IT Security Newsletter - 12/20/2022
Russian hackers attempted to breach petroleum refining company in NATO country, researchers say
A Russian-linked hacking group attempted to infiltrate a petroleum refining company in a NATO member state in late August, according to a report by Palo Alto's Unit 42. The attempted intrusion, which appears to have been unsuccessful, occurred on Aug. 30 and was carried out through spear phishing emails using English-named files containing words like "military assistance," according to the report, which provides an update on the activities of a hacking group Palo Alto tracks as "Trident Ursa." READ MORE...
DraftKings warns data of 67K people was exposed in account hacks
Sports betting company DraftKings revealed last week that more than 67,000 customers had their personal information exposed following a credential attack in November. In credential stuffing attacks, automated tools are used to make a massive number of attempts (up to millions at a time) to sign into accounts using credentials (user/password pairs) stolen from other online services. READ MORE...
McGraw Hill's S3 buckets exposed 100,000 students' grades and personal info
Misconfigured Amazon Web Services S3 buckets belonging to McGraw Hill exposed more than 100,000 students' information as well as the education publishing giant's own source code and digital keys, according to security researchers. The research team at vpnMentor said they discovered the open S3 buckets on June 12, and contacted McGraw Hill a day later. READ MORE...
Swatters used Ring cameras to livestream attacks, taunt police, prosecutors say
Federal prosecutors have charged two men with allegedly taking part in a spree of swatting attacks against more than a dozen owners of compromised Ring home security cameras and using that access to livestream the police response on social media. Kya Christian Nelson, 21, of Racine, Wisconsin, and James Thomas Andrew McCarty, 20, of Charlotte, North Carolina, gained access to 12 Ring cameras after compromising the Yahoo Mail accounts of each owner, prosecutors alleged in an indictment filed Friday. READ MORE...
Little Rock School District approves $250K payment in ransomware settlement
While trying to retrieve stolen data from its network, the Little Rock School District's board voted 6-3 on Dec. 5 to approve a $250,000 settlement that would end a recent ransomware incident. An LRSD school board member accidentally shared the dollar amount of the settlement during the public board meeting. The 21,200-student district in Arkansas has released very few details about the cyberattack since the Dec. 5 meeting. READ MORE...
FoxIt Patches Code Execution Flaws in PDF Tools
Foxit Software has rolled out a critical-severity patch to cover a dangerous remote code execution flaw in its flagship PDF Reader and PDF Editor products. The vulnerability, which was discovered and reported by researchers at the Renmin University of China, could be exploited via rigged PDF files of web pages, the company warned in an advisory. Foxit said the vulnerability is contained to the Windows platform and affects Foxit PDF Reader 12.0.2.12465 and earlier. READ MORE...
Sophisticated DarkTortilla Malware Serves Imposter Cisco, Grammarly Pages
Researchers have spotted two phishing sites - one spoofing a Cisco webpage and the other masquerading as a Grammarly site - that threat actors are using to distribute a particularly pernicious piece of malware known as "DarkTortilla." The .NET-based malware can be configured to deliver various payloads and is known for functions that make it extremely stealthy and persistent on the systems it compromises. READ MORE...
Malicious Python Trojan Impersonates SentinelOne Security Client
In the latest supply chain attack, an unknown threat actor has created a malicious Python package that appears to be a software development kit (SDK) for a well-known security client from SentinelOne. According to an advisory from cybersecurity firm ReversingLabs issued on Monday, the package, dubbed SentinelSneak, appears to be a "fully functional SentinelOne client" and is currently under development with frequent updates appearing on the Python Package Index. READ MORE...
Critical Windows code-execution vulnerability went undetected until now
Researchers recently discovered a Windows code-execution vulnerability that has the potential to rival EternalBlue, the name of a different Windows security flaw used to detonate WannaCry, the ransomware that shut down computer networks across the world in 2017. Like EternalBlue, CVE-2022-37958, as the latest vulnerability is tracked, allows attackers to execute malicious code with no authentication required. READ MORE...
Microsoft finds macOS bug that lets malware bypass security checks
Apple has fixed a vulnerability attackers could leverage to deploy malware on vulnerable macOS devices via untrusted applications capable of bypassing Gatekeeper application execution restrictions. Found and reported by Microsoft principal security researcher Jonathan Bar Or, the security flaw (dubbed Achilles) is now tracked as CVE-2022-42821. Apple addressed the bug in macOS 13 (Ventura), macOS 12.6.2 (Monterey), and macOS 1.7.2 (Big Sur) one week ago, on December 13. READ MORE...
Cisco Warns of Many Old Vulnerabilities Being Exploited in Attacks
Cisco has updated multiple security advisories to warn of the malicious exploitation of severe vulnerabilities impacting its networking devices. Many of the bugs, which carry severity ratings of 'critical' or 'high', have been addressed 4-5 years ago, but organizations that haven't patched their devices continue to be impacted. Last week, the tech giant added exploitation warnings to more than 20 advisories detailing security defects in Cisco IOS, NX-OS, and HyperFlex software. READ MORE...
- ...in 1868, businessman Harvey Firestone, founder of the Firestone Tire and Rubber Company, is born in Columbiana, OH.
- ...in 1946, the beloved Frank Capra classic "It's A Wonderful Life" opens in New York City. Surprisingly, it was a box office bomb, losing over $525,000 for RKO.
- ...in 1954, novelist Sandra Cisneros ("The House on Mango Street") is born in Chicago, IL.
- ...in 2007, Queen Elizabeth II becomes the oldest living monarch of the United Kingdom, surpassing Queen Victoria's nearly 82-year lifespan.