<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 12/21/2021

SHARE

Breaches

Intruders leverage Log4j flaw to breach Belgian Defense Department

Parts of the Belgian Defense Ministry's computer networks have been down since Thursday after a cyber incident in which attackers exploited the Apache Log4j vulnerability, government officials said. "All weekend our teams have been mobilized to control the problem, continue our activities and warn our partners," spokesperson Olivier Séverin told news publication VRT. "The priority is to keep the network operational. We will continue to monitor the situation." READ MORE...


UK National Crime Agency finds 225 million previously unexposed passwords

The United Kingdom's National Crime Agency and National Cyber Crime Unit have uncovered a colossal trove of stolen passwords. We know this because Troy Hunt, of Have I Been Pwned (HIBP) fame, yesterday announced the agency has handed them over to his service, which lets anyone conduct a secure search of stolen passwords to check if their credentials have been exposed. READ MORE...

Hacking

Russian national accused of hacking, illegal trading is extradited to US

A Russian national accused of hacking into U.S. company networks, stealing non-public information, and then trading stocks based on that information was extradited to the U.S., federal prosecutors announced Monday. Vladislav Kliushin, 41, along with four co-conspirators, allegedly hacked into two firms that help publicly traded companies prepare filings for public release, and used non-public information, such as earnings projections, to trade stocks ahead of the public release. READ MORE...


Lights Out: Cyberattacks Shut Down Building Automation Systems

A building automation engineering firm experienced a nightmare scenario: It suddenly lost contact with hundreds of its building automation system (BAS) devices - light switches, motion detectors, shutter controllers, and others - after a rare cyberattack locked the company out of the BAS it had constructed for an office building client. The firm, located in Germany, discovered that three-quarters of the BAS devices in the office building system network had been locked down. READ MORE...

Malware

Log4j vulnerability now used to install Dridex banking malware

Threat actors now exploit the critical Apache Log4j vulnerability named Log4Shell to infect vulnerable devices with the notorious Dridex banking trojan or Meterpreter. The Dridex malware is a banking trojan originally developed to steal online banking credentials from victims. However, over time, the malware has evolved to be a loader that downloads various modules that can be used to perform different malicious behavior. READ MORE...


Conti Ransomware Gang Has Full Log4Shell Attack Chain

The Conti ransomware gang, which last week became the first professional crimeware outfit to adopt and weaponize the Log4Shell vulnerability, has now built up a holistic attack chain. The sophisticated Russia-based Conti group - which Palo Alto Networks has called "one of the most ruthless" of dozens of ransomware groups currently known to be active - was in the right place at the right time with the right tools when Log4Shell hit the scene 10 days ago. READ MORE...

Exploits/Vulnerabilities

Microsoft warns of easy Windows domain takeover via Active Directory bugs

Microsoft warned customers today to patch two Active Directory domain service privilege escalation security flaws that, when combined, allow attackers to easily takeover Windows domains. The company released security updates to address the two security vulnerabilities (tracked as CVE-2021-42287 and CVE-2021-42278 and reported by Andrew Bartlett of Catalyst IT) during the November 2021 Patch Tuesday. READ MORE...


FBI: State hackers exploiting new Zoho zero-day since October

The Federal Bureau of Investigation (FBI) says a zero-day vulnerability in Zoho's ManageEngine Desktop Central has been under active exploitation by state-backed hacking groups (also known as APTs or advanced persistent threats) since at least October. "Since at least late October 2021, APT actors have been actively exploiting a zero-day, now identified as CVE-2021-44515, on ManageEngine Desktop Central servers," the FBI's Cyber Division said. READ MORE...

On This Date

  • ...in 1935, TV talk show host and producer Phil Donahue is born in Cleveland, OH.
  • ...in 1937, Disney's "Snow White and the Seven Dwarfs", the world's first full-length animated feature, premieres in Los Angeles.
  • ...in 1948, actor Samuel L. Jackson ("Pulp Fiction", "Unbreakable") is born in Washington, D.C.
  • ...in 1968, the Apollo 8 mission launches from Cape Canaveral. It will be the first time that a human-crewed craft reaches the Moon and achieves lunar orbit.