<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 1/5/2022

SHARE

Top News

Microsoft Sees Rampant Log4j Exploit Attempts, Testing

No surprise here: The holidays bought no Log4Shell relief. Threat actors vigorously launched exploit attempts and testing during the last weeks of December, Microsoft said on Monday, in the latest update to its landing page and guidance around the flaws in Apache's Log4j logging library. "We have observed many existing attackers adding exploits of these vulnerabilities in their existing malware kits and tactics, from coin miners to hands-on-keyboard attacks," according to Microsoft. READ MORE...

Breaches

Data Skimmer Hits 100+ Sotheby's Real-Estate Websites

A supply-chain campaign infecting Sotheby's real-estate websites with data-stealing skimmers was recently observed being distributed via a cloud-video platform. According to Palo Alto Networks' Unit 42 division, researchers noticed that most of the activity affected real-estate-related sites. At least 100 of them were successfully infected (the full list of affected websites can be found here). Upon closer inspection, all of the compromised sites belonged to one parent company, Sotheby's. READ MORE...


McMenamins Breach Affected 23 Years of Employee Data

McMenamins, an Oregon-based operator of restaurants, hotels, movie theaters, concert venues, and other events, has confirmed a December 2021 ransomware attack that compromised employee data going back to Jan. 1, 1998. Stolen data potentially included names, addresses, phone numbers, email addresses, birthdates, race, ethnicity, gender, disability status, medical notes, performance and disciplinary notes, Social Security numbers, health insurance plan elections, income amounts, etc. READ MORE...

Malware

iOS malware can fake iPhone shut downs to snoop on camera, microphone

Researchers have developed a new technique that fakes a shutdown or reboot of iPhones, preventing malware from being removed and allowing hackers to secretly snoop on microphones and receive sensitive data via a live network connection. Historically, when malware infects an iOS device, it can be removed simply by restarting the device, which clears the malware from memory. READ MORE...


'Malsmoke' Exploits Microsoft's E-Signature Verification

Threat actors are exploiting Microsoft's digital signature verification to steal user credentials and other sensitive information by delivering the ZLoader malware, which previously has been used to distribute Ryuk and Conti ransomware, researchers have found. Researchers at Check Point Research (CPR) discovered the cybercriminal group Malsmoke delivering the campaign, which they traced back to November 2021, according to a report posted online Wednesday. READ MORE...

On This Date

  • ...in 1914, "Adventures of Superman" actor George Reeves is born in Woolstock, IA.
  • ...in 1932, philosopher and author Umberto Eco ("The Name of the Rose", "Foucault's Pendulum") is born in Piedmont, Italy.
  • ...in 1933, construction on the Golden Gate Bridge begins.
  • ...in 1941, Academy Award-winning animation director Hayao Miyazaki ("Spirited Away", "My Neighbor Totoro") is born in Tokyo, Japan.