IT Security Newsletter - 11/2/2023
3,000 Apache ActiveMQ servers vulnerable to RCE attacks exposed online
Over three thousand internet-exposed Apache ActiveMQ servers are vulnerable to a recently disclosed critical remote code execution (RCE) vulnerability. Apache ActiveMQ is a scalable open-source message broker that fosters communication between clients and servers, supporting Java and various cross-language clients and many protocols, including AMQP, MQTT, OpenWire, and STOMP. READ MORE...
British, Toronto Libraries Struggle After Cyber Incidents
As the national library of the UK, the British Library has a collection of more than 150 million items, including books, films, and manuscripts. But the library is struggling with major outages affecting its website and services after a late October cyberattack. The library reported that some on-site services such as Wi-Fi were affected, however, its buildings remain open and certain on-site services are still available. READ MORE...
Cybercrooks amp up attacks via macro-enabled XLL files
Cybercriminals are once again abusing macro-enabled Excel add-in (XLL) files in malware attacks at a vastly increased rate, according to new research. HP Wolf Security revealed that .xlam files are now the seventh most commonly abused file extension in Q3 2023, rising 35 places from 42nd on the list in Q2. XLL attacks aren't new and researchers observed a lull in exploits at the start of 2023, but a surge in attention has been given to them in the past few months. READ MORE...
Iranian Cyber Spies Use 'LionTail' Malware in Latest Attacks
An Iranian espionage group has been caught using a new malware framework in a recent spate of cyberattacks, according to a warning from researchers at Check Point. Tracked as Scarred Manticore and linked to the OilRig threat actor, the nation-state hacking group has been active since at least 2019, targeting high-profile organizations in the Middle East. In its most recent campaign, Scarred Manticore has been observed using LionTail, which does not show code overlaps with known malware families READ MORE...
Who killed Mozi? Finally putting the IoT zombie botnet in its grave
In August 2023, the notorious Mozi botnet, infamous for exploiting vulnerabilities in hundreds of thousands of IoT devices each year, experienced a sudden and unanticipated nosedive in activity. First observed in India on August 8th, 2023 and a week later in China on August 16th, this mysterious disappearance stripped Mozi bots of most of their functionality. Our investigation into this event led us to the discovery of a kill switch on September 27th, 2023. READ MORE...
Dozens of Kernel Drivers Allow Attackers to Alter Firmware, Escalate Privileges
VMware Carbon Black's Threat Analysis Unit (TAU) has identified dozens of previously unknown vulnerable kernel drivers that could be exploited by attackers to alter firmware or escalate privileges. It's not uncommon for threat actors, including cybercriminals and state-sponsored groups, to abuse kernel drivers in their operations. Such drivers can allow malicious hackers to manipulate system processes, maintain persistence on a system, and evade security products. READ MORE...
More Than 100 Vulns in Microsoft 365 Tied to SketchUp 3D Library
Microsoft's move to include support in Microsoft 365 for the SketchUp 3D Library in June 2022 appears to have introduced numerous vulnerabilities in the company's suite of cloud-based productivity and collaboration tools. The latest evidence of that is a report this week from ZScaler's ThreatLabz on the security vendor's discovery of as many as 117 unique vulnerabilities in Microsoft 365 via SketchUp within just a three-month period of poking at the technology. READ MORE...
- ...in 1889, North and South Dakota are admitted as the 39th and 40th U.S. states.
- ...in 1913, actor Burt Lancaster ("Elmer Gantry", "From Here to Eternity") is born in New York City.
- ...in 1959, game show contestant Charles Van Doren admits to a Congressional committee that he had been given questions and answers in advance.
- ...in 2016, the Chicago Cubs defeat the Cleveland Indians in the World Series, ending the longest Major League Baseball championship drought at 108 years.