IT Security Newsletter

IT Security Newsletter - 10/17/2022

Written by Cadre | Mon, Oct 17, 2022

How a Microsoft blunder opened millions of PCs to potent malware attacks

For almost two years, Microsoft officials botched a key Windows defense, an unexplained lapse that left customers open to a malware infection technique that has been especially effective in recent months. Microsoft officials have steadfastly asserted that Windows Update will automatically add new software drivers to a blocklist designed to thwart a well-known trick in the malware infection playbook. READ MORE...

CommonSpirit Health confirms it was hit by ransomware attack

CommonSpirit Health, one of the nation's largest health systems, confirmed it was hit by a ransomware attack that has interrupted access to electronic health records and delayed patient care in multiple regions. The health system is still grappling with the cyberattack more than a week after it first disclosed it was dealing with an unspecified "IT security incident." The hospital chain said it is working to bring systems back online as quickly as possible. READ MORE...

New Chinese Cyberespionage Group WIP19 Targets Telcos, IT Service Providers

A newly identified cyberespionage group operating out of China has been targeting IT services providers and telecommunications companies with signed malware. The activities of this advanced persistent threat (APT), which SentinelOne tracks as WIP19, show overlaps with Operation Shadow Force, but it is unclear whether this is a new iteration of the campaign or the work of a different, more mature adversary using new malware and techniques. READ MORE...

New PHP information-stealing malware targets Facebook accounts

A new Ducktail phishing campaign is spreading a never-before-seen Windows information-stealing malware written in PHP used to steal Facebook accounts, browser data, and cryptocurrency wallets. Ducktail phishing campaigns were first revealed by researchers from WithSecure in July 2022, who linked the attacks to Vietnamese hackers. Those campaigns relied on social engineering attacks through LinkedIn, pushing .NET Core malware masquerading as a PDF document. READ MORE...

New 'Black Lotus' UEFI Rootkit Provides APT-Level Capabilities to Cybercriminals

A threat actor is promoting on underground criminal forums a vendor-independent UEFI rootkit that can disable security software and controls, cybersecurity veteran Scott Scheferman warns. Dubbed 'Black Lotus', the Windows rootkit is a powerful, persistent tool being offered for sale at $5,000, with $200 payments per new version and featuring capabilities resembling those employed by state-sponsored threat actors. READ MORE...

Exploit available for critical Fortinet auth bypass bug, patch now

Proof-of-concept exploit code is now available for a critical authentication bypass vulnerability affecting Fortinet's FortiOS, FortiProxy, and FortiSwitchManager appliances. This security flaw (CVE-2022-40684) allows attackers to bypass the authentication process on the administrative interface of FortiGate firewalls, FortiProxy web proxies, and FortiSwitch Manager (FSWM) on-premise management instances. READ MORE...

Weakness in Microsoft Office 365 Message Encryption could expose email contents

WithSecure researchers are warning organizations of a security weakness in Microsoft Office 365 Message Encryption (OME) that could be exploited by attackers to obtain sensitive information. OME, which is used by organizations to send encrypted emails internally and externally, utilizes the Electronic Codebook (ECB) implementation - a mode of operation known to leak certain structural information about messages. READ MORE...

Almost 900 servers hacked using Zimbra zero-day flaw

Almost 900 servers have been hacked using a critical Zimbra Collaboration Suite (ZCS) vulnerability, which at the time was a zero-day without a patch for nearly 1.5 months. The vulnerability tracked as CVE-2022-41352 is a remote code execution flaw that allows attackers to send an email with a malicious archive attachment that plants a web shell in the ZCS server while, at the same time, bypassing antivirus checks. READ MORE...

How to get Doom running in Windows' notepad.exe

Hackers of a certain age are intimately familiar with the "Will it run Doom" meme and the wide array of ports it has engendered (including a game of Doom that runs inside an instance of Doom itself). Still, this week's viral video and eventual itch.io release of a Doom port running in Windows' standard notepad.exe text editor left us with a number of questions. Chief among them: "How?" and "Why?" READ MORE...

  • ...in 1814, a vat of fermenting porter at London's Horse Shoe Brewery bursts, releasing over a million liters of liquid in what came to be known as the London Beer Flood.
  • ...in 1914, writer Jerry Siegel, who co-created Superman with collaborator Joe Shuster, is born in Cleveland, OH.
  • ...in 1931, organized crime boss Al Capone, known as "Public Enemy No. 1", is finally convicted on 22 counts of tax evasion.
  • ...in 1933, Due to rising anti-Semitism and anti-intellectualism in Hitler's Germany, Albert Einstein immigrates to the U.S., making his home in Princeton, NJ.