IT Security Newsletter

IT Security Newsletter - 6/29/2022

Written by Cadre | Wed, Jun 29, 2022

A wide range of routers are under attack by new, unusually sophisticated malware

An unusually advanced hacking group has spent almost two years infecting a wide range of routers in North America and Europe with malware that takes full control of connected devices running Windows, macOS, and Linux, researchers reported on Tuesday. So far, researchers from Lumen Technologies' Black Lotus Labs say they've identified at least 80 targets infected by the stealthy malware, infecting routers made by Cisco, Netgear, Asus, and DayTek. READ MORE...

AMD targeted by RansomHouse, attackers claim to have '450Gb' in stolen data

If claims hold true, AMD has been targeted by the extortion group RansomHouse, which says it is sitting on a trove of data stolen from the processor designer following an alleged security breach earlier this year. RansomHouse says it obtained the files from an intrusion into AMD's network on January 5, 2022, and that this isn't material from a previous leak of its intellectual property. READ MORE...

Malicious Messenger chatbots used to steal Facebook accounts

A new phishing attack is using Facebook Messenger chatbots to impersonate the company's support team and steal credentials used to manage Facebook pages. Chatbots are programs that impersonate live support people and are commonly used to provide answers to simple questions or triage customer support cases before they are handed off to a live employee. In a new campaign discovered by Trustwave, threat actors use chatbots to steal credentials for managers of Facebook pages. READ MORE...

Chinese influence operation aimed to protect Beijing's stake in rare earth mining, research finds

A Chinese influence operation unsuccessfully tried to mobilize U.S. protests against an Australian rare earths mining company planning an expansion in Texas in an effort to defend Beijing's dominance in the market, researchers with cybersecurity firm Mandiant said Tuesday. While aspects of the operation aren't novel, the activity from a campaign known and tracked as Dragonbridge, which dates to at least 2019, shows signs of increasing sophistication in its attempts to microtarget receptive authentic audiences. READ MORE...

China-Backed APT Pwns Building-Automation Systems with ProxyLogon

A previously unknown Chinese-speaking advanced persistent threat (APT) is exploiting the ProxyLogon Microsoft Exchange vulnerability to deploy the ShadowPad malware, researchers said - with the end goal of taking over building-automation systems (BAS) and moving deeper into networks. That's according to researchers at Kaspersky ICS CERT, who said that the infections affected industrial control systems (ICS) and telecom firms in Afghanistan and Pakistan. READ MORE...

Trio accused of selling $88m of pirated Avaya licenses

Three people accused of selling pirate software licenses worth more than $88 million have been charged with fraud. The software in question is built and sold by US-based Avaya, which provides, among other things, a telephone system called IP Office to small and medium-sized businesses. To add phones and enable features such as voicemail, customers buy the necessary software licenses from an Avaya reseller or distributor. READ MORE...

'Raccoon Stealer' Scurries Back on the Scene After Hiatus

The authors of "Raccoon Stealer," one of the most prolific information stealers of 2021, have released a new and improved version of the malware just three months after shutting down operations following the death of its lead developer in Ukraine. Researchers from French cybersecurity vendor Sekoia this week reported stumbling upon active servers hosting Raccoon Stealer files while searching for signs of the malware earlier this month. READ MORE...

CISA warns orgs to switch to Exchange Online Modern Auth until October

CISA has urged government agencies and private sector organizations using Microsoft's Exchange cloud email platform to expedite the switch from Basic Authentication legacy authentication methods without multifactor authentication (MFA) support to Modern Authentication alternatives. Basic Auth (proxy authentication) is an HTTP-based auth scheme used by apps to send credentials in plain text to servers, endpoints, or online services. READ MORE...

The Link Between AWM Proxy & the Glupteba Botnet

On December 7, 2021, Google announced it was suing two Russian men allegedly responsible for operating the Glupteba botnet, a global malware menace that has infected millions of computers over the past decade. That same day, AWM Proxy - a 14-year-old anonymity service that rents hacked PCs to cybercriminals - suddenly went offline. Security experts had long seen a link between Glupteba and AWM Proxy, but new research shows AWM Proxy's founder is one of the men being sued by Google. READ MORE...

Azure Service Fabric Vulnerability Can Lead to Cluster Takeover

Microsoft has patched a vulnerability that could allow an attacker with access to an Azure Linux container to escalate privileges and take over the entire cluster. Tracked as CVE-2022-30137, the vulnerability impacts Service Fabric, Microsoft's container orchestrator that provides management of services across container clusters. Microsoft says Service Fabric hosts over one million applications. READ MORE...

  • ...in 1920, stop-motion animator and special effects designer Ray Harryhausen (Clash of the Titans, Jason and the Argonauts) is born in Los Angeles.
  • ...in 1929, scientists at Bell Laboratories in New York reveal a system for transmitting television pictures.
  • ...in 1975, Steve Wozniak tests the first prototype of the Apple I personal computer.
  • ...in 1995, the U.S. space shuttle Atlantis docks with the Soviet space station Mir.