<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 02/03/2021

SHARE

Breaches

Wind River Security Incident Affects SSNs, Passport Numbers

Wind River Systems is warning of a 'security incident' after one or more files was downloaded from its network. Wind River Systems, which develops embedded system software, on Friday warned of a "security incident" that had exposed personnel records. One or more files were downloaded from the company's network on or around September 29, it said. Affected data included information maintained within the company's personnel records. READ MORE...

Hacking

Hezbollah-Linked Lebanese Cedar APT Infiltrates Hundreds of Servers

Enhanced Explosive RAT and Caterpillar tools are at the forefront of a global espionage campaign. Advanced persistent threat (APT) group Lebanese Cedar has compromised at least 250 public-facing servers since early 2020, researchers said, with its latest malware. The group has added new features to its custom "Caterpillar" webshell and the "Explosive RAT" remote access trojan (RAT), both of which researchers at ClearSky Security said they linked to the compromise of the public servers. READ MORE...


US federal payroll agency hacked using SolarWinds software flaw

The FBI has discovered that the National Finance Center (NFC), a U.S. Department of Agriculture (USDA) federal payroll agency, was compromised by exploiting a SolarWinds Orion software flaw, according to a Reuters report. NFC provides human resources and payroll services to roughly 170 federal agencies and over 650,000 federal employees since 1973. The software vulnerability used to break into NFC's systems is different than the one used by suspected Russian nation-state hackers. READ MORE...


Microsoft Sees Spike in BEC Attacks Targeting Schools

In a series of posts on Twitter, Microsoft on Tuesday warned of an uptick in gift card-themed business email compromise (BEC) attacks targeting K-12 school teachers by impersonating their colleagues. "We detected a recent spike in business email compromise (BEC) attacks soliciting gift cards primarily targeting K-12 school teachers. Attackers impersonate colleagues or school officials to ask recipients to purchase various gift cards," Microsoft Security Intelligence warned. READ MORE...

Malware

Trickbot malware now maps victims' networks using Masscan

The Trickbot malware has been upgraded with a network reconnaissance module designed to survey local networks after infecting a victim's computer. This new module, dubbed masrv, uses the open-source masscan tool, a mass port scanner with its own TCP/IP stack and capable of scanning large swaths of the Internet in a matter of minutes. Trickbot uses the network scanner module to map the victims' networks and send home information on any devices with open ports. READ MORE...


Agent Tesla Upgrades with New Delivery & Evasion Tactics

A new version of the remote access Trojan targets Microsoft Anti-Malware Software Interface to bypass endpoint detection. The newest versions of the Agent Tesla malware target more applications for credential theft, use updated communication tactics, and pack new techniques for bypassing endpoint defense. Sophos researchers today published a report on updates to Agent Tesla, a family of remote access Trojan (RAT) malware that has grown more popular in recent months. READ MORE...

Information Security

Babyk Ransomware won't hit charities, unless they support LGBT, BLM

The Babyk ransomware operation has launched a new data leak site used to publish victim's stolen data as part of a double extortion strategy. Included is a list of targets they wont attack with some exclusions that definitely stand out. In 2019, the Maze ransomware operation introduced a new double-extortion strategy of stealing unencrypted files and then threatening to publicly release them on data leak sites if a ransom is not paid. READ MORE...


Location tracking report: X-Mode SDK still in wide use in Android apps despite Google ban

A report on Android apps that do location tracking identified 450 apps that use tracker SDKs, many of which use an SDK called X-Mode, which Apple and Google have banned, but are still in Google's Play Store. X-Mode, based in Reston, Virginia in the US, is a broker for location data. The pitch to developers is that by embedding the X-Mode libraries in their apps, they get a revenue stream that is not dependent on showing ads. READ MORE...

Exploits/Vulnerabilities

SolarWinds Product Vulnerabilities Allow Hackers to Take Full Control of Systems

Cybersecurity firm Trustwave on Wednesday reported that one of its researchers recently discovered several potentially serious vulnerabilities in products made by Texas-based IT management solutions provider SolarWinds. SolarWinds was recently targeted in a sophisticated supply chain attack that resulted in thousands of organizations receiving malicious updates for the company's Orion monitoring product, and a few hundred - ones that presented an interest to the attackers . READ MORE...


Credit card skimmer piggybacks on Magento 1 hacking spree

Back in the fall of 2020 threat actors started to massively exploit a vulnerability in the no-longer maintained Magento 1 software branch. As a result, thousands of e-commerce shops were compromised and many of them injected with credit card skimming code. While monitoring activities tied to this Magento 1 campaign, we identified an e-commerce shop that had been targeted twice by skimmers. This in itself is not unusual, multiple infections on the same site are common. READ MORE...


Weak ACLs in Adobe ColdFusion Allow Privilege Escalation

A newly disclosed vulnerability in Adobe ColdFusion could be exploited by unprivileged users for the execution of arbitrary code with SYSTEM privileges. The popular commercial web-application development platform uses the CFML scripting language and is mainly used for the creation of data-driven websites. This week, Will Dormann, a security researcher with Carnegie Mellon University's CERT Coordination Center (CERT/CC). READ MORE...

On This Date

  • ...in 1690, The first paper money in America is issued in the Massachusetts Bay Colony.
  • ...in 1966, the Soviet Union accomplishes the first controlled landing on the moon with the unmanned Lunik 9 spacecraft.
  • ...in 1970, English actor Warwick Davis, who played Wicket the Ewok in "Return of the Jedi" and Professor Flitwick in the "Harry Potter" films, is born in Surrey, England.
  • ...in 1995, astronaut Eileen Collins becomes the first woman to pilot the Space Shuttle during mission STS-63.