidents assessed as attempts by China's government "to steal our information and technology." READ MORE...

Wormhole cryptocurrency platform hacked to steal $326 million

Hackers have exploited a vulnerability in the Wormhole cross-chain crypto platform to steal $326 million in cryptocurrency. Wormhole is a platform that allows users to transfer cryptocurrency across different blockchains. It does this by locking the original token in a smart contract and then minting a wrapped version of the stored token that can be transferred to another blockchain. READ MORE...

Financially Motivated Hackers Use Leaked Conti Ransomware Techniques in Attacks

A series of financially motivated attacks are employing techniques observed in Conti ransomware playbooks that were leaked online in August 2021, Mandiant reports. The attacks employ a multi-stage infection chain that starts with search engine optimization (SEO) poisoning and ends with the deployment of backdoors for stealthy access and information theft. READ MORE...

Windows 10 optional updates fix performance problems introduced last month

Optional updates for Windows 10 and Windows 11 released in January have fixed performance problems when playing games, using the operating system, or even opening folders in File Explorer. With the January 2022 updates, Microsoft introduced numerous bugs breaking LT2P VPN connections, causing domain controller reboots, and preventing Hyper-V from working. READ MORE...

Cisco plugs critical flaws in small business routers

Cisco has patched 14 vulnerabilities affecting some of its Small Business RV Series routers, the worst of which may allow attackers to achieve unauthenticated remote code execution or execute arbitrary commands on the underlying Linux operating system. "The Cisco PSIRT is aware that proof-of-concept exploit code is available for several of the vulnerabilities that are described in this advisory," the company said in the accompanying security advisory. READ MORE...

Mac malware spreading for ~14 months installs backdoor on infected systems

Mac malware known as UpdateAgent has been spreading for more than a year, and it is growing increasingly malevolent as its developers add new bells and whistles. The additions include the pushing of an aggressive second-stage adware payload that installs a persistent backdoor on infected Macs. The UpdateAgent malware family began circulating no later than November or December 2020 as a relatively basic information-stealer. READ MORE...

Who Wrote the ALPHV/BlackCat Ransomware Strain?

In December 2021, researchers discovered a new ransomware-as-a-service named ALPHV (a.k.a. "BlackCat"), considered to be the first professional cybercrime group to create and use a ransomware strain written in the Rust programming language. In this post, we'll explore some of the clues left behind by a developer who was reputedly hired to code the ransomware variant. READ MORE...

Olympic Athletes Advised by FBI to Bring 'Burner' Phones to Beijing

The FBI Monday reportedly issued an advisory for US Olympics and Paralympics athletes traveling to Beijing not to bring personal mobile phones to the events but rather temporary devices to protect their privacy and security from the potential for infection or attacks. Among the FBI's concerns is China's required health-tracking app for athletes to prevent the spread of COVID-19, which along with other mobile or online apps could expose athlete's data and information while they are at the event. READ MORE...

PowerPoint Files Abused to Take Over Computers

Attackers are using an under-the-radar PowerPoint file to hide malicious executables that can rewrite Windows registry settings to take over an end user's computer, researchers have found. It's one of a number of stealthy ways threat actors recently have been targeting desktop users through trusted applications they use daily, using emails that are designed to evade security detections and appear legitimate. READ MORE...

  • ...in 1690, The first paper money in America is issued in the Massachusetts Bay Colony.
  • ...in 1966, the Soviet Union accomplishes the first controlled landing on the moon with the unmanned Lunik 9 spacecraft.
  • ...in 1970, English actor Warwick Davis, who played Wicket the Ewok in "Return of the Jedi" and the title character in "Willow", is born in Surrey, England.
  • ...in 1995, astronaut Eileen Collins becomes the first woman to pilot the Space Shuttle during mission STS-63.