IT Security Newsletter - 12/21/2021
Intruders leverage Log4j flaw to breach Belgian Defense Department
Parts of the Belgian Defense Ministry's computer networks have been down since Thursday after a cyber incident in which attackers exploited the Apache Log4j vulnerability, government officials said. "All weekend our teams have been mobilized to control the problem, continue our activities and warn our partners," spokesperson Olivier Séverin told news publication VRT. "The priority is to keep the network operational. We will continue to monitor the situation." READ MORE...
UK National Crime Agency finds 225 million previously unexposed passwords
The United Kingdom's National Crime Agency and National Cyber Crime Unit have uncovered a colossal trove of stolen passwords. We know this because Troy Hunt, of Have I Been Pwned (HIBP) fame, yesterday announced the agency has handed them over to his service, which lets anyone conduct a secure search of stolen passwords to check if their credentials have been exposed. READ MORE...
Russian national accused of hacking, illegal trading is extradited to US
A Russian national accused of hacking into U.S. company networks, stealing non-public information, and then trading stocks based on that information was extradited to the U.S., federal prosecutors announced Monday. Vladislav Kliushin, 41, along with four co-conspirators, allegedly hacked into two firms that help publicly traded companies prepare filings for public release, and used non-public information, such as earnings projections, to trade stocks ahead of the public release. READ MORE...
Lights Out: Cyberattacks Shut Down Building Automation Systems
A building automation engineering firm experienced a nightmare scenario: It suddenly lost contact with hundreds of its building automation system (BAS) devices - light switches, motion detectors, shutter controllers, and others - after a rare cyberattack locked the company out of the BAS it had constructed for an office building client. The firm, located in Germany, discovered that three-quarters of the BAS devices in the office building system network had been locked down. READ MORE...
Log4j vulnerability now used to install Dridex banking malware
Threat actors now exploit the critical Apache Log4j vulnerability named Log4Shell to infect vulnerable devices with the notorious Dridex banking trojan or Meterpreter. The Dridex malware is a banking trojan originally developed to steal online banking credentials from victims. However, over time, the malware has evolved to be a loader that downloads various modules that can be used to perform different malicious behavior. READ MORE...
Conti Ransomware Gang Has Full Log4Shell Attack Chain
The Conti ransomware gang, which last week became the first professional crimeware outfit to adopt and weaponize the Log4Shell vulnerability, has now built up a holistic attack chain. The sophisticated Russia-based Conti group - which Palo Alto Networks has called "one of the most ruthless" of dozens of ransomware groups currently known to be active - was in the right place at the right time with the right tools when Log4Shell hit the scene 10 days ago. READ MORE...
Microsoft warns of easy Windows domain takeover via Active Directory bugs
Microsoft warned customers today to patch two Active Directory domain service privilege escalation security flaws that, when combined, allow attackers to easily takeover Windows domains. The company released security updates to address the two security vulnerabilities (tracked as CVE-2021-42287 and CVE-2021-42278 and reported by Andrew Bartlett of Catalyst IT) during the November 2021 Patch Tuesday. READ MORE...
FBI: State hackers exploiting new Zoho zero-day since October
The Federal Bureau of Investigation (FBI) says a zero-day vulnerability in Zoho's ManageEngine Desktop Central has been under active exploitation by state-backed hacking groups (also known as APTs or advanced persistent threats) since at least October. "Since at least late October 2021, APT actors have been actively exploiting a zero-day, now identified as CVE-2021-44515, on ManageEngine Desktop Central servers," the FBI's Cyber Division said. READ MORE...
- ...in 1935, TV talk show host and producer Phil Donahue is born in Cleveland, OH.
- ...in 1937, Disney's "Snow White and the Seven Dwarfs", the world's first full-length animated feature, premieres in Los Angeles.
- ...in 1948, actor Samuel L. Jackson ("Pulp Fiction", "Unbreakable") is born in Washington, D.C.
- ...in 1968, the Apollo 8 mission launches from Cape Canaveral. It will be the first time that a human-crewed craft reaches the Moon and achieves lunar orbit.