<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 12/7/2022


Top News

Microsoft: (Cyber) winter is coming as DDoS attack disrupts Russian bank

Microsoft has warned Europe to be on alert for cyber attacks from Russia this winter, just as a series of attacks hit Russian organizations - including the country's second-largest bank. The government-controlled St Petersburg-based VTB finaincial institution announced on Tuesday it was facing an "unprecedented cyber attack from abroad," and added that the DDoS flood was the largest in the bank's history. READ MORE...


Antwerp's city services down after hackers attack digital partner

The city of Antwerp, Belgium, is working to restore its digital services that were disrupted last night by a cyberattack on its digital provider. The disruption has affected services used by citizens, schools, daycare centers, and the police, which have been working intermittently today. An investigation is ongoing, but the little information available points to a ransomware attack from a threat actor that has yet to be disclosed. READ MORE...

New Zealand Government Hit by Ransomware Attack on IT Provider

The New Zealand government this week confirmed being impacted by a ransomware attack on managed service provider (MSP) Mercury IT, which has disrupted businesses and public authorities in the country. A small business with only 25 employees, Mercury IT provides cybersecurity, IT, telecoms, and support services for multiple organizations in the country. READ MORE...


Russian Actors Use Compromised Healthcare Networks Against Ukrainian Orgs

Russia-affiliated threat actors have compromised systems belonging to multiple organizations in the US, the UK, France, and other countries and are using them to launch attacks against targets in Ukraine. Among those whose networks the threat actors have hijacked are at least 15 healthcare organizations, one Fortune 500 company, and one dam-monitoring system, according to a study by threat intelligence and cyber-deception company Lupovis published Dec. 6. READ MORE...

'Scattered Spider' Cybercrime Group Targets Mobile Carriers via Telecom, BPO Firms

A threat actor tracked as 'Scattered Spider' is targeting telecommunications and business process outsourcing (BPO) companies in an effort to gain access to mobile carrier networks and perform SIM swapping, cybersecurity firm CrowdStrike warns. A financially-motivated threat actor, Scattered Spider has been observed increasingly targeting the telecoms industry since June 2022, setting up persistence mechanisms and even reverting implemented mitigations to regain access to the compromised networks. READ MORE...

Software Updates

Fortinet Patches High-Severity Authentication Bypass Vulnerability in FortiOS

Cybersecurity solutions provider Fortinet this week announced patches for multiple vulnerabilities across its products, including a high-severity authentication bypass impacting FortiOS and FortiProxy. Tracked as CVE-2022-35843 (CVSS score of 7.7), the authentication bypass was identified in the SSH login component of FortiOS. The bug can only be triggered when Radius authentication is used. READ MORE...


Rackspace says ransomware disrupted its Hosted Exchange business

A ransomware incident at Rackspace Technology discovered on Dec. 2, has caused service disruptions to customers of its Hosted Exchange business and could result in a loss of revenue, the company said Tuesday. Rackspace took immediate steps to contain the ransomware to its Hosted Exchange environment and hired a leading cyber defense firm to investigate the incident, the company said.   READ MORE...

Zerobot Weaponizes Numerous Flaws in Slew of IoT Devices

A new botnet is attacking organizations through various vulnerabilities in Internet of Things (IoT) devices from D-Link, Huawei, RealTek, TOTOLink, Zyxel, and more, posing a critical threat that allows attackers to take over vulnerable systems, researchers have found. The botnet, dubbed Zerobot and written in the Go programming language, includes modules capable of self-replication and self-propagation, as well as attacks for different protocols, a researcher from Fortinet shared in a blog post published Dec. 6. READ MORE...

Information Security

Want to detect Cobalt Strike on the network? Look to process memory

Enterprise security pros can detect malware samples in environments that incorporate the highly evasive Cobalt Strike attack code by analyzing artifacts in process memory, according to researchers with Palo Alto Networks' Unit 42 threat intelligence unit. Cobalt Strike is possibly the best-known example of legitimate commercial security software - it was designed to help red teams test their organizations' cyber defenses - that has been co-opted by threat groups that use it to get around those defenses. READ MORE...


Samsung Galaxy S22 hacked twice on first day of Pwn2Own Toronto

Contestants have hacked the Samsung Galaxy S22 smartphone twice during the first day of the Pwn2Own Toronto 2022 hacking competition, the 10th edition of the consumer-focused event. The STAR Labs team was the first to successfully exploit a zero-day on Samsung's flagship device by executing their improper input validation attack on their third attempt, earning $50,000 and 5 Master of Pwn points. READ MORE...

On This Date

  • ...in 1941, a date which will live in infamy, Pearl Harbor is attacked in an air raid by the Imperial Forces of Japan, bringing the United States into World War II.
  • ...in 1949, singer-songwriter and actor Tom Waits ("Rain Dogs", "Down By Law") is born in Pomona, CA.
  • ...in 1965, actor Jeffrey Wright ("Westworld", "Casino Royale") is born in Washington, D.C.
  • ...in 1972, Apollo 17 is launched, the final mission of the Apollo program. It is the most recent time that humans travelled beyond low Earth orbit.