IT Security Newsletter - 1/16/2023
NortonLifeLock warns that hackers breached Password Manager accounts
Gen Digital, formerly Symantec Corporation and NortonLifeLock, is sending data breach notifications to customers, informing them that hackers have successfully breached Norton Password Manager accounts in credential-stuffing attacks. According to a letter sample shared with the Office of the Vermont Attorney General, the attacks did not result from a breach on the company but from account compromise on other platforms. READ MORE...
Cacti servers under attack by attackers exploiting CVE-2022-46169
If you're running the Cacti network monitoring solution and you haven't updated it since early December, now is the time to do it to foil attackers exploiting a critical command injection flaw (CVE-2022-46169). Cacti is an open-source front-end app for RRDtool, a system for logging and graphing time series data, i.e., data from sensors and systems that is recorded / collected at regular intervals to create an evolving picture of what one wants to monitor. READ MORE...
Avast releases free BianLian ransomware decryptor
Security software company Avast has released a free decryptor for the BianLian ransomware strain to help victims of the malware recover locked files without paying the hackers. The availability of a decryptor comes only about half a year after increased activity from BianLian ransomware over the summer of 2022, when the threat group breached multiple high-profile organizations. READ MORE...
CircleCI probe links malware placed on engineer's laptop to larger breach
CircleCI said an unauthorized third-party leveraged malware on the laptop of one of its engineers to steal a valid 2FA-backed single-sign-on session, according to highly anticipated report stemming from a security incident disclosed earlier this month. The engineer's laptop was compromised on Dec. 16, but the company's antivirus software failed to detect the malware, the company said. READ MORE...
Malware Comes Standard With This Android TV Box on Amazon
At $39.99 with a $3 coupon option for Amazon Prime members, the T95 Android 10.0 TV box might seem like a good value. But when an unsuspecting but cybersecurity-savvy customer ordered one up, he said it came "festooned" with malware - no extra charge. Daniel Milisic warned consumers in Reddit and GitHub posts that he just happened to have bought the box to run Pi-hole tracker blocking - and that he immediately made a startling discovery. READ MORE...
PoC exploits released for critical bugs in popular WordPress plugins
Three popular WordPress plugins with tens of thousands of active installations are vulnerable to high-severity or critical SQL injection vulnerabilities, with proof-of-concept exploits now publicly available. SQL injection is a website security flaw that allows attackers to input data into form fields or via URLs that modify legitimate database queries to return different data or modify a database. READ MORE...
Citrix flaw exploited in ransomware attack against small US business
Threat actors from ransomware group Royal are suspected to have exploited a critical vulnerability in two Citrix products in order to launch an attack against a small business in the U.S., according to researchers from At-Bay. The vulnerability, listed as CVE-2022-27510, allows an attacker to bypass authentication measures in the technology company's Application Delivery Controller and Gateway products. READ MORE...
- ...in 1909, the Ernest Shackleton expedition locates the Earth's magnetic South Pole.
- ...in 1948, sci-fi/horror director and composer John Carpenter ("Halloween", "Escape From New York") is born in Carthage, NY.
- ...in 1969, the Soviet spacecraft Soyuz 4 and Soyuz 5 perform the first-ever docking maneuver in orbit.
- ...in 1980, actor, composer, and playwright Lin-Manuel Miranda ("Hamilton", "In The Heights") is born in New York City.