IT Security Newsletter - 11/29/2022
Virginia County Confirms Personal Information Stolen in Ransomware Attack
Southampton County in Virginia last week started informing individuals that their personal information might have been compromised in a ransomware attack. The incident was identified in September, when a threat actor accessed a server at Southampton and encrypted the data that was stored on it. The county says that it took steps to contain the attack immediately after identifying it, and that it launched an investigation into the incident, to determine the type of data that might have been compromised. READ MORE...
Hack-for-Hire Group Targets Android Users With Malicious VPN Apps
A hack-for-hire group known as Bahamut has been targeting Android users with trojanized versions of legitimate VPN applications, ESET reports. An advanced persistent threat (APT) actor focused on cyberespionage, Bahamut was initially detailed in 2017, but continues to be active, leveraging a fake online empire of social media personas, websites, and applications, which has allowed it to fly under the radar. READ MORE...
Sandworm gang launches Monster ransomware attacks on Ukraine
The Russian criminal crew Sandworm is launching another attack against organizations in Ukraine, using a ransomware that analysts at Slovakian software company ESET are calling RansomBoggs. In a Twitter thread, the ESET researchers wrote that they had detected RansomBoggs deployed within the networks of "multiple organizations in Ukraine." While some aspects of RansomBoggs are different from the malware that has been linked to Sandworm the deployment methods are similar, they wrote. READ MORE...
Acer fixes UEFI bugs that can be used to disable Secure Boot
Acer has fixed a high-severity vulnerability affecting multiple laptop models that could enable local attackers to deactivate UEFI Secure Boot on targeted systems. The Secure Boot security feature blocks untrusted operating systems bootloaders on computers with a Trusted Platform Module (TPM) chip and Unified Extensible Firmware Interface (UEFI) firmware to prevent malicious code like rootkits and bootkits from loading during the startup process. READ MORE...
Black Basta Gang Deploys Qakbot Malware in Aggressive Cyber Campaign
The Black Basta ransomware group is using Qakbot malware - also known as QBot or Pinkslipbot - to perpetrate an aggressive and widespread campaign using an .IMG file as the initial compromise vector. More than 10 different customers have been targeted by the campaign in the last two weeks, mostly focused on companies based in the US. According to a threat advisory posted by the Cybereason Global SOC (GSOC) on Nov. 23, the infections begin with either a spam or phishing email. READ MORE...
U.S. Govt. Apps Bundled Russian Code With Ties to Mobile Malware Developer
A recent scoop by Reuters revealed that mobile apps for the U.S. Army and the Centers for Disease Control and Prevention (CDC) were integrating software that sends visitor data to a Russian company called Pushwoosh, which claims to be based in the United States. But that story omitted an important historical detail about Pushwoosh: In 2013, one of its developers admitted to authoring the Pincer Trojan, malware designed to surreptitiously intercept and forward text messages from Android mobile devices. READ MORE...
Wave of cyber-enabled scams target FIFA World Cup fans
As the global tournament enters its second full week in Qatar, FIFA World Cup scams are proliferating as cybercriminals aim to score big from unsuspecting fans, according to data collected by cybersecurity firm Group-IB. As widely expected ahead of the games, scammers have set up a variety of ways to harvest personal information and steal money from people trying to buy merchandise or tickets online or searching for on-site work during the games, the researchers found. READ MORE...
Oracle Fusion Middleware Vulnerability Exploited in the Wild
The US Cybersecurity and Infrastructure Security Agency (CISA) on Monday warned organizations that a critical Oracle Fusion Middleware vulnerability patched in early 2022 is being exploited in attacks. The security hole, tracked as CVE-2021-35587, impacts Oracle Access Manager, which provides the Oracle Fusion Middleware single sign-on (SSO) solution. The affected product is used by many major organizations, such as VMware, Huawei, and Qualcomm, according to the researchers who found the vulnerability. READ MORE...
- ...in 1929, US Navy Admiral Richard E. Byrd leads the first expedition to fly over the South Pole.
- ...in 1951, funk music pioneer and Zapp Band founder Roger Troutman ("More Bounce to the Ounce", "Computer Love") is born in Hamilton, OH.
- ...in 1963, President Lyndon B. Johnson establishes the Warren Commission, to investigate the assassination of his predecessor, John F. Kennedy.
- ...in 1972, Atari releases Pong, the first commercially successful video game, launching both the arcade and home console industries.