<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 12/28/2021

SHARE

Breaches

Photography site Shutterfly is dealing with a ransomware attack

American photography company Shutterfly has experienced a ransomware attack on parts of its networks, the company confirmed in a statement late Sunday night. "We engaged third-party cybersecurity experts, informed law enforcement, and have been working around the clock to address the incident," the company said in a statement shared with CyberScoop. The incident interrupted portions of the company's Lifetouch and BorrowLenses business, Groovebook, manufacturing and some internal corporate systems. READ MORE...

Trends

The retail sector needs to know when and not if it will be hacked

This year, major chains like Target and Walmart closed on Thanksgiving, which resulted in a 90.4 percent dip in visits to brick-and-mortar stores when compared to 2019. This change signals how digital and online purchases of goods (and services) are clearly preferred, especially as the Omicron coronavirus variant becomes a looming concern. To fuel this preferred customer experience, retailers have started using the cloud. READ MORE...

Software Updates

High-Risk Flaw Haunts Apache Server

The Apache Software Foundation has released a new version of its flagship web server to patch a pair of security defects, one serious enough to lead to remote code execution attacks. The Apache HTTP Server 2.4.52 is listed as urgent and the U.S. government's security response agency CISA is calling on users of the open-source cross-platform web server software to "update as soon as possible." READ MORE...

Malware

QNAP NAS devices hit in surge of ech0raix ransomware attacks

Users of QNAP network-attached storage (NAS) devices are reporting attacks on their systems with the eCh0raix ransomware, also known as QNAPCrypt. The threat actor behind this particular malware intensified their activity about a week before Christmas, taking control of the devices with administrator privileges. BleepingComputer forum users managing QNAP and Synology NAS systems have been regularly reporting eCh0raix ransomware attacks but more of them started to disclose incidents around December 20. READ MORE...


Stealthy BLISTER malware slips in unnoticed on Windows systems

Security researchers have uncovered a malicious campaign that relies on a valid code-signing certificate to disguise malicious code as legitimate executables. One of the payloads that the researchers called Blister, acts as a loader for other malware and appears to be a novel threat that enjoys a low detection rate. The threat actor behind Blister has been relying on multiple techniques to keep their attacks under the radar, the use of code-signing certificates being only one of their tricks. READ MORE...


Organizations Targeted With Babuk-Based Rook Ransomware

A piece of ransomware that emerged in late November has already made three victims, with the first of them hit less than a week after the malware was initially spotted. Dubbed Rook, the ransomware shows numerous similarities with Babuk, and security researchers have discovered that it was in fact built using Babuk code that was leaked online earlier this year. READ MORE...

Exploits/Vulnerabilities

Log4j: A CISO's Practical Advice

You've probably already read a ton of solid technical analysis about the Log4j vulnerability. But that's not this post. Instead, this post is meant to provide some perspective from decades spent in CISO roles, and from many days now of peer conversations with other CISOs and CIOs - the same types of conversations that happen anytime something happens like Log4j or SolarWinds, or take your pick of security incidents with significant blast radius, impact, and longer-term concern. READ MORE...


New Flaws Expose EVlink Electric Vehicle Charging Stations to Remote Hacking

Schneider Electric has patched several new vulnerabilities that expose its EVlink electric vehicle charging stations to remote hacker attacks. Schneider announced the availability of patches on December 14, when it urged customers to immediately apply patches or mitigations. The flaws have been found to impact EVlink City (EVC1S22P4 and EVC1S7P4), Parking (EVW2, EVF2 and EVP2PE) and Smart Wallbox (EVB1A) devices, as well as some products that have reached end of life. READ MORE...


Telegram Abused to Steal Crypto-Wallet Credentials

Attackers are targeting crypto-wallets of Telegram users with the Echelon infostealer, in an effort aimed at defrauding new or unsuspecting users of a cryptocurrency discussion channel on the messaging platform, researchers have found. Researchers at the SafeGuard Cyber's Division Seven threat analysis unit detected a sample of Echelon posted to a Telegram channel focused on cryptocurrency in October, they said in an analysis on Thursday. READ MORE...

On This Date

  • ...in 1895, German physicist Wilhelm Roentgen publishes a paper describing his discovery of a new type of radiation, which later will be known as x-rays.
  • ...in 1933, "Star Trek" actress and singer Nichelle Nichols (Lt. Uhura) is born in Robbins, IL.
  • ...in 1969, computer programmer and principal developer of the Linux kernel Linus Torvalds is born in Helsinki, Finland.
  • ...in 1973, the Endangered Species Act is signed into law by President Richard Nixon.