IT Security Newsletter - 3/2/2022
DDoSers are using a potent new method to deliver attacks of unthinkable size
Last August, academic researchers discovered a potent new method for knocking sites offline: a fleet of misconfigured servers more than 100,000 strong that can amplify floods of junk data to once-unthinkable sizes. These attacks, in many cases, could result in an infinite routing loop that causes a self-perpetuating flood of traffic. Now, content-delivery network Akamai says attackers are exploiting the servers to target sites in the banking, travel, gaming, media, and web-hosting industries. READ MORE...
NATO countries' refugee management may have been targeted by Belarus-linked hackers
A hacking group with a history of phishing attacks and disinformation against NATO nations may be using compromised Ukrainian armed service member emails to target European officials tasked with managing logistics around refugees fleeing Ukraine, according to findings published Monday. Researchers with cybersecurity firm Proofpoint report they detected an email Feb. 24 that carried a subject referencing the Feb. 24 emergency meeting of NATO on the day the Russian government began its military attack on Ukraine. READ MORE...
Microsoft identifies and mitigates new malware targeting Ukraine "within 3 hours"
Microsoft has been pushing harder to increase the baseline security features of Windows PCs for a couple of years now-the "secured-core PC" initiative launched back in 2019 was meant to guard against firmware-level attacks, and Windows 11's system requirements mandate support for many supported-but-optional security features from Windows 10. Microsoft justified these new requirements in part by pointing to the NotPetya data-wiping malware, which has widely been attributed to Russian hackers. READ MORE...
Conti Ransomware Group Diaries, Part I: Evasion
A Ukrainian security researcher this week leaked several years of internal chat logs and other sensitive data tied to Conti, an aggressive and ruthless Russian cybercrime group that focuses on deploying its ransomware to companies with more than $100 million in annual revenue. The chat logs offer a fascinating glimpse into the challenges of running a sprawling criminal enterprise with more than 100 salaried employees. READ MORE...
Log4shell exploits now used mostly for DDoS botnets, cryptominers
The Log4Shell vulnerabilities in the widely used Log4j software are still leveraged by threat actors today to deploy various malware payloads, including recruiting devices into DDoS botnets and for planting cryptominers. According to a report by Barracuda, the past couple of months were characterized by dips and spikes in the targeting of Log4Shell, but the volume of exploitation attempts has remained relatively constant. READ MORE...
RCE Bugs in Hugely Popular VoIP Apps: Patch Now!
Some of the world's most popular communication apps are using an open-source library riddled with newfound security holes. One thing this open-source, flawed library shares with the Apache Log4J logging library fiasco that started in December: It's ubiquitous. The library, PJSIP - an open-source multimedia communication library - is used by Asterisk. Asterisk is an enterprise-class, open-source PBX toolkit that's used in voice-over-IP (VoIP) services in a massive number of implementations. READ MORE...
- ...in 1807, Congress passes the Act Prohibiting Importation of Slaves, abolishing the foreign slave trade in the U.S.
- ...in 1933, "King Kong" premieres at Radio City Music Hall in New York City, only 15 blocks from the actual Empire State Building.
- ...in 1962, Philadelphia Warriors center Wilt Chamberlain scores 100 points against the New York Knicks, setting the NBA single-game scoring record.
- ...in 1972, Pioneer 10, the world's first outer-planetary probe, is launched from Cape Canaveral, Florida, on a mission to Jupiter.