IT Security Newsletter - 1/11/2022
No Significant Intrusions Related to Log4j Flaw Yet, CISA Says
In the one month since news broke of a critical remote code execution vulnerability in the Log4j logging framework, there have been no major intrusions tied to the flaw in the US, officials from the Cybersecurity and Infrastructure Security Agency (CISA) said Monday. However, they warned about the possibility of attackers exploiting the flaw later because of its prevalence - hundreds of millions of devices and components have the vulnerability - and the ease with which it can be exploited. READ MORE...
MRIoA Discloses Data Breach Affecting 134,000 People
Medical Review Institute of America (MRIoA) on Friday started notifying some individuals that their personal information was compromised in a cyberattack. The incident, MRIoA says, was discovered on November 9, 2021. A couple of days later, the organization discovered that personal information was compromised in the attack and, by November 16, it had managed to retrieve it. READ MORE...
Hacking group accidentally infects itself with Remote Access Trojan horse
Patchwork, an Indian hacking group also known by such bizarre names as Hangover Group, Dropping Elephant, Chinastrats, and Monsoon, has proven the old adage that to err is human, but to really cock things up you need to be a cybercriminal. The hackers, who have become notorious for launching spear phishing attacks against Pakistani institutions, managed to infect themselves with their own Remote Access Trojan (RAT) in January, according to experts at Malwarebytes. READ MORE...
Extortion DDoS attacks grow stronger and more common
The end of 2021 saw a rise in the number of distributed denial-of-service incidents that came with a ransom demand from the attackers to stop the assault. In the fourth quarter of last year, about a quarter of Cloudflare's customers that were the target of a DDoS attack said that they received a ransom note from the perpetrator. A large portion of these attacks occurred in December 2021, when almost a third of Cloudflare customers reported receiving a ransom letter. READ MORE...
500M Avira Antivirus Users Introduced to Cryptomining
Many readers were surprised to learn recently that the popular Norton 360 antivirus suite now ships with a program which lets customers make money mining virtual currency. But Norton 360 isn't alone in this dubious endeavor: Avira antivirus - which has built a base of 500 million users worldwide largely by making the product free - was recently bought by the same company that owns Norton 360 and is introducing its customers to a service called Avira Crypto. READ MORE...
Night Sky: the new corporate ransomware demanding a sky high ransom
There's a new ransomware in town-isn't there always?-and it's, unsurprisingly, after corporation-sized businesses. It's called Night Sky, and it was first spotted and revealed by MalwareHunterTeam, a group on Twitter who hunts malware online, on the first day of 2022. Like other ransomware families before it, Night Sky uses the double extortion model in its attacks. READ MORE...
Canon can't get enough toner chips, so it's telling customers how to defeat its DRM
For years, printers have been encumbered with digital rights management systems that prevent users from buying third-party ink and toner cartridges. Printer companies have claimed that their chip-enabled cartridges can "enhance the quality and performance" of their equipment, provide the "best consumer experience," and "protect [the printers] from counterfeit and third-party ink cartridges." READ MORE...
KCodes NetUSB bug exposes millions of routers to RCE attacks
A high-severity remote code execution flaw tracked as CVE-2021-45388 has been discovered in the KCodes NetUSB kernel module, used by millions of router devices from various vendors. Successfully exploiting this flaw would allow a remote threat actor to execute code in the kernel, and although some restrictions apply, the impact is broad and could be severe. The vulnerability discovery comes from researchers at SentinelLabs who shared their technical report with Bleeping Computer before publication. READ MORE...
Microsoft: macOS 'Powerdir' Flaw Could Let Attackers Gain Access to User Data
Microsoft today disclosed a vulnerability in Apple's macOS that could enable an attacker to gain unauthorized access to protected user data through bypassing the Transparency, Consent, and Control (TCC) technology in the operating system. The Microsoft Security Vulnerability Research (MSVR) team reported its discovery to Apple's product security team on July 15, 2021. Apple addressed CVE-2021-30970, dubbed "Powerdir," in a rollout of security updates released on Dec. 13. READ MORE...
- ...in 1755, Founding Father, first Treasury Secretary, and Broadway musical inspiration Alexander Hamilton is born in the British West Indies.
- ...in 1908, President Theodore Roosevelt designates the Grand Canyon a national monument.
- ...in 1942, E Street Band saxophonist Clarence Clemons, AKA "The Big Man", is born in Norfolk County, VA.
- ...in 1973, Major League Baseball's American League adopts the designated hitter rule.