<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 1/13/2023


Top News

Pro-Russian Group DDoS-ing Governments, Critical Infrastructure in Ukraine, NATO Countries

A Pro-Russian cybercrime group named NoName057(16) is actively launching distributed denial-of-service (DDoS) attacks against organizations in Ukraine and NATO countries. Also known as NoName05716, 05716nnm or Nnm05716, the threat actor has been supporting Russia's invasion of Ukraine since March 2022, launching disruptive attacks against government and critical infrastructure organizations. READ MORE...


Royal Mail cyberattack linked to LockBit ransomware operation

A cyberattack on Royal Mail, UK's largest mail delivery service, has been linked to the LockBit ransomware operation. Yesterday, the Royal Mail disclosed that they suffered a cyber incident that forced them to halt international shipping services. "Royal Mail is experiencing severe service disruption to our international export services following a cyber incident," disclosed Royal Mail in a service update. READ MORE...

Researchers Find 'Digital Crime Haven' While Investigating Magecart Activity

Cybercriminals engaged in one form of criminal activity can sometimes have their hands in a wide range of other nefarious campaigns as well, as researchers recently discovered when analyzing the infrastructure associated with a fresh iteration of a Magecart skimmer. Magecart is a notorious - and constantly evolving - syndicate of multiple groups that specializes in placing card skimmers on e-commerce sites to steal payment card information. READ MORE...

Software Updates

Juniper Networks Kicks Off 2023 With Patches for Over 200 Vulnerabilities

The first round of security advisories published by Juniper Networks for 2023 cover hundreds of vulnerabilities that have been patched in the networking giant's products. The 32 Juniper Networks security advisories published by the company this week cover more than 230 vulnerabilities, roughly 200 of which impact third-party components. Three advisories have an overall severity rating of critical and they all describe vulnerabilities affecting third-party components. READ MORE...


RAT malware campaign tries to evade detection using polyglot files

Operators of the StrRAT and Ratty remote access trojans (RAT) are running a new campaign using polyglot MSI/JAR and CAB/JAR files to evade detection from security tools. The campaign was spotted by Deep Instinct, which reports that the threat actors achieve moderate success in evading detection by anti-virus engines. This is notable considering how old and well-documented the two particular RATs are. READ MORE...

Information Security

Call centres behind fake cryptocurrency scams shut down across Europe

European law enforcement agencies have dealt a blow to scammers running call centres across the continent that stole millions of Euros from cryptocurrency investors. Crime-fighting authorities teamed up to tackle organised criminal groups who tricked unwary members of the public into investing in fake cryptocurrency schemes. As Europol describes, a cross-border investigation resulted in 15 arrests on 11 January (14 in Serbia and one in Germany). READ MORE...

AI-generated phishing attacks are becoming more convincing

It's time for you and your colleagues to become more skeptical about what you read. That's a takeaway from a series of experiments undertaken using GPT-3 AI text-generating interfaces to create malicious messages designed to spear-phish, scam, harrass, and spread fake news. Experts at WithSecure have described their investigations into just how easy it is to automate the creation of credible yet malicious content at incredible speed. READ MORE...


Vulnerability with 9.8 severity in Control Web Panel is under active exploit

Malicious hackers have begun exploiting a critical vulnerability in unpatched versions of the Control Web Panel, a widely used interface for web hosting. "This is an unauthenticated RCE," members of the Shadowserver group wrote on Twitter, using the abbreviation for remote code exploit. "Exploitation is trivial and a PoC published." PoC refers to a proof-of-concept code that exploits the vulnerability. READ MORE...

Fortinet says hackers exploited critical vulnerability to infect VPN customers

An unknown threat actor abused a critical vulnerability in Fortinet's FortiOS SSL-VPN to infect government and government-related organizations with advanced custom-made malware, the company said in an autopsy report on Wednesday. Tracked as ??CVE-2022-42475, the vulnerability is a heap-based buffer overflow that allows hackers to remotely execute malicious code. It carries a severity rating of 9.8 out of a possible 10. READ MORE...

Critical Cisco SMB Router Flaw Allows Authentication Bypass, PoC Available

Two security vulnerabilities in Cisco routers for small and midsize businesses (SMBs) could allow unauthenticated cyberattackers to take full control of a target device to run commands with root privileges. Unfortunately, they'll remain unpatched even though proof-of-concept exploits are floating around in the wild. Among other things, a successful compromise could allow cyberattackers to eavesdrop on or hijack VPN and session traffic flowing through the device. READ MORE...

On This Date

  • ...in 1942, Henry Ford patents a plastic-bodied automobile. The vehicle is 30 percent lighter than other cars of the time, with panels made from soybeans and hemp.
  • ...in 1968, Johnny Cash performs live at California's Folsom State Prison. His recording of the concert goes on to sell over 3 million copies in the US alone.
  • ...in 1970, television writer/producer Shonda Rhimes ("Grey's Anatomy", "Scandal") is born in Chicago, IL.
  • ...in 2000, Bill Gates resigns as CEO of Microsoft to found the philanthropic Bill & Melinda Gates Foundation.