<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 10/7/2022

SHARE

Top News

Chinese state-sponsored hackers have become more brazen, prompting an NSA advisory

Increasingly bold Chinese state-sponsored hackers are actively using known vulnerabilities to gain access to sensitive networks, a dynamic National Security Agency cyber chief Rob Joyce called a "major threat" to critical infrastructure and election security on Thursday. Joyce emphasized there is no specific, significant threat against U.S. elections but said the NSA decided to release an advisory on the topic to ensure extra vigilance as November's elections loom. READ MORE...

Breaches

2K warns users their info has been stolen following breach of its help desk

Game company 2K on Thursday warned users to remain on the lookout for suspicious activity across their accounts following a breach last month that allowed a threat actor to obtain email addresses, names, and other sensitive information provided to 2K's support team. The breach occurred on September 19, when the threat actor illegally obtained system credentials belonging to a vendor 2K uses to run its help desk platform. READ MORE...


Binance Bridge Hit by $560 Million Hack

Hackers have exploited a cross-chain bridge to divert more than $560 million worth of cryptocurrency from Binance Bridge. Operating on the Binance Coins (BNB) Smart Chain, Binance Bridge is a blockchain bridge designed to help with the transfer of information and assets between blockchains. On Thursday, Binance CEO Changpeng Zhao announced on Twitter that hackers exploited a vulnerability in the BSC (BNB Chain) Token Hub cross-chain bridge (blockchain bridge). READ MORE...

Hacking

Russian Hackers Shut Down US State Government Websites

A hacktvist group with ties to the Russian government has claimed credit for cyberattacks on the government websites of three US states: Colorado, Kentucky, and Mississippi. The sites for Mississippi and Kentucky were functioning Thursday, following the Russian cyberattacks, while the Colorado State Official Web Portal was displaying a message that the "homepage is currently offline," earlier in the day. By Thursday afternoon, the homepage appeared back online. READ MORE...

Software Updates

October 2022 Patch Tuesday forecast: Looking for treats, not more tricks

We've entered the final quarter of 2022 with a favorite holiday for many - Halloween, at the end of the month. Unfortunately, Microsoft has continued to play a few tricks on us. Several Microsoft Exchange Server vulnerabilities have been reported and exploited, and the Windows 11 rollout and updates have been a little 'rocky'. Although September 2022 Patch Tuesday turned out to be fairly routine the problems started soon thereafter. READ MORE...


Cisco Patches High-Severity Vulnerabilities in Communications, Networking Products

Cisco announced on Wednesday that it has patched potentially serious vulnerabilities in some of its networking and communications products, including Enterprise NFV, Expressway and TelePresence. The company has informed customers that its Expressway series and TelePresence Video Communication Server software is affected by two high-severity vulnerabilities. READ MORE...

Malware

Avast releases free decryptor for MafiaWare666 ransomware variants

Avast has released a decryptor for variants of the MafiaWare666 ransomware known as 'Jcrypt', 'RIP Lmao', and 'BrutusptCrypt,' allowing victims to recover their files for free. The security company says it discovered a flaw in the encryption scheme of the MafiaWare666 strain, allowing some of the variants to be unlocked. However, this may not apply to newer or unknown samples that use a different encryption system. READ MORE...

Exploits/Vulnerabilities

Hundreds of Microsoft SQL servers found to be backdoored

Researchers at DCSO CyTec recently found a backdoor that specifically targets Microsoft SQL servers. The malware acts as an Extended Stored Procedure, which is a special type of extension used by Microsoft SQL servers. After scanning approximately 600,000 servers worldwide, they found 285 servers infected with this backdoor, in 42 countries. The distribution shows a clear focus on the Asia-Pacific region. READ MORE...


Loads of PostgreSQL systems are sitting on the internet without SSL encryption

Only a third of PostgreSQL databases connected to the internet use SSL for encrypted messaging, according to a cloud database provider. Bit.io, which offers a drag-and-drop database as a service based on PostgreSQL, searched shodan.io to create a sample of 820,000 PostgreSQL servers connected to the internet over September 1-29. Of this sample, more than 523,000 PostgreSQL servers did not use SSL (64 percent). READ MORE...

On This Date

  • ...in 1931, South African archbishop and Nobel Prize-winning anti-apartheid activist Desmond Tutu is born in Klerksdorp, Western Transvaal.
  • ...in 1951, singer-songwriter John Mellencamp ("Jack & Diane", "Pink Houses") is born in Seymour, IN.
  • ...in 1955, cellist and Presidential Medal of Freedom recipient Yo-Yo Ma is born in Paris, France.
  • ...in 1959, the Soviet probe Luna 3 transmits the first-ever photographs of the far side of the Moon.