IT Security Newsletter

IT Security Newsletter - 4/28/2021

Written by Cadre | Wed, Apr 28, 2021

Cyberspies target military organizations with new Nebulae backdoor

A Chinese-speaking threat actor has deployed a new backdoor in multiple cyber-espionage operations spanning roughly two years and targeting military organizations from Southeast Asia. For at least a decade, the hacking group known as Naikon has actively spied on organizations in countries around the South China Sea, including the Philippines, Malaysia, Indonesia, Singapore, and Thailand, for at least a decade, since 2010. READ MORE...

Ransomware demands up by 43% so far in 2021, Coveware says

Ransomware hacking groups are getting greedier. The average demand for a digital extortion payment shot up in the first quarter of this year to $220,298, up 43% from the previous quarter, according to a quarterly report from Coveware, a ransomware response firm. The median payment, too, jumped up 58% from from $49,450 to $78,398. The majority of ransomware attacks in the first quarter also involved theft of corporate data, a continuation of a trend of ransomware actors increasingly relying on exfiltration and extortion demands. READ MORE...

Microsoft Edge to add automatic HTTPS option for all domains

Microsoft Edge will automatically redirect users to a secure HTTPS connection when visiting websites using the HTTP protocol, starting with version 92, coming in late July. By default, this new option will allow Edge users to switch from HTTP to HTTPS on websites that are likely to support the more secure protocol. However, users will also be able to configure the browser to upgrade all connections to HTTPS as the default internet communication protocol for all domains. READ MORE...

FBI shares 4 million email addresses used by Emotet with Have I Been Pwned

Millions of email addresses collected by Emotet botnet for malware distribution campaigns have been shared by the Federal Bureau of Investigation (FBI) as part of the agency's effort to clean infected computers. Individuals and domain owners can now learn if Emotet impacted their accounts by searching the database with email addresses stolen by the malware. Earlier this year, law enforcement took control of Emotet botnet's infrastructure that involved several hundreds of servers all over the world. READ MORE...

Cable-chewing beavers take out town's Internet in "uniquely Canadian" outage

About 900 Internet users in Tumbler Ridge, British Columbia, lost service for 36 hours when beavers chewed through an underground fiber cable in what network operator Telus called a "very bizarre and uniquely Canadian turn of events." The beavers apparently used some of the Telus materials to build their dam. Internet service went down at about 4 am Saturday and was restored by Telus at around 3:30 pm on Sunday. READ MORE...

Vulnerabilities in Eaton Product Can Allow Hackers to Disrupt Power Supply

Power management solutions provider Eaton has released patches for its Intelligent Power Manager (IPM) software to address several potentially serious vulnerabilities, including ones that researchers say could allow hackers to disrupt power supply. Eaton's IPM solution is designed to ensure system uptime and data integrity by allowing organizations to remotely monitor, manage and control the uninterruptible power supply (UPS) devices on their network. READ MORE...

Abusing Replication: Stealing AD FS Secrets Over the Network

Organizations are increasingly adopting cloud-based services such as Microsoft 365 to host applications and data. Sophisticated threat actors are catching on and Mandiant has observed an increased focus on long-term persistent access to Microsoft 365 as one of their primary objectives. In this blog post we will show how a threat actor, with the right privilege, can extract the encrypted Token Signing Certificate from anywhere on the internal network. READ MORE...

Linux Kernel Bug Opens Door to Wider Cyberattacks

An information-disclosure security vulnerability has been discovered in the Linux kernel, which can be exploited to expose information in the kernel stack memory of vulnerable devices. Specifically, the bug (CVE-2020-28588) exists in the /proc/pid/syscall functionality of 32-bit ARM devices running Linux, according to Cisco Talos, which discovered the vulnerability. It arises from an improper conversion of numeric values when reading the file. READ MORE...

  • ...in 1948, fantasy author Terry Pratchett, best known for his "Discworld" series of novels, is born in Buckinghamshire, England.
  • ...in 1973, Pink Floyd's "The Dark Side of the Moon" goes to #1 on the US Billboard chart. It stays on the album charts for the next 741 weeks.
  • ...in 1986, the US Navy vessel USS Enterprise becomes the first nuclear-powered aircraft carrier to travel the Suez Canal.
  • ...in 2001, millionaire Dennis Tito becomes the world's first space tourist, paying $20M to join the Russian Soyuz TM-32 mission.