IT Security Newsletter

IT Security Newsletter - 5/18/2022

Written by Cadre | Wed, May 18, 2022

U.S. warns of North Korean hackers posing as IT freelancers

Companies and other organizations should be careful when employing IT freelancers, lest they end up hiring North Korean hackers. The advice comes from the U.S. Department of State, the U.S. Department of the Treasury, and the Federal Bureau of Investigation, who warned that "there are reputational risks and the potential for legal consequences [...] for individuals and entities engaged in or supporting DPRK IT worker-related activity and processing related financial transactions." READ MORE...

FBI: E-Tailers, Beware Web Injections for Scraping Credit-Card Data, Backdoors

Cyberattackers are targeting US online businesses by injecting malicious PHP code into e-commerce checkout pages and exfiltrating scraped data to a command-and-control (C2) server spoofed to look like a legitimate credit-card processor. That's according to a flash alert from the FBI issued this week, which detailed one attack in particular that began in September 2020. READ MORE...

NVIDIA fixes ten vulnerabilities in Windows GPU display drivers

NVIDIA has released a security update for a wide range of graphics card models, addressing four high-severity and six medium-severity vulnerabilities in its GPU drivers. The security update fixes vulnerabilities that can lead to denial of service, information disclosure, elevation of privileges, code execution, etc. The updates have been made available for Tesla, RTX/Quadro, NVS, Studio, and GeForce software products, covering driver branches R450, R470, and R510. READ MORE...

Costa Rican president claims collaborators are aiding Conti's ransomware extortion efforts

Collaborators within Costa Rica are helping the notorious Conti ransomware group extort the country's government, the country's president said during a Monday press conference, backing up claims the group made on its website the same day. The president, Rodrigo Chaves, cited "national security" when declining to share details of who the alleged collaborators are, or how they are operating, according to an account of the press conference from La NaciĆ³n. READ MORE...

Critical VMware Bug Exploits Continue, as Botnet Operators Jump In

Recently uncovered VMware vulnerabilities continue to anchor an ongoing wave of cyberattacks bent on dropping various payloads. In the latest spate of activity, nefarious types are going in with the ultimate goal of infecting targets with various botnets or establishing a backdoor via Log4Shell. That's according to Barracuda researchers, who found that attackers are particularly probing for the critical vulnerability tracked as CVE-2022-22954 in droves. READ MORE...

Sysrv botnet is out to mine Monero on your Windows and Linux servers

In a Twitter thread, the Microsoft Security Intelligence team have revealed new information about the latest versions of the Sysrv botnet. The variant they focused on uses a range of known exploits for vulnerabilities in web apps and databases to install cryptocurrency miners on both Windows and Linux systems. The Sysrv botnet first received attention at the end of 2020 because at the time it was one of the rare malware binaries written in Golang (aka GO). READ MORE...

When Your Smart ID Card Reader Comes With Malware

Millions of U.S. government employees and contractors have been issued a secure smart ID card that enables physical access to buildings and controlled spaces, and provides access to government computer networks and systems at the cardholder's appropriate security level. But many government employees aren't issued an approved card reader device that lets them use these cards at home or remotely, and so turn to low-cost readers they find online. What could go wrong? Here's one example. READ MORE...

Gmail-linked Facebook accounts vulnerable to attack using a chain of bugs-now fixed

A security researcher has disclosed how he chained together multiple bugs in order to take over Facebook accounts that were linked to a Gmail account. Youssef Sammouda states it was possible to target all Facebook users but that it was more complicated to develop an exploit, and using Gmail was actually enough to demonstrate the impact of his discoveries. Linked accounts were invented to make logging in easier. You can use one account to log in to other apps, sites and services. READ MORE...

Over 380,000 Kubernetes API Servers Exposed to Internet: Shadowserver

The Shadowserver Foundation has started scanning the internet for Kubernetes API servers and found roughly 380,000 that allow some form of access. ShadowServer is conducting daily scans of the IPv4 space on ports 443 and 6443, looking for IP addresses that respond with an HTTP 200 OK status, which indicates that the request has succeeded. Of the more than 450,000 Kubernetes API instances identified by Shadowserver, 381,645 responded with "200 OK". READ MORE...

  • ...in 1950, composer/visual artist Mark Mothersbaugh, best known as lead singer for the new wave band Devo, is born in Akron, OH.
  • ...in 1955, actor and international action star Chow Yun-fat ("Hard Boiled", "Crouching Tiger, Hidden Dragon") is born in Hong Kong.
  • ...in 1969, the Apollo 10 mission is launched, a final test run of orbit and landing systems before the historic Apollo 11 landing two months later.
  • ...in 1991, chemist Helen Sharman becomes the first Briton to orbit space on the Soyuz TM-12 mission.