IT Security Newsletter

IT Security Newsletter - 12/22/2022

Written by Cadre | Thu, Dec 22, 2022

Play ransomware group claims to have stolen hotel chain data

H-Hotels, a large hospitality chain with 60 hotels across several countries including Germany and Switzerland has announced it has fallen victim to a ransomware attack. The incident, which took place on December 11, is allegedly a double whammy of hijacked devices and data theft…if a ransomware group is telling the truth. The release goes on to say that although bookings are still taking place, email is unavailable as H-Hotels examines all systems to ensure they are no longer compromised. READ MORE...

Russian APT Gamaredon Changes Tactics in Attacks Targeting Ukraine

Russia-linked Gamaredon, a hacking group known for providing services to other advanced persistent threat (APT) actors, is one of the most intrusive, continuously active APTs targeting Ukraine, Palo Alto Networks' Unit 42 warns. Also known as Armageddon, Primitive Bear, Shuckworm, and Trident Ursa, Gamaredon has been active since at least 2013, mainly focused on targets in Ukraine. READ MORE...

Fraudulent 'popunder' Google Ad campaign generated millions of dollars

Scammers using Google Ads, stolen blog articles, and a "popunder" ad scheme on adult websites pulled in more than $275,000 a day by generating millions of ad impressions every month. So say researchers at cybersecurity vendor Malwarebytes, who assert the fraudsters were able to use people visiting high-traffic adult websites to generate the ad impressions and money even if those individuals never saw any of the ads. READ MORE...

Zerobot malware now spreads by exploiting Apache vulnerabilities

The Zerobot botnet has been upgraded to infect new devices by exploiting security vulnerabilities affecting Internet-exposed and unpatched Apache servers. The Microsoft Defender for IoT research team also observed that this latest version adds new distributed denial-of-service (DDoS) capabilities. Zerobot has been under active development since at least November, with new versions adding new modules and features to expand the botnet's attack vectors and make it easier to infect new devices. READ MORE...

Godfather malware makes banking apps an offer they can't refuse

Crooks are using an Android banking Trojan dubbed Godfather to steal from banking and cryptocurrency exchange app users in 16 countries, according to Group-IB security researchers The security firm first detected Godfather in June 2021 and as of October, the credential-stealing malware has targeted the users of more than 400 applications. This includes 215 international banks, 94 cryptocurrency wallets, and 110 crypto exchange platforms in the US, Turkey, Spain, Canada, Germany, France and the UK.   READ MORE...

Corsair keyboard bug makes it type on its own, no malware involved

Corsair has confirmed that a bug in the firmware of K100 keyboards, and not malware, is behind previously entered text being auto-typed into applications days later. The company's statement comes after multiple K100 users have reported that their keyboards are typing text on their own at random moments. This behavior was first reported on the Corsair forums in August 2022, leaving people puzzled and concerned that some form of keylogging or malware was behind the behavior. READ MORE...

Ransomware Attackers Bypass Microsoft's ProxyNotShell Mitigations With Fresh Exploit

The operators of a ransomware strain called Play have developed a new exploit chain for a critical remote code execution (RCE) vulnerability in Exchange Server that Microsoft patched in November. The new method bypasses mitigations that Microsoft had provided for the exploit chain, meaning organizations that have only implemented those but have not yet applied the patch for it need to do so immediately. READ MORE...

Google WordPress Plug-in Bug Allows AWS Metadata Theft

A vulnerability in the Google Web Stories plug-in for WordPress could be exploited via a server-side request forgery (SSRF) vulnerability to steal Amazon Web Services (AWS) metadata from sites hosted on the AWS server. That metadata can include sensitive information such as the AccessKeyId, SecretAccessKey, and Token. An SSRF vulnerability gives attackers a way to elevate privileges on a compromised system using a modified URL, thereby gaining access to internal resources. READ MORE...

  • ...in 1883, avant-garde composer Edgard Varese, who once declared "The present-day composers refuse to die", is born in Paris, France.
  • ...in 1948, singer-songwriter and Cheap Trick lead guitarist Rick Nielsen is born in Elmhurst, IL.
  • ...in 1962, actor Ralph Fiennes ("Schindler's List", "The English Patient") is born in Ipswich, England.
  • ...in 1964, the SR-71 Blackbird reconnaissance plane has its first test flight in the skies above Palmdale, CA.