IT Security Newsletter - 2/21/2022
CISA warns of hybrid operations threat to US critical infrastructure
CISA urged leaders of U.S. critical infrastructure organizations on Friday to increase their orgs' resilience against a growing risk of being targeted by foreign influence operations using misinformation, disinformation, and malformation (MDM) tactics. Multiple influence operations coordinated by foreign actors had an impact on US critical services and functions across critical sectors," according to the cybersecurity agency. READ MORE...
Ransomware Adds New Wrinkle in Russian Cybercrime Market
Over the years, Russia and an ecosystem of Russian-language speakers have been at the heart of all types of cyberattacks, nation-state attacks, and cyber warfare. It is a criminal underground that is constantly evolving and shifting. "Many associated actors were once heavily focused on campaigns targeting banking credentials, eventually shifting toward payment card fraud and the use of PoS malware," says Jeremy Kennelly, senior manager and principal analyst at Mandiant. READ MORE...
Social media attacks surged in 2021, financial institutions targeted the most
Social media as a threat channel saw a two-fold increase in attacks throughout 2021, according to a report from PhishLabs. In Q4 and throughout 2021, PhishLabs analysed hundreds of thousands of phishing and social media attacks targeting enterprises, their employees, and brands. The report provides an analysis of the latest findings and insights into key trends shaping the threat landscape. READ MORE...
Irony alert! PHP fixes security flaw in input validation code
If you're using PHP in your network, check that you're using the latest version, currently 8.1.3. Released yesterday [2022-02-17], this version fixes various memory mismanagement bugs, including CVE-2021-21708, which is a use-after-free blunder in a function called php_filter_float(). A proof-of-concept exploit based on using PHP to query a database shows that the bug can be used to crash the PHP process, so a working Denial of Service (DoS) attack is already known to be possible. READ MORE...
New Golang botnet empties Windows users' cryptocurrency wallets
A new Golang-based botnet under active development has been ensnaring hundreds of Windows devices each time its operators deploy a new command and control (C2) server. First spotted in October 2021 by ZeroFox researchers who dubbed it Kraken, this previously unknown botnet uses the SmokeLoader backdoor and malware downloader to spread to new Windows systems. READ MORE...
Conti Ransomware 'Acquires' TrickBot as It Thrives Amid Crackdowns
Experts at threat intelligence and ransomware disruption company AdvIntel believe the notorious TrickBot malware has reached its limits, but its development team appears to have been "acquired" by the Conti ransomware gang, which has been thriving amid recent crackdowns. TrickBot has been around since 2016. It was initially a banking trojan designed to steal financial data, but it evolved into a modular stealer that could target a wide range of information. READ MORE...
Millions of WordPress sites get forced update to patch critical plugin flaw
Millions of WordPress sites have received a forced update over the past day to fix a critical vulnerability in a plugin called UpdraftPlus. The mandatory patch came at the request of UpdraftPlus developers because of the severity of the vulnerability, which allows untrusted subscribers, customers, and others to download the site's private database as long as they have an account on the vulnerable site. Databases frequently include sensitive information about customers or the site's security settings. READ MORE...
New Critical RCE Bug Found in Adobe Commerce, Magento
Yet another zero-day bug has been discovered in the Magento Open Source and Adobe Commerce platforms, while researchers have created a working proof-of-concept (PoC) exploit for the recently patched CVE-2022-24086 vulnerability that came under active attack and forced Adobe to push out an emergency patch last weekend. Attackers could use either exploit to achieve remote code-execution (RCE) from an unauthenticated user. READ MORE...
- ...in 1946, actor Alan Rickman ("Die Hard", "Harry Potter") is born in London, England.
- ...in 1972, US President Richard Nixon visits the People's Republic of China, opening diplomatic relations between the two nations.
- ...in 1979, comedian and filmmaker Jordan Peele ("Key & Peele", "Get Out") is born in New York City.
- ...in 1995, adventurer Steve Fossett lands in Saskatchewan, Canada, becoming the first person to complete a solo balloon flight across the Pacific Ocean.