IT Security Newsletter

IT Security Newsletter - 4/1/2022

Written by Cadre | Fri, Apr 1, 2022

Two teenagers charged in relation to LAPSUS$ hacking group investigation

City of London Police have charged two teenagers in relation to the ongoing investigation into the LAPSUS$ hacking group. The teenagers, aged 16 and 17, were scheduled to appear at Highbury Corner Magistrates Court in Islington this morning. The pair have been charged with three counts of unauthorised access to a computer with intent to impair the reliability of data, one count of fraud by false representation, and one count of unauthorised access to a computer with intent to hinder access to data. READ MORE...

Sitel on Okta breach: "spreadsheet" did not contain passwords

Okta's outsourced provider of support services, Sitel (Sykes) has shared more information this week in response to the leaked documents that detailed the various incident response tasks carried out by Sitel after the Lapsus$ hack. The documents, leaked by a researcher online, perpetuated the myth that Sitel stored its domain admin passwords extracted from LastPass in an Excel spreadsheet-a claim now dispelled by Sitel. READ MORE...

Google: Russian credential thieves target NATO, Eastern European military

A Russian cybercrime gang has lately sent credential-phishing emails to the military of Eastern European countries and a NATO Center of Excellence, according to a Google threat report this week. The web giant calls the Russia-based group Coldriver, and notes it's also known as Calisto. The cyber-gang used newly created Gmail accounts in its attempts to phish non-Gmail accounts, so Google can't verify the success rate of the campaigns. READ MORE...

Apple Rushes Out Patches for 0-Days in MacOS, iOS

Apple rushed out patches for two zero-days affecting macOS and iOS Thursday, both of which are likely under active exploitation and could allow a threat actor to disrupt or access kernel activity. Apple released separate security updates for the bugs - a vulnerability affecting both macOS and iOS tracked as CVE-2022-22675 and a macOS flaw tracked as CVE-2022-22674. Their discovery was attributed to an anonymous researcher. READ MORE...

Attack on Viasat modems possibly came from wiper malware deployed through supply chain

The malware used Feb. 24 to hobble thousands of modems as an effort to disrupt Ukrainian communications networks might be a wiper delivered via a supply-chain attack, according to threat intelligence researchers with SentinelOne. The findings Thursday - based on an analysis of malware dubbed "AcidRain" the researchers think could have been involved in the Viasat hack - at least partially contradict the statement issued Wednesday by Viasat. READ MORE...

New BlackGuard password-stealing malware sold on hacker forums

A new information-stealing malware named BlackGuard is winning the attention of the cybercrime community, now sold on numerous darknet markets and forums for a lifetime price of $700 or a subscription of $200 per month. The stealer can snatch sensitive information from a broad range of applications, pack everything in a ZIP archive and send it to the C2 of the malware-as-a-service (MaaS) operation. READ MORE...

Researchers used a decommissioned satellite to broadcast hacker TV

Independent researchers and the United States military have become increasingly focused on orbiting satellites' potential security vulnerabilities in recent years. These devices, which are built primarily with durability, reliability, and longevity in mind, were largely never intended to be ultra-secure. But at the ShmooCon security conference in Washington, DC, on Friday, embedded device security researcher Karl Koscher raised questions about a different phase of a satellite's life cycle. READ MORE...

Vulnerabilities in Rockwell Automation PLCs Could Enable Stuxnet-Like Attacks

A security vendor's recent analysis of Rockwell Automation's programmable logic controller (PLC) platform has uncovered two serious vulnerabilities that give attackers a way to modify automation processes and potentially disrupt industrial operations, cause physical damage to factories, or take other malicious actions. Researchers from Claroty Team82 discovered the vulnerabilities and this week described them as being Stuxnet-like in nature because of how they allow attackers to run malicious code. READ MORE...

  • ...in 1920, Japanese actor Toshiro Mifune, who starred in numerous films directed by Akira Kurosawa ("Seven Samurai", "Yojimbo"), is born in Qingdao, China.
  • ...in 1929, The yo-yo is introduced in the United States by Louis Marx.
  • ...in 1976, Apple Inc. is formed by Steve Jobs, Steve Wozniak, and Ronald Wayne in Cupertino, CA.
  • ...in 1982, The United States transfers control of the Panama Canal Zone to Panama.