IT Security Newsletter

IT Security Newsletter - 1/30/2023

Written by Cadre | Mon, Jan 30, 2023

Russia's Sandworm hackers blamed in fresh Ukraine malware attack

One of the Russian military's most prolific hacking units deployed yet another destructive malware attack against Ukrainian targets this week, researchers with cybersecurity firm ESET said Friday. The researchers attributed the attack to the hacking unit known widely as "Sandworm," a group in the Russian Main Intelligence Directorate, or GRU, behind a series of destructive malware attacks and hack-and-leak campaigns over the years, according to the U.S. government and private researchers. READ MORE...

Gee, tanks: Russian hackers DDoS Germany for aiding Ukraine

Russian hackers have proved yet again how quickly cyber attacks can be used to respond to global events with a series of DDoS attacks on German infrastructure and government websites in response to the country's plan to send tanks to Ukraine. The efforts, according to Germany's cyber security agency, the BSI, were largely in vain. "Currently, some websites are not accessible. READ MORE...

Hackers use new SwiftSlicer wiper to destroy Windows domains

Security researchers have identified a new data-wiping malware they named SwiftSlicer that aims to overwrite crucial files used by the Windows operating system. The new malware was discovered in a recent cyberattack against a target in Ukraine and has been attributed to Sandworm, a hacking group working for Russia's General Staff Main Intelligence Directorate (GRU) as part of the Main Center for Special Technologies (GTsST) military unit 74455. READ MORE...

PlugX malware hides on USB devices to infect new Windows hosts

Security researchers have analyzed a variant of the PlugX malware that can hide malicious files on removable USB devices and then infect the Windows hosts they connect to. The malware uses what researchers call "a novel technique" that allows it to remain undetected for longer periods and could potentially spread to air-gapped systems. A sample of this PlugX variant was found by Palo Alto Network's Unit 42 team during a response to a Black Basta ransomware attack that relied on GootLoader. READ MORE...

Critical RCE Lexmark Printer Bug Has Public Exploit

A critical security vulnerability allowing remote code execution (RCE) affects more than 120 different Lexmark printer models, the manufacturer warned this week. And, there's proof of concept (PoC) exploit code circulating publicly, it added - though so far, in-the-wild attacks have yet to materialize. The bug (CVE-2023-23560) is a server-side request forgery (SSRF) vulnerability in the "Web Services feature of newer Lexmark devices," according to the print giant's advisory (PDF). READ MORE...

Critical OpenEMR vulnerabilities may allow attackers to access patients' health records

Critical vulnerabilities discovered in OpenEMR can be chained to gain code execution on a server running a vulnerable version of the popular open-source electronic health record system. Discovered, privately reported and now publicly documented by researcher Dennis Brinkrolf, the vulnerabilities have been promptly patched by the OpenEMR maintainers at the end of November 2022. READ MORE...

  • ...in 1882, the 32nd President of the United States, Franklin Delano Roosevelt, is born in Hyde Park, NY.
  • ...in 1930, actor Gene Hackman ("The French Connection", "The Royal Tenenbaums") is born in San Bernardino, CA.
  • ...in 1969, the Beatles put on their last public performance, an impromptu concert on the roof of Apple Records in London.
  • ...in 1982, programmer Rich Skrenta writes the Apple II Elk Cloner virus, believed to be the very first computer virus devised for a PC.