IT Security Newsletter - 2/22/2024
Leaked documents show how firm supports Chinese hacking operations
Atranche of documents posted to GitHub five days ago reveals that Chinese contractors working to support Beijing's hacking operations are a lot like office drones everywhere but with a twist: They complain about the low pay, gamble in the office and also help to break into the computer systems of foreign governments. Since their release over the weekend, the trove of documents from a Chinese offensive security company, I-SOON, have stunned researchers. READ MORE...
Krebs: New Leak Shows Business Side of China's APT Menace
A new data leak that appears to have come from one of China's top private cybersecurity firms provides a rare glimpse into the commercial side of China's many state-sponsored hacking groups. Experts say the leak illustrates how Chinese government agencies increasingly are contracting out foreign espionage campaigns to the nation's burgeoning and highly competitive cybersecurity industry. A large cache of more than 500 documents published to GitHub last week indicate the records come from i-SOON. READ MORE...
New SSH-Snake malware steals SSH keys to spread across the network
A threat actor is using an open-source network mapping tool named SSH-Snake to look for private keys undetected and move laterally on the victim infrastructure. SSH-Snake was discovered by the Sysdig Threat Research Team (TRT), who describe it as a "self-modifying worm" that stands out from traditional SSH worms by avoiding the patterns typically associated with scripted attacks. READ MORE...
'Lucifer' Botnet Turns Up the Heat on Apache Hadoop Servers
A threat actor is targeting organizations running Apache Hadoop and Apache Druid big data technologies with a new version of the Lucifer botnet, a known malware tool that combines cryptojacking and distributed denial of service (DDoS) capabilities. The campaign is a departure for the botnet, and an analysis this week from Aqua Nautilus suggests that its operators are testing new infection routines as a precursor to a broader campaign. READ MORE...
Microsoft rolls out expanded logging six months after Chinese breach
When hackers working on behalf of the Chinese government stole a Microsoft signing key and used it to breach the email accounts of senior U.S. government officials last year, that operation was only discovered due to an expensive logging option in use at the U.S. State Department. The fact that a security feature necessary to detect a Chinese hacking operation was marketed as an upgrade placed intense scrutiny on Microsoft's decision to charge a premium for security features. READ MORE...
US govt shares cyberattack defense tips for water utilities
CISA, the FBI, and the Environmental Protection Agency (EPA) shared a list of defense measures U.S. water utilities should implement to better defend their systems against cyberattacks. The fact sheet they published today outlines the top eight actions U.S. Water and Wastewater Systems (WWS) sector organizations can take to reduce cyberattack risks and boost their resilience against malicious activity. It also details the free services, resources, and tools that can be used in support of these defense measures. READ MORE...
Exploiting the latest max-severity ConnectWise bug is 'embarrassingly easy'
Infosec researchers say urgent patching of the latest remote code execution (RCE) vulnerability in ConnectWise's ScreenConnect is required given its maximum severity score. The vulnerability has been given a maximum 10/10 CVSS rating by ConnectWise, one that outside researchers agree with given the potential consequences of a successful exploit. In disclosing the maximum-severity authentication bypass vulnerability (CWE-288), ConnectWise also revealed a second weakness. READ MORE...
'VoltSchemer' Hack Allows Wireless Charger Takeovers
Researchers from the University of Florida, alongside CertiK, have come up with a theoretical attack, called "VoltSchemer" (PDF), that allows for wireless charger takeover through power supply voltage manipulation. The attack could allow threat actors to damage charging devices, bypass Qi standard's mechanisms, and manipulate voice assistants. It would be able to do this by exploiting voltage noises from the power supply. READ MORE...
- ...in 1732, American general and first President of the United States George Washington is born in Virginia.
- ...in 1918, TV and radio announcer Don Pardo, who lent his voice to 39 seasons of "Saturday Night Live", is born in Westfield, MA.
- ...in 1924, Calvin Coolidge becomes the first US President to deliver a radio address from the White House.
- ...in 1959, TV and film actor Kyle MacLachlan ("Twin Peaks", "Portlandia") is born in Yakima, WA.
- ...in 1997, Scottish scientists announce the first successful cloning of a mammal from an adult cell, a sheep named Dolly.