IT Security Newsletter

IT Security Newsletter - 7/25/2023

Written by Cadre | Tue, Jul 25, 2023

Norway says Ivanti zero-day was used to hack govt IT systems

The Norwegian National Security Authority (NSM) has confirmed that attackers used a zero-day vulnerability in Ivanti's Endpoint Manager Mobile (EPMM) solution to breach a software platform used by 12 ministries in the country. The Norwegian Security and Service Organization (DSS) said on Monday that the cyberattack did not affect Norway's Prime Minister's Office, the Ministry of Defense, the Ministry of Justice, and the Ministry of Foreign Affairs. READ MORE...

North Korean Cyberspies Target GitHub Developers

The North Korean state-sponsored Lazarus advanced persistent threat (APT) group is back with yet another impersonation scam, this time posing as developers or recruiters with legitimate GitHub or social media accounts. The notorious APT is using these personae in social engineering attacks that target a limited group of tech employees, inviting them to join GitHub development projects that then spread malware via malicious node package manager (npm) dependencies, GitHub is warning. READ MORE...

KillNet's Kremlin Connection Unclear as the Cybercrime Collective Grows

Although the precise connection between Russian threat group KillNet and the Kremlin remains nebulous, its high-profile, and increasingly effective, cyberattacks continue to align with Russian state interests. And its churning PR campaign is luring fellow cybercriminals, and their skills, into the operation. A new report out this week from Mandiant finds KillNet's media branding strategy is working, helping the group to consolidate Russian hacker power under one organization. READ MORE...

Apple releases iOS, iPadOS, and macOS updates to fix bugs and shore up security

Apple's iOS 16, iPadOS 16, and macOS 13 operating systems are all due to be replaced with new versions in the next two or three months, but some bugs can't wait for a whole new release. The company has released iOS/iPadOS 16.6 and macOS 13.5 to fix several "actively exploited" security bugs, plus a handful of other security fixes for problems that have been reported to Apple but aren't being exploited in the wild yet. The release notes also mention unspecified "bug fixes" for each OS. READ MORE...

Google blocks staff's internet access to reduce attacks - but will it work?

According to reports, Google is blocking some of its staff from accessing the internet in an attempt to enhance its cybersecurity. Some employees at Google will have internet access from their desktop PCs significantly restricted, CNBC reports, with only internal web-based tools and Google-owned sites such as Google Drive, Google Maps, and Gmail accessible. READ MORE...

Zenbleed attack leaks sensitive data from AMD Zen2 processors

Google's security researcher Tavis Ormandy discovered a new vulnerability impacting AMD Zen2 CPUs that could allow a malicious actor to steal sensitive data, such as passwords and encryption keys, at a rate of 30KB/sec from each CPU core. The vulnerability is tracked as CVE-2023-20593 and is caused by the improper handling of an instruction called 'vzeroupper' during speculative execution, a common performance-enhancing technique used in all modern processors. READ MORE...

Over 20,000 Citrix Appliances Vulnerable to New Exploit

A new exploit technique targeting a recent Citrix Application Delivery Controller (ADC) and Gateway vulnerability can be used against thousands of unpatched devices, cybersecurity firm Bishop Fox claims. Tracked as CVE-2023-3519 and patched last week, the critical-severity bug can be exploited to execute arbitrary code remotely, without authentication, on vulnerable appliances that are configured as a gateway or AAA virtual server. READ MORE...

AMD Zenbleed chip bug leaks secrets fast and easy

AMD has started issuing some patches for its processors affected by a serious silicon-level bug dubbed Zenbleed that can be exploited by rogue users and malware to steal passwords, cryptographic keys, and other secrets from software running on a vulnerable system. Zenbleed affects Ryzen and Epyc Zen 2 chips, and can be abused to swipe information at a rate of at least 30Kb per core per second. That's practical enough for someone on a shared server, such as a cloud-hosted box, to spy on other tenants. READ MORE...

Hacking police radios: 30-year-old crypto flaws in the spotlight

If you'd been quietly chasing down cryptographic bugs in a proprietary police radio system since 2021, but you'd had to wait until the second half of 2023 to go public with your research, how would you deal with the reveal? You'd probably do what researchers at boutique Dutch cybersecurity consultancy Midnight Blue did: line up a world tour of conference appearances in the US, Germany and Denmark (Black Hat, Usenix, DEF CON, CCC and ISC), and turn your findings into a BWAIN. READ MORE...

  • ...in 1837, the first commercial use of an electric telegraph is demonstrated in London.
  • ...in 1954, Chicago Bears running back and nine-time Pro Bowl selectee Walter Payton is born in Columbia, MS.
  • ...in 1965, Bob Dylan "goes electric" with amplified instruments at the Newport Folk Festival, sparking controversy in the folk movement.
  • ...in 1976, the Viking 1 space probe takes a photograph of a natural Martian surface feature, popularly known as "The Face on Mars."