<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 11/8/2021

SHARE

Breaches

US Defense Contractor Discloses Data Breach

Electronic Warfare Associates (EWA), a US defense contractor, has confirmed a data breach in which attackers exfiltrated files containing personal information. The breach began with a phishing attack that had "some limited impact" on EWA email accounts, officials report in a notification letter. Their investigation determined an attacker broke into EWA email accounts on Aug. 2, 2021, the organization learned of the attack when the intruder attempted wire fraud. READ MORE...

Hacking

State hackers breach defense, energy, healthcare orgs worldwide

Cybersecurity firm Palo Alto Networks warned over the weekend of an ongoing hacking campaign that has already resulted in the compromise of at least nine organizations worldwide from critical sectors, including defense, healthcare, energy, technology, and education. To breach the orgs networks, the threat actors behind this cyberespionage campaign exploited a critical vulnerability (CVE-2021-40539) in Zoho's enterprise password management solution known as ManageEngine ADSelfService Plus. READ MORE...


Proofpoint Phish Harvests Microsoft O365, Google Logins

Phishers are impersonating Proofpoint, the cybersecurity firm, in an attempt to make off with victims' Microsoft Office 365 and Google email credentials. According to researchers at Armorblox, they spotted one such campaign lobbed at an unnamed global communications company, with nearly a thousand employees targeted just within that one organization. "The email claimed to contain a secure file sent via Proofpoint as a link," they explained in a posting on Thursday. READ MORE...

Trends

Native Tribal Casinos Taking Millions in Ransomware Losses

Ransomware groups have made millions off attacks on native tribal casinos in the U.S., just over the past few months. A notification issued by the Federal Bureau of Investigation (FBI) cybercrime unit, according to a new report from Bleeping Computer, said that ransomware attacks on tribal casinos date back to 2016 - but a recent uptick has raised the alarm. The alert reportedly identified notorious ransomware groups which have launched successful attacks on casinos, shutting down operations and stealing data. READ MORE...

Malware

Operation Cyclone deals blow to Clop ransomware operation

A thirty-month international law enforcement operation codenamed 'Operation Cyclone' targeted the Clop ransomware gang, leading to the previously reported arrests of six members in Ukraine. In June, BleepingComputer reported that Ukrainian law enforcement arrested members of the Clop ransomware gang involved in laundering ransom payments. This Friday, new information came to light regarding how the operation was conducted and the law enforcement agencies involved. READ MORE...


Babuk Ransomware Seen Exploiting ProxyShell Vulnerabilities

A newly observed Babuk ransomware campaign is targeting ProxyShell vulnerabilities in Microsoft Exchange Server, according to security researchers at Cisco Talos. The researchers spotted signs that the attackers are leveraging a China Chopper web shell for the initial compromise, and then use that for the deployment of Babuk. Tracked as CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207, the issues were addressed in April and May, with technical details made public in August. READ MORE...

Exploits/Vulnerabilities

Philips healthcare infomatics solution vulnerable to SQL injection

The Philips Tasy EMR, used by hundreds of hospitals as a medical record solution and healthcare management system, is vulnerable to two critical SQL injection flaws. The vulnerabilities are tracked as CVE-2021-39375 and CVE-2021-39376, and both have a severity score of 8.8 in CVSS v3. These are SQL injection flaws via two parameters, relying on the improper escaping of special characters in SQL commands. The affected versions of the product are Tasy EMR HTML5 3.06.1803 and prior. READ MORE...


Researchers Release PoC Tool Targeting BrakTooth Bluetooth Vulnerabilities

The United States Cybersecurity and Infrastructure Security Agency (CISA) this week warned on proof-of-concept (PoC) code for the BrakTooth Bluetooth vulnerabilities now being publicly available. BrakTooth is the name researchers with the Singapore University of Technology and Design gave to a set of roughly two dozen vulnerabilities in commercial Bluetooth Classic (BT) stacks and which affect system-on-chips (SoCs) running Bluetooth 3.0 + HS to Bluetooth 5.2. READ MORE...

On This Date

  • ...in 1836, businessman and game publisher Milton Bradley is born in Vienna, ME.
  • ...in 1847, novelist Bram Stoker, author of "Dracula", is born in Dublin, Ireland.
  • ...in 1960, John F. Kennedy defeats Richard M. Nixon to become the 35th president of the United States.
  • ...in 1972, HBO transmits its first evening of programming (the 1971 film "Sometimes A Great Notion") to 325 subscribers in Wilkes-Barre, PA.