IT Security Newsletter - 1/27/2023
German Government, Airports, Banks Hit With Killnet DDoS Attacks
After Berlin agreed to send its advanced Leopard 2 tanks to Ukraine, Russia-backed threat group Killnet retaliated with DDoS attacks aimed at Germany's government, banking, and airport sites. Germany's BSI federal agency, which oversees information security, said the attacks caused some small outages, but otherwise did little damage. "Currently, some websites are not accessible," the BSI said in a statement to Reuters. READ MORE...
5 facts about Vice Society, the ransomware group wreaking havoc on the education sector
Move over Lockbit, there's a new ransomware-as-a-service (RaaS) player in town attacking the education sector-and its name is Vice Society. Vice Society is believed to be a Russian-based intrusion, exfiltration, and extortion group. And their ideal prey? You guessed it: universities, colleges, and K-12 schools. The Federal Bureau of Investigation (FBI) has even released a joint Cybersecurity Advisory (CSA) after observing that Vice Society has disproportionately targeted the education sector. READ MORE...
Microsoft Urges Customers to Patch Exchange Servers
Microsoft this week published a blog post to remind its customers of the continuous wave of attacks targeting Exchange servers and to urge them to install the latest available updates as soon as possible. "Attackers looking to exploit unpatched Exchange servers are not going to go away," Microsoft says, reminding customers that both a cumulative update (CU) and a security update (SU) are available for Exchange. READ MORE...
BIND Updates Patch High-Severity, Remotely Exploitable DoS Flaws
The Internet Systems Consortium (ISC) this week announced patches for multiple high-severity denial-of-service (DoS) vulnerabilities in the DNS software suite BIND. The addressed issues could be exploited remotely to cause named - the BIND daemon that acts both as an authoritative name server and as a recursive resolver - to crash, or could lead to the exhaustion of the available memory. READ MORE...
New Mimic ransomware abuses 'Everything' Windows search tool
Security researchers discovered a new ransomware strain they named Mimic that leverages the APIs of the 'Everything' file search tool for Windows to look for files targeted for encryption. Discovered in June 2022 by researchers at cybersecurity company Trend Micro, the malware appears to target mainly English and Russian-speaking users. Some of the code in Mimic shares similarities with Conti ransomware, the source of which was leaked in March 2022 by a Ukrainian researcher. READ MORE...
FBI seizes Hive ransomware group infrastructure after lurking in servers for months
After seven months spent lurking inside a notorious ransomware group's networks, swiping decryption keys for its victims, the FBI and international partners seized infrastructure behind Hive ransomware attacks. Since June 2021, Hive has targeted more than 1,500 victims globally, including disrupting health care providers during the height of the COVID-19 pandemic. READ MORE...
Dutch suspect locked up for alleged personal data megathefts
The Public Prosecution Service in the Netherlands [Dutch: Openbaar Ministerie] has just released information about an unnamed suspect arrested back in December 2022 for allegedly stealing and selling personal data about tens of millions of people. The victims are said to live in countries as far apart as Austria, China, Columbia, the Netherlands itself, Thailand and the UK. READ MORE...
Bitwarden password vaults targeted in Google ads phishing attack
Bitwarden and other password managers are being targeted in Google ads phishing campaigns to steal users' password vault credentials. As the enterprise and consumers move to use unique passwords at every site, it has become essential to use password managers to keep track of all the passwords. However, unless you use a local password manager, like KeePass, most password managers are cloud-based, allowing users to access their passwords through websites and mobile apps. READ MORE...
Lexmark warns of RCE bug affecting 100 printer models, PoC released
Lexmark has released a security firmware update to fix a severe vulnerability that could enable remote code execution (RCE) on more than 100 printer models. The security issue is tracked as CVE-2023-23560 and, according to the company, it has a severity rating of 9.0. It is a server-side request forgery (SSRF) in the Web Services feature of Lexmark devices. READ MORE...
Researchers release PoC exploit for critical Windows CryptoAPI bug (CVE-2022-34689)
Akamai researchers have published a PoC exploit for a critical vulnerability (CVE-2022-34689) in Windows CryptoAPI, which validates public key certificates. "An attacker could manipulate an existing public x.509 certificate to spoof their identity and perform actions such as authentication or code signing as the targeted certificate," Microsoft said in October 2022, when they announced fixes for vulnerable Windows and Windows Server versions. READ MORE...
- ...in 1888, the National Geographic Society is founded.
- ...in 1959, former Cincinnati Bengals wide receiver and TV sports commentator Cris Collinsworth is born in Dayton, OH.
- ...in 1969, stand-up comedian and actor Patton Oswalt ("Ratatouille", "A.P. Bio") is born in Portsmouth, VA.
- ...in 1973, the Paris Peace Accords are signed, officially ending US involvement in Vietnam.