IT Security Newsletter

IT Security Newsletter - 10/17/2023

Written by Cadre | Tue, Oct 17, 2023

Russian Sandworm hackers breached 11 Ukrainian telcos since May

The state-sponsored Russian hacking group tracked as 'Sandworm' has compromised eleven telecommunication service providers in Ukraine between May and September 2023. That is based on a new report by Ukraine's Computer Emergency Response Team (CERT-UA) citing 'public resources' and information retrieved from some breached providers. The agency states that the Russian hackers "interfered" with the communication systems of 11 telcos in the country, leading to service interruptions and potential data breaches. READ MORE...

Kansas courts IT systems offline after 'security incident'

Information systems of state courts across Kansas are still offline after they've been disrupted in what the Kansas judicial branch described last Thursday as a "security incident." Multiple systems crucial to daily court operations across the state have been impacted, including the Kansas Courts' eFiling system used by attorneys to submit case documents, the electronic payments system, and the case management systems employed by district and appellate courts for case processing. READ MORE...

Fraudsters target Booking[.]com customers claiming hotel stay could be cancelled

One of the world's largest online travel agencies, Booking[.]com, is being used by fraudsters to trick hotel guests into handing over their payment card details. How do I know? The fraudsters tried it with me. I'm speaking at an event in London in November, and needed to book a hotel room for the night before. I don't normally use Booking[.]com for my travel arrangements, but on this occasion I did - and as a result I nearly fell for a scam that could have stolen my credit card details. READ MORE...

Pro-Israeli Hacktivist Group 'Predatory Sparrow' Reappears

A pro-Israeli hacktivist group named Predatory Sparrow re-emerged in the past week. Citing the current Gaza conflict, last week the group sent the first tweet in more than a year the group, saying: "You think this is scary? We're back. We hope you're following the events in Gaza" - with a link to a report on the US sending fighter planes and warships to support Israel. Predatory Sparrow is a known threat that researchers believe to be a relatively sophisticated Israeli hacking operation. READ MORE...

Compromised Skype accounts deliver DarkGate malware to employees

A threat actor is using compromised Skype accounts to deliver the DarkGate malware to target organizations, Trend Micro researchers have warned. "Versions of DarkGate have been advertised on Russian language forum eCrime since May 2023. Since then, an increase in the number of initial entry attacks using the malware has been observed," they noted. The threat actor leverages compromised Skype accounts to contact employees at target organization by impersonating a trusted external supplier. READ MORE...

Researchers warn of increased malware delivery via fake browser updates

ClearFake, a recently documented threat leveraging compromised WordPress sites to push malicious fake browser updates, is likely operated by the threat group behind the SocGholish "malware delivery via fake browser updates" campaigns, Sekoia researchers have concluded. ClearFake is the name given by researcher Randy McEoin to a malware delivery campaign he outlined in August 2023. "The name is a reference to the majority of the Javascript being used without obfuscation," he explained. READ MORE...

Security Vulnerability of Switzerland's E-Voting System

Online voting is insecure, period. This doesn't stop organizations and governments from using it. (And for low-stakes elections, it's probably fine.) Switzerland-not low stakes-uses online voting for national elections. Ed Appel explains why it's a bad idea. Last year, I published a 5-part series about Switzerland's e-voting system. Like any internet voting system, it has inherent security vulnerabilities: if there are malicious insiders, they can corrupt the vote count. READ MORE...

WordPress Websites Hacked via Royal Elementor Plugin Zero-Day

Security researchers are warning of a critical-severity vulnerability in the Royal Elementor Addons and Templates WordPress plugin that has been exploited as a zero-day for more than a month. Developed by WP Royal, the plugin helps domain admins build their websites without any coding experience. Royal Elementor has more than 200,000 active installations on the WordPress marketplace. READ MORE...

  • ...in 1814, a vat of fermenting porter at London's Horse Shoe Brewery bursts, releasing over a million liters of liquid in what came to be known as the London Beer Flood.
  • ...in 1914, writer Jerry Siegel, who co-created Superman with collaborator Joe Shuster, is born in Cleveland, OH.
  • ...in 1931, organized crime boss Al Capone, known as "Public Enemy No. 1", is finally convicted on 22 counts of tax evasion.
  • ...in 1933, Due to rising anti-Semitism and anti-intellectualism in Hitler's Germany, Albert Einstein immigrates to the U.S., making his home in Princeton, NJ.