IT Security Newsletter

IT Security Newsletter - 4/8/2022

Written by Cadre | Fri, Apr 8, 2022

Microsoft takes down APT28 domains used in attacks against Ukraine

Microsoft has successfully disrupted attacks against Ukrainian targets coordinated by the Russian APT28 hacking group after taking down seven domains used as attack infrastructure. Strontium (also tracked as Fancy Bear or APT28), linked to Russia's military intelligence service GRU, used these domains to target multiple Ukrainian institutions, including media organizations. READ MORE...

Facebook says Ukraine military accounts were hacked to post calls for surrender

Facebook today reported an increase in attacks on accounts run by Ukraine military personnel. In some cases, attackers took over accounts and posted "videos calling on the Army to surrender," but Facebook said it blocked sharing of the videos. Specifically, Facebook owner Meta's Q1 2022 Adversarial Threat Report said it has "seen a further spike in compromise attempts aimed at members of the Ukrainian military by Ghostwriter." READ MORE...

Raspberry Pi removes default user to hinder brute-force attacks

An update to Raspberry Pi OS Bullseye has removed the default 'pi' user to make it harder for attackers to find and compromise Internet-exposed Raspberry Pi devices using default credentials. Starting with this latest release, when installing the OS, you will first be prompted to create an account by choosing a username and password (before this change, the OS installer would only ask for a custom password). READ MORE...

April 2022 Patch Tuesday forecast: Spring is in the air (and vulnerable)

March Patch Tuesday releases followed in the footsteps of February with low numbers of CVEs reported and resolved, and all updates rated as important except one critical update for Microsoft Exchange Server. Could April Patch Tuesday provide the deluge of critical updates we were expecting last month? Microsoft has clearly been busy working on security improvements in multiple arenas. READ MORE...

New malware targets serverless AWS Lambda with cryptominers

Security researchers have discovered the first malware specifically developed to target Amazon Web Services (AWS) Lambda cloud environments with cryptominers. AWS Lambda is a serverless computing platform for running code from hundreds of AWS services and software as a service (SaaS) apps without managing servers. The new malware, dubbed Denonia by Cado Security researchers who spotted it being used in limited attacks, is a Go-based wrapper designed to mine for Monero cryptocurrency. READ MORE...

  • ...in 1820, the Venus de Milo is discovered in ancient Greek ruins on the Aegean island of Milos.
  • ...in 1904, Longacre Square in Manhattan is renamed Times Square, after The New York Times.
  • ...in 1959, computer scientist Grace Hopper and leaders from science and industry discuss the creation of a new programming language, COBOL.
  • ...in 1974, Hank Aaron of the Atlanta Braves hits his 715th career home run, breaking Babe Ruth's record.