<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 2/16/2024


Top News

State Department puts $10M bounty on AlphV ransomware group

The State Department offered up to a $10 million reward for information about the identity or location of leaders affiliated with the AlphV ransomware group. The bounty includes a reward up to $5 million for information leading to the arrest or conviction of anyone participating in a ransomware attack using the AlphV variant, the agency said Thursday. The State Department said the reward is complementary to law enforcement's disruption campaign against AlphV. READ MORE...

Feds dismantle Russian GRU botnet built on 1,000-plus home, small biz routers

The US government today said it disrupted a botnet that Russia's GRU military intelligence unit used for phishing expeditions, spying, credential harvesting, and data theft against American and foreign governments and other strategic targets. This latest court-authorized takedown happened in January, and involved neutralizing "well over a thousand" home and small business routers that had been infected with the Moobot malware, which is a Mirai variant, according to FBI Director Christopher Wray. READ MORE...


Battery maker Varta halts production after cyberattack

German battery manufacturer Varta was forced to shut down its IT systems and stop production as a result of a cyberattack. The cyberattack occurred on Monday night and affected five of the company's production plants and the administration. According to the German news outlet Finanzen, of the company's five production sites, three are located in Germany, one in Romania and one in Indonesia. READ MORE...

Ex-Employee's Admin Credentials Used in US Gov Agency Hack

A threat actor gained access to a US government organization's network using the compromised credentials for a former employee's administrative account, the US cybersecurity agency CISA says. Using the compromised credentials, the attackers accessed an internal VPN, performed reconnaissance of the on-premises environment, and executed LDAP queries on a domain controller. READ MORE...


Iran Warship Aiding Houthi Pirates Hacked by US

US officials claim a recent cyberattack on an Iranian military spy ship disrupted intelligence-gathering on Red Sea traffic used to aid Houthi rebels in piracy against cargo ships. Exclusive reporting by NBC said the US-waged cyberattack on the ship took place more than a week ago against the Iranian military ship MV Behshad, which according to US officials was using its reconnaissance technology to share information with Houthi Rebels in Yemen. READ MORE...

Software Updates

CISA Urges Patching of Cisco ASA Flaw Exploited in Ransomware Attacks

The US security agency CISA has added an old flaw affecting Cisco security appliances to its Known Exploited Vulnerabilities (KEV) catalog, urging organizations to address it as soon as possible. The vulnerability, tracked as CVE-2020-3259, affects Cisco's Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) products. It can be exploited by a remote, unauthenticated attacker to obtain potentially sensitive information from an affected device's memory, including access credentials. READ MORE...


iOS, Android Malware Steals Faces to Defeat Biometrics With AI Swaps

Chinese hackers have developed a sophisticated banking Trojan for tricking people into giving up their personal IDs, phone numbers, and face scans, which they're then using to log into those victims' bank accounts. The new malware, "GoldPickaxe," was developed by a large (but unidentified) Chinese-language group. Its variants work across iOS and Android devices, masquerading as a government service app in order to trick primarily elderly victims into scanning their faces. READ MORE...


Microsoft Exchange vulnerability actively exploited

As it turns out, there was another actively exploited vulnerability included in Microsoft's patch Tuesday updates for February. When Microsoft said in its update guide for CVE-2024-21410 that the vulnerability was likely to be exploited by attackers, they weren't kidding. Soon after they changed the status to "Exploitation Detected". Today, I was alerted to the fact after spotting a warning by the German Federal Office for Information Security (BSI) about the same vulnerability. READ MORE...

Eight Vulnerabilities Disclosed in the AI Development Supply Chain

Details of eight vulnerabilities found in the open source supply chain used to develop in-house AI and ML models have been disclosed by AI cybersecurity startup Protect AI. All have CVE numbers, one has critical severity, and seven have high severity. The nature and vulnerability of open source code is well understood. For standard code development using OSS libraries, SBOMs are designed and used to provide some security surety. But SBOMs don't work with open source used for AI/ML development. READ MORE...

On This Date

  • ...in 1937, Dupont chemist Wallace Carothers receives a US patent for his recently invented polymer: Nylon.
  • ...in 1957, actor and "Reading Rainbow" host LeVar Burton ("Star Trek: The Next Generation", "Roots") is born in West Germany.
  • ...in 1968, the first 9-1-1 emergency telephone system goes into service in Haleyville, AL.
  • ...in 1989, actress Elizabeth Olsen ("WandaVision", "Martha Marcy May Marlene") is born in Los Angeles, CA.