IT Security Newsletter

IT Security Newsletter - 2/2/2022

Written by Cadre | Wed, Feb 2, 2022

Tennessee Community College Suffers Ransomware Attack

A Tennessee community college suffered a data security attack that may have resulted in unauthorized access to personal information of former and current students, faculty and staff, officials said. Pellissippi State Community College is sending out notifications about a ransomware attack focused mainly on encrypting school data to force a ransom payment, the Tennessee Board of Regents said in a news release Tuesday. Pellissippi State did not pay a ransom, the Knoxville college said on its website. READ MORE...

Charming Kitten Sharpens Its Claws with PowerShell Backdoor

The Iranian advanced persistent threat (APT) Charming Kitten is sharpening its claws with a new set of tools, including a novel PowerShell backdoor and related stealth tactics, that show the group evolving yet again. The new tools may signal that it's getting ready to pounce on new victims, researchers believe. Researchers at cybersecurity firm Cybereason discovered the tools, which include a backdoor they dubbed "PowerLess Backdoor." READ MORE...

Samba patches critical vulnerability that allows remote code execution as root

Samba developers have patched a vulnerability that allows remote attackers to execute arbitrary code as root on affected Samba installations that use the VFS module vfs_fruit. Samba is a free software re-implementation of the SMB networking protocol that provides file and print services for various Microsoft Windows clients and can integrate with a Microsoft Windows Server domain. READ MORE...

SEO poisoning pushes malware-laced Zoom, TeamViewer, Visual Studio installers

A new SEO poisoning campaign is underway, dropping the Batloader and Atera Agent malware onto the systems of targeted professionals searching for productivity tool downloads, such as Zoom, TeamViewer, and Visual Studio. These campaigns rely on the compromise of legitimate websites to plant malicious files or URLs that redirect users to sites that host malware disguised as popular apps. READ MORE...

Thousands of Malicious npm Packages Threaten Web Apps

More than 1,300 malicious packages have been identified in the most oft-downloaded JavaScript package repository used by developers, npm, in the last six months - a rapid increase that showcases how npm has become a launchpad for a range of nefarious activities. New research from open-source security and management firm WhiteSource has discovered the disturbing increase in the delivery of malicious npm packages, which are used as building blocks for web applications. READ MORE...

UEFI firmware vulnerabilities affect at least 25 computer vendors

Researchers from firmware protection company Binarly have discovered critical vulnerabilities in the UEFI firmware from InsydeH2O used by multiple computer vendors such as Fujitsu, Intel, AMD, Lenovo, Dell, ASUS, HP, Siemens, Microsoft, and Acer. UEFI (Unified Extensible Firmware Interface) software is an interface between a device's firmware and the operating system, which handles the booting process, system diagnostics, and repair functions. READ MORE...

  • ...in 1848, The Treaty of Guadelupe Hidalgo formally ends the Mexican War.
  • ...in 1876, the National League of Professional Baseball Clubs, which comes to be more commonly known as the National League (NL), is formed.
  • ...in 1922, James Joyce's serialised novel "Ulysses" is published in its first collected edition in Paris.
  • ...in 1949, actor Brent Spiner, best known as Lt. Cmdr Data on "Star Trek: The Next Generation", is born in Houston, TX.