<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter

Get the latest headlines, summaries, and security news!

IT Security Newsletter - 1/13/2020


Iranian Hackers Have Been ‘Password-Spraying’ the US Grid

In the wake of the US assassination of Iranian general Qasem Soleimani and the retaliatory missile strike that followed, Iran-watchers have warned that the country could deploy cyberattacks as well, perhaps even targeting US critical infrastructure like the electric grid. A new report lends some fresh details to the nature of that threat: By all appearances, Iranian hackers don't currently have the capability to start causing blackouts in the US. But they’ve been working to gain access to American electric utilities, long before tensions between the two countries came to a head.

Alleged Member of Neo-Nazi Swatting Group Charged

Federal investigators on Friday arrested a Virginia man accused of being part of a neo-Nazi group that targeted hundreds of people in “swatting” attacks, wherein fake bomb threats, hostage situations and other violent scenarios were phoned in to police as part of a scheme to trick them into visiting potentially deadly force on a target’s address. An FBI affidavit unsealed this week identifies one member of the group as John William Kirby Kelley. According to the affidavit, Kelley was instrumental in setting up and maintaining the Internet Relay Chat (IRC) channel called “Deadnet.”


Sodinokibi Ransomware Hits New York Airport Systems

Albany International Airport's staff announced that the New York airport's administrative servers were hit by Sodinokibi Ransomware following a cyberattack that took place over Christmas. Airport operations were not impacted by the ransomware attack and customers' financial or personal information was not accessed by the attackers according to a statement from airport officials per WNYT-TV. No airline or TSA servers were affected in the incident, with airport officials saying that the vast majority of encrypted files being administrative documents and archived data.

Sodinokibi Ransomware Publishes Stolen Data for the First Time

For the first time, the operators behind the Sodinokibi Ransomware have released files stolen from one of their victims because a ransom was not paid in time. Since last month, the representatives of the Sodinokibi, otherwise known as REvil, have publicly stated that they would begin to follow Maze's example and publish data stolen from victims if they do not pay a ransom.


Exploits for Citrix ADC and Gateway flaw abound, attacks are ongoing

With several exploits targeting CVE-2019-19781 having been released over the weekend and the number of vulnerable endpoints still being over 25,000, attackers are having a field day. Do you use Citrix’s Application Delivery Controller (ADC) or Gateway? If you haven’t implemented the mitigations provided by the company, there’s a good change you might have been hit already.

Cable Haunt: Unknown millions of Broadcom-based cable modems open to hijacking

A vulnerability (CVE-2019-19494) in Broadcom‘s cable modem firmware can open unknown millions of broadband modems by various manufacturers to attackers, a group of Danish researchers has warned. CVE-2019-19494, also dubbed Cable Haunt, is present in the spectrum analyzer, a standard component of Broadcom chips that identifies potential problems with the connection through the modem’s coaxial cable.

Cisco Webex Bug Allows Remote Code Execution

Cisco Systems has fixed two high-severity vulnerabilities in its products, including one in its popular Webex video conferencing platform that could enable a remote attacker to execute commands. The high-severity Webex flaw exists in the web-based management interface of Cisco Webex Video Mesh, a feature that enables on-premises infrastructure for video conferencing, to enhance audio, video and content.


Is the Y2K bug alive after all?

Right at the end of 2019, we wrote about the “decade-ending Y2K bug that wasn’t” in a serious article with a humorous side. In that article, we described a perennial “gotcha” facing Java programmers faced with the simple task of printing out the year. If you tell Java to treat the date as four digits by using the abbreviation YYYY, which is a very common way of denoting the year in all sorts of other apps, you will get the right answer most of the time…