IT Security Newsletter - 10/3/2024
Zero-Day Breach at Rackspace Sparks Vendor Blame Game
Enterprise cloud host Rackspace has been hacked via a zero-day flaw in ScienceLogic's monitoring app, with ScienceLogic shifting the blame to an undocumented vulnerability in a different bundled third-party utility. The breach, flagged on September 24, was traced back to a zero-day in ScienceLogic's flagship SL1 software but a company spokesperson tells SecurityWeek the remote code execution exploit actually hit a "non-ScienceLogic third-party utility that is delivered with the SL1 package." READ MORE...
Two British-Nigerian men sentenced over multimillion-dollar business email scam
Two British-Nigerian men were sentenced for serious business email compromise schemes in the US this week, netting them millions of dollars from local government entities, construction companies, and colleges. Oludayo Kolawole John Adeagbo, 45, was sentenced to seven years in prison for fraud campaigns affecting organizations in Texas and North Carolina. He was assisted in the latter scheme by Donald Ikenna Echeazu, 42, who was sentenced to 18 months in prison and ordered to pay $655,408.87 in restitution. READ MORE...
What Communications Companies Need to Know Before Q-Day
After a grueling eight years of testing, the National Institute of Standards and Technology (NIST) has finalized the first three algorithms that will form the backbone of the world's strategy to counter the potential threats of quantum computing. Given that enterprising hackers are likely already harvesting and storing massive volumes of encrypted sensitive data for future exploitation, this is welcome news. READ MORE...
Ransomware crew infects 100+ orgs monthly with new MedusaLocker variant
An extortionist armed with a new variant of MedusaLocker ransomware has infected more than 100 organizations a month since at least 2022, according to Cisco Talos, which recently discovered a "substantial" Windows credential data dump that sheds light on the criminal and their victims. The miscreant, whom Talos has dubbed "PaidMemes," uses a recent MedusaLocker variant called "BabyLockerKZ," and inserts the words "paid_memes" into the malware plus other tools used during the attacks. READ MORE...
Tick Tock.. Operation Cronos Arrests More LockBit Ransomware Gang Suspects
International law enforcement agencies have scored another victory against the LockBit gang, with a series of arrests and the seizure of servers used within the notorious ransomware group's infrastructure. As Europol has detailed in a press release, international authorities have continued to work on "Operation Cronos", and now arrested four people, seized servers, and implemented sanctions against an affiliate of the ransomware group. READ MORE...
Meta smart glasses can be used to dox anyone in seconds, study finds
Two Harvard students recently revealed that it's possible to combine Meta smart glasses with face image search technology to "reveal anyone's personal details," including their name, address, and phone number, "just from looking at them." In a Google document, AnhPhu Nguyen and Caine Ardayfio explained how they linked a pair of Meta Ray Bans 2 to an invasive face search engine called PimEyes to help identify strangers by cross-searching their information on various people-search databases. READ MORE...
Attackers exploit critical Zimbra vulnerability using cc'd email addresses
Attackers are actively exploiting a critical vulnerability in mail servers sold by Zimbra in an attempt to remotely execute malicious commands that install a backdoor, researchers warn. The vulnerability resides in the Zimbra email and collaboration server used by medium and large organizations. When an admin manually changes default settings to enable the postjournal service, attackers can execute commands by sending maliciously formed emails to an address hosted on the server. READ MORE...
CISA: Network switch RCE flaw impacts critical infrastructure
U.S. cybersecurity agency CISA is warning about two critical vulnerabilities that allow authentication bypass and remote code execution in Optigo Networks ONS-S8 Aggregation Switch products used in critical infrastructure. The flaws concern weak authentication problems, allowing bypassing of password requirements, and user input validation issues potentially leading to remote code execution, arbitrary file uploads, and directory traversal. READ MORE...
Critical Ivanti RCE flaw with public exploit now used in attacks
CISA warned today that a critical Ivanti vulnerability that can let threat actors gain remote code execution on vulnerable Endpoint Manager (EPM) appliances is now actively exploited in attacks. Ivanti EPM is an all-in-one endpoint management solution that helps admins manage client devices on various platforms. This SQL Injection vulnerability in Ivanti EPM's Core server that unauthenticated attackers within the same network can exploit to execute arbitrary code on unpatched systems. READ MORE...
- ...in 1789, George Washington issues a proclamation declaring Thanksgiving as a national holiday.
- ...in 1906, The first conference on wireless telegraphy in Berlin adopts SOS as warning signal.
- ...in 1985, Space Shuttle Atlantis makes its maiden flight from Kennedy Space Center in Florida.
- ...in 1990, East and West Germany reunify after 40 years of division following WWII.