IT Security Newsletter

IT Security Newsletter - 1/12/2022

Written by Cadre | Wed, Jan 12, 2022

CISA issues advisory on state-sponsored hacking amid Russia, Ukraine tension

The Department of Homeland Security's Cybersecurity and Infrastructure Security Agency Tuesday advised cybersecurity professionals to be on alert for attacks from Russian state-sponsored hackers. The DHS warning, issued alongside the National Security Agency and the Federal Bureau of Investigation, singled out critical infrastructure as being especially at risk. Russian state-sponsored hackers have in the past been able to gain access to energy networks in the U.S. and abroad. READ MORE...

'Wormable' Flaw Leads January 2022 Patch Tuesday

Microsoft today released updates to plug nearly 120 security holes in Windows and supported software. Six of the vulnerabilities were publicly detailed already, potentially giving attackers a head start in figuring out how to exploit them in unpatched systems. More concerning, Microsoft warns that one of the flaws fixed this month is "wormable," meaning no human interaction would be required for an attack to spread from one vulnerable Windows box to another. READ MORE...

State hackers use new PowerShell backdoor in Log4j attacks

Hackers believed to be part of the Iranian APT35 state-backed group (aka 'Charming Kitten' or 'Phosphorus') has been observed leveraging Log4Shell attacks to drop a new PowerShell backdoor. The modular payload can handle C2 communications, perform system enumeration, and eventually receive, decrypt, and load additional modules. Log4Shell is an exploit for CVE-2021-44228, a critical remote code execution vulnerability in Apache Log4j disclosed in December. READ MORE...

Suspected Chinese hackers use Log4j flaw to deploy Night Sky ransomware, Microsoft warns

A China-based ransomware operator has been exploiting a vulnerability in Log4j software to attack internet-facing systems running a popular virtualization service, Microsoft analysts reported Monday. The findings point toward attacks on VMWare Horizon, an application that allows remote users access to virtual computers and servers. Successful attacks have led to the deployment of ransomware via a hacking campaign that calls itself Night Sky. READ MORE...

Who is the Network Access Broker 'Wazawaka?'

In a great many ransomware attacks, the criminals who pillage the victim's network are not the same crooks who gained the initial access to the victim organization. More commonly, the infected PC or stolen VPN credentials the gang used to break in were purchased from a cybercriminal middleman known as an initial access broker. This post examines some of the clues left behind by "Wazawaka," the hacker handle chosen by a major access broker in the Russian-speaking cybercrime scene. READ MORE...

SAP Patches Log4Shell Vulnerability in More Applications

German software maker SAP this week announced its first set of security updates for 2022, including patches for more applications affected by the Log4Shell vulnerability. Last month, after revealing it had identified 32 applications that use the vulnerable Apache Log4j library, the company released patches for 20 of them. On its January 2022 Security Patch Day, SAP published a security note that consolidates all of the security notes released to address Log4Shell. READ MORE...

New RedLine malware version spread as fake Omicron stat counter

A new variant of the RedLine info-stealer is distributed via emails using a fake COVID-19 Omicron stat counter app as a lure. RedLine is a widespread commodity malware sold to cyber-criminals for a couple of hundred USD. It supplies dark web markets with over half of the stolen user credentials sold to other threat actors. The malware is actively developed and continually improved with widespread deployment using multiple distribution methods. READ MORE...

'Fully Undetected' SysJoker Backdoor Malware Targets Windows, Linux & macOS

A brand-new multiplatform malware, likely distributed via malicious npm packages, is spreading under the radar with Linux and Mac versions going fully undetected in VirusTotal, researchers warned. The Windows version, according to a Tuesday writeup from Intezer, has only six detections as of this writing. These were uploaded to VirusTotal with the suffix ".ts," which is used for TypeScript files. READ MORE...

FIN7 Mails Malicious USB Sticks to Drop Ransomware

Ransomware gangs are mailing malicious USB drives, posing as the U.S. Department of Health and Human Services (HHS) and/or Amazon to target the transportation, insurance and defense industries for ransomware infection, the FBI warned on Friday. In a security alert sent to organizations, the FBI said that FIN7 - aka Carbanak or Navigator Group, the infamous, financially motivated cybercrime gang behind the Carbanak backdoor malware - is the guilty party. READ MORE...

Details Disclosed for Recent Vulnerabilities in SonicWall Remote Access Appliances

Rapid7 today shared details on a series of vulnerabilities that SonicWall patched in the Secure Mobile Access (SMA) 100 series secure access gateway products last month. The impacted devices include the SMA 200, 210, 400, 410, and 500 edge network access control systems that have the Web Application Firewall (WAF) enabled. The most severe of these vulnerabilities is CVE-2021-20038, an unauthenticated stack-based buffer overflow that could lead to remote code execution (RCE) as the 'nobody' user. READ MORE...

  • ...in 1921, in reaction to the "Black Sox" scandal, Major League Baseball team owners elect Kenesaw Mountain Landis as the league's first commissioner.
  • ...in 1944, professional boxer and former heavyweight champion Joe Frazier is born in Beaufort, SC.
  • ...in 1965, hard rock musician and filmmaker Robert Bartleh Cummings, AKA Rob Zombie, is born in Haverhill, MA.
  • ...in 1971, the controversial but highly influential TV sitcom "All in the Family" debuts on CBS.