IT Security Newsletter - 12/16/2021
North American Propane Distributor 'Superior Plus' Discloses Ransomware Attack
North American propane distributor Superior Plus this week announced that it had to shut down certain computer systems after falling victim to a ransomware attack. The company says it discovered the breach on Sunday, December 12, and that, as a response, it took steps to mitigate impact on corporate data and operations. "Superior has temporarily disabled certain computer systems and applications as it investigates this incident and is in the process of bringing these systems back online," the company says. READ MORE...
Iran-Linked Hackers Attack Israeli Targets: Company
An Iran-linked hacking group attacked seven Israeli targets over a 24-hour period this week, an Israeli cybersecurity firm said, in the latest episode of cyberwarfare between the rival states. The targets of the attack by the group called "Charming Kitten" included the Israeli "government and business sector", Tel Aviv-based Check Point said in a statement late Wednesday, without providing specifics. READ MORE...
Emotet starts dropping Cobalt Strike again for faster attacks
Right in time for the holidays, the notorious Emotet malware is once again directly installing Cobalt Strike beacons for rapid cyberattacks. For those not familiar with Emotet, it is considered one of the most widespread malware infections and is distributed through phishing emails that include malicious attachments. Historically, once a device becomes infected, Emotet will steal a victim's email to use in future campaigns and then drops malware payloads, such as TrickBot and Qbot. READ MORE...
Phorpiex botnet returns with new tricks making it harder to disrupt
The previously shutdown Phorpiex botnet has re-emerged with new peer-to-peer command and control infrastructure, making the malware more difficult to disrupt. The botnet first launched in 2016 and quickly accumulated a massive army of over 1 million devices over the years. The malware generates revenue for its developers by swapping cryptocurrency addresses copied to the Windows clipboard with addresses under their control or by spamming sextortion emails to scare people into paying an extortion demand. READ MORE...
'DarkWatchman' RAT Shows Evolution in Fileless Malware
A novel remote access trojan (RAT) being distributed via a Russian-language spear-phishing campaign is using unique manipulation of Windows Registry to evade most security detections, demonstrating a significant evolution in fileless malware techniques. Dubbed DarkWatchman, the RAT - discovered by researchers at Prevailion's Adversarial Counterintelligence Team (PACT) - uses the registry on Windows systems for nearly all temporary storage on a machine and thus never writes anything to disk. READ MORE...
Malicious Exchange Server Module Hoovers Up Outlook Credentials
Researchers have uncovered a previously unknown malicious IIS module, dubbed Owowa, that steals credentials when users log into Microsoft Outlook Web Access (OWA). Internet Information Services (IIS), Microsoft's web server/web-hosting software suite, can be extended via various add-ons that are known as modules. Like plugins for WordPress or Chrome extensions, IIS modules offer an attractive way to side-load malicious features into web-facing applications. READ MORE...
Patch fixing critical Log4J 0-day has its own vulnerability that's under exploit
Last Thursday, the world learned of an in-the-wild exploitation of a critical code-execution zero-day in Log4J, a logging utility used by just about every cloud service and enterprise network on the planet. Open source developers quickly released an update that patched the flaw and urged all users to install it immediately. Now, researchers are reporting that there are at least two vulnerabilities in the patch, released as Log4J 2.15.0. READ MORE...
- ...in 1770, classical composer and pianist Ludwig van Beethoven is born in Bonn, Germany.
- ...in 1773, the Sons of Liberty stage the "Boston Tea Party", a protest against British taxation of the American colonies without representation in Parliament.
- ...in 1775, English novelist Jane Austen ("Sense and Sensibility", "Pride and Prejudice") is born in Hampshire, England.
- ...in 1949, Swedish aerospace company Saab builds its first automobile at its production facility in Trollhattan.