<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 11/23/2022



Hackers breach energy orgs via bugs in discontinued web server

Microsoft said today that security vulnerabilities found to impact a web server discontinued since 2005 have been used to target and compromise organizations in the energy sector. As cybersecurity company Recorded Future revealed in a report published in April, state-backed Chinese hacking groups (including one traced as RedEcho) targeted multiple Indian electrical grid operators, compromising an Indian national emergency response system and the subsidiary of a multinational logistics company. READ MORE...


Donut extortion group also targets victims with ransomware

The Donut (D0nut) extortion group has been confirmed to deploy ransomware in double-extortion attacks on the enterprise. BleepingComputer first reported on the Donut extortion group in August, linking them to attacks on Greek natural gas company DESFA, UK architectural firm Sheppard Robson, and multinational construction company Sando. Strangely, the data for Sando and DESFA was also posted to several ransomware operations' sites. READ MORE...

Fake subscription invoices lead to corporate data theft and extortion

A threat actor dubbed Luna Moth has been leveraging social engineering and legitimate software to steal sensitive data and extort money from small and medium-size businesses. The group is eschewing the use of ransomware and instead relies on targeted employees calling a phone number manned by the attackers and convincing them to install a remote access tool. READ MORE...

'Pig butchering' romance scam domains seized and slaughtered by the Feds

The US government seized seven domain names used in so-called "pig butchering" scams that netted criminals more than $10 million. Pig butchering is a newish twist on romance scams in which fraudsters build a relationship with their victims and then con them into transferring money into accounts controlled by the crooks. In these cases, however, the fraudsters convince their marks to "invest" in cryptocurrency via phony websites before disappearing with the victim's money. READ MORE...


Three-quarters of retail, hospitality applications have security flaws

As the Black Friday weekend is upon us, a report from Veracode shows almost three-quarters of retail and hospitality applications contain security flaws. Just one-quarter of those flaws are fixed. Almost 1 in 5 of these security flaws are considered "high severity" and could pose a serious risk to an organization if exploited. More than three-quarters of Americans plan to shop during the Black Friday sales and almost 3 in 5 plan to do all of their shopping online. READ MORE...

Software Updates

AWS fixes 'confused deputy' vulnerability in AppSync

Amazon Web Services (AWS) fixed a cross-tenant flaw in AWS AppSync that could allow miscreants to abuse that cloud service to assume identity and access management roles in other AWS accounts, and then gain access to and control over those resources. Security researchers at Datadog identified the bug and reported it to AWS on September 1. Five days later the tech giant pushed a fix to the AppSync service, which Datadog confirmed solved the problem. READ MORE...


Bahamut cybermercenary group targets Android users with fake VPN apps

ESET researchers have identified an active campaign targeting Android users, conducted by the Bahamut APT group. This campaign has been active since January 2022 and malicious apps are distributed through a fake SecureVPN website that provides only Android apps to download. Note that although the malware employed throughout this campaign uses the name SecureVPN, it has no association whatsoever with the legitimate, multiplatform SecureVPN software and service. READ MORE...

Information Security

Ouch! Ransomware gang says it won't attack AirAsia again due to the "chaotic organisation" of hacked airline's network

What's worse? Being hit by ransomware attack that sees criminals steal information about your staff and passengers, or being hit by ransomware attack that sees criminals steal information about your staff and passengers, AND then have the gang tell the world that your firm's IT infrastructure is so chaotic, poorly-secured, and downright irritating that it refuses to repeat the attack. That's the humiliating slap in the face given by the Daixin Team ransomware gang to Air Asia. READ MORE...


Cybersecurity Pros Put Mastodon Flaws Under the Microscope

As Mastodon experiences explosive user growth as a replacement for Twitter, infosec experts are pointing out security holes in the social media network. From an anonymous server collecting user information to configuration errors that create vulnerabilities, the increased popularity of the platform is leading to increased scrutiny of its flaws. Unlike other social media apps, which have a central authority, Mastodon is a federation of servers that can communicate with each other, but are run separately by independent admins. READ MORE...

On This Date

  • ...in 1887, "Frankenstein" actor Boris Karloff (born William Henry Pratt) is born in London, England.
  • ...in 1888, film comedian, musician, and Algonquin Round Table regular Arthur "Harpo" Marx is born in New York City.
  • ...in 1936, the first issue of Life Magazine is published.
  • ...in 1963, the BBC broadcasts the very first episode of "Doctor Who", which holds the record for longest-running science fiction TV series.