IT Security Newsletter

IT Security Newsletter - 9/7/2022

Written by Cadre | Wed, Sep 7, 2022

US Agencies Warn of 'Vice Society' Ransomware Gang Targeting Education Sector

The FBI, CISA, and the Multi-State Information Sharing and Analysis Center (MS-ISAC) are raising the alarm on a ransomware gang's increased targeting of the education sector. In a joint advisory this week, the three agencies warn that a threat actor tracked as 'Vice Society' has been "disproportionately targeting the education sector with ransomware attacks". READ MORE...

Albania cuts diplomatic ties with Iran after July cyberattack

Albania has severed diplomatic ties with Iran after a series of cyberattacks that kicked off July 15 and targeted multiple Albanian government websites, Albanian Prime Minister Edi Rama said Wednesday. All Iranian diplomatic and other personnel were given 24 hours to leave the country, Rama said in a video statement. A previously unknown group calling itself "Homeland Justice" took credit for the attacks. READ MORE...

Ransomware gang's Cobalt Strike servers DDoSed with anti-Russia messages

Someone is flooding Cobalt Strike servers operated by former members of the Conti ransomware gang with anti-Russian messages to disrupt their activity. The operators of Conti ransomware completed turning off their internal infrastructure in May this year but its members have dispersed to other ransomware gangs, such as Quantum, Hive, and BlackCat. However, former Conti members continue to use the same Cobalt Strike infrastructure to conduct new attacks under other ransomware operations. READ MORE...

Mysterious 'Worok' Group Launches Spy Effort With Obfuscated Code, Private Tools

A relatively new cyber-espionage group is using an intriguing custom arsenal of tools and techniques to compromise companies and governments in Southeast Asia, the Middle East, and southern Africa, with attacks aimed at collecting intelligence from targeted organizations. According to an analysis published on Tuesday by cybersecurity firm ESET, the hallmark of the group is its use of custom tools not seen in other attacks, a focus on targets in Southeast Asia, and operational similarities to the China-linked TA428 group. READ MORE...

Zyxel releases new NAS firmware to fix critical RCE vulnerability

Networking device maker Zyxel is warning customers today of a new critical remote code execution (RCE) vulnerability impacting three models of its Networked Attached Storage (NAS) products. The vulnerability is tracked as CVE-2022-34747 and has received a CVSS v3 severity score of 9.8, rated critical, but not many details have been disclosed. "A format string vulnerability was found that could allow an attacker to achieve unauthorized remote code execution via a crafted UDP packet," explains the advisory. READ MORE...

DeadBolt is hitting QNAP NAS devices via zero-day bug, what to do?

A few days ago - and smack in the middle of the weekend preceding Labor Day (as celebrated in the U.S.) - Taiwan-based QNAP Systems has warned about the latest round of DeadBolt ransomware attacks targeting users of its QNAP network-attached storage (NAS) devices. "QNAP detected a new DeadBolt ransomware campaign on the morning of September 3rd, 2022 (GMT+8). The campaign appears to target QNAP NAS devices running Photo Station with internet exposure," the company said in a security advisory. READ MORE...

  • ...in 1908, Cleveland Browns coach and Cincinnati Bengals owner Paul Brown is born in Norwalk, OH.
  • ...in 1927, The first fully electronic television system is achieved by Philo Taylor Farnsworth.
  • ...in 1936, Charles Hardin Holley, better known as '50s rockabilly icon Buddy Holly, is born in Lubbock, TX.
  • ...in 1986, human rights activist Archbishop Desmond Tutu becomes the first Black leader of the Anglican Church in South Africa.