IT Security Newsletter - 2/12/2024
Warzone RAT Shut Down by Law Enforcement, Two Arrested
The US Justice Department announced on Friday that the Warzone RAT cybercrime enterprise has been dismantled as a result of an international law enforcement operation. US authorities have also unsealed charges brought against two individuals allegedly selling the malware and offering support to users. On the technical side, authorities have seized four internet domains that were used to sell the Warzone RAT. READ MORE...
Mon Dieu! Nearly half the French population have data nabbed in massive breach
Nearly half the citizens of France have had their data exposed in a massive security breach at two third-party healthcare payment servicers, the French data privacy watchdog disclosed last week. Payments outfits Viamedis and Almerys both experienced breaches of their systems in late January, the National Commission on Informatics and Liberty (CNIL) revealed, leading to the theft of data belonging to more than 33 million customers. READ MORE...
Juniper Support Portal Exposed Customer Device Info
Until earlier this week, the support website for networking equipment vendor Juniper Networks was exposing potentially sensitive information tied to customer products, including which devices customers bought, as well as each product's warranty status, service contracts and serial numbers. Juniper said it has since fixed the problem, and that the inadvertent data exposure stemmed from a recent upgrade to its support portal. READ MORE...
China's Dogged Campaign to Portray Itself as Victim of US Hacking
For more than two years, China's government has been attempting to portray the US as indulging in the same kind of cyber espionage and intrusion activities as the latter has accused of carrying out over the past several years. A recent examination of Beijing's claims by researchers at SentinelOne found most of them to be unsubstantiated, often based on previously leaked US intelligence and lacking any technical evidence. READ MORE...
Canada declares Flipper Zero public enemy No. 1 in car-theft crackdown
Canadian Prime Minister Justin Trudeau has identified an unlikely public enemy No. 1 in his new crackdown on car theft: the Flipper Zero, a $200 piece of open source hardware used to capture, analyze and interact with simple radio communications. On Thursday, the Innovation, Science and Economic Development Canada agency said it will "pursue all avenues to ban devices used to steal vehicles by copying the wireless signals for remote keyless entry, such as the Flipper Zero." READ MORE...
Ongoing Azure Compromises Target Senior Execs, Microsoft 365 Apps
Dozens of environments and hundreds of individual user accounts have already been compromised in an ongoing campaign targeting Microsoft Azure corporate clouds. The activity is in some ways scattershot - involving data exfiltration, financial fraud, impersonation, and more, against organizations in a wide variety of geographic regions and industry verticals - but also very honed, with tailor-made phishing directed at highly strategic individuals along the corporate ladder. READ MORE...
Decryptor for Rhysida ransomware is available!
Files encrypted by Rhysida ransomware can be successfully decrypted, due to a implementation vulnerability discovered by Korean researchers and leveraged to create a decryptor. Rhysida is a relatively new ransomware-as-a-service gang that engages in double extortion. First observed in May 2023, it made its name by attacking the British Library, the Chilean Army, healthcare delivery organizations, and Holding Slovenske Elektrarne (HSE). READ MORE...
ExpressVPN bug has been leaking some DNS requests for years
ExpressVPN has removed the split tunneling feature from the latest version of its software after finding that a bug exposed the domains users were visiting to configured DNS servers. The bug was introduced in ExpressVPN Windows versions 12.23.1 - 12.72.0, published between May 19, 2022, and Feb. 7, 2024, and only affected those using the split tunneling feature. The split tunneling feature allows users to selectively route some internet traffic in and out of the VPN tunnel. READ MORE...
Ivanti discloses fifth vulnerability, doesn't credit researchers who found it
In disclosing yet another vulnerability in its Connect Secure, Policy Secure, and ZTA gateways, Ivanti has confused the third-party researchers who discovered it. Researchers at watchTowr blogged today about not being credited with the discovery of CVE-2024-22024 - the latest in a series of vulnerabilities affecting Ivanti gateways as the vendor continues to develop patches for supported versions. READ MORE...
New Fortinet RCE bug is actively exploited, CISA confirms
CISA confirmed today that attackers are actively exploiting a critical remote code execution (RCE) bug patched by Fortinet on Thursday. The flaw (CVE-2024-21762) is due to an out-of-bounds write weakness in the FortiOS operating system and the FortiProxy secure web proxy that can let unauthenticated attackers execute arbitrary code remotely using maliciously crafted HTTP requests. READ MORE...
- ...in 1809, Abraham Lincoln is born in a log cabin near Hodgenville, KY.
- ...in 1809, English naturalist Charles Darwin, who first proposed that living species are descended over time from common ancestors, is born in Kent, England.
- ...in 1912, China becomes a republic following the overthrow of the Manchu dynasty.
- ...in 1980, The Lake Placid Winter Olympics opens in New York.