<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 3/22/2024

SHARE

Top News

Never-before-seen data wiper may have been used by Russia against Ukraine

Researchers have unearthed never-before-seen wiper malware tied to the Kremlin and an operation two years ago that took out more than 10,000 satellite modems located mainly in Ukraine on the eve of Russia's invasion of its neighboring country. AcidPour, as researchers from security firm Sentinel One have named the new malware, has stark similarities to AcidRain, a wiper discovered in March 2022 that Viasat has confirmed was used in the attack on its modems earlier that month. READ MORE...


New 'GoFetch' Apple CPU Attack Exposes Crypto Keys

A team of researchers representing several universities in the United States has disclosed the details of a new side-channel attack method that can be used to extract secret encryption keys from systems powered by Apple CPUs. The attack method, dubbed GoFetch, has been described as a microarchitectural side-channel attack that allows the extraction of secret keys from constant-time cryptographic implementations. These types of attacks require local access to the targeted system. READ MORE...

Trends

Shadow AI is the latest cybersecurity threat you need to prepare for

Shadow IT - the use of software, hardware, systems and services that haven't been approved by an organization's IT/IT Sec departments - has been a problem for the last couple of decades, and a difficult area for IT leaders to manage effectively. Similarly to shadow IT, shadow AI refers to all the AI-enabled products and platforms being used within your organization that those departments don't know about. READ MORE...

Software Updates

Exploit released for Fortinet RCE bug used in attacks, patch now

Security researchers have released a proof-of-concept (PoC) exploit for a critical vulnerability in Fortinet's FortiClient Enterprise Management Server (EMS) software, which is now actively exploited in attacks. Tracked as CVE-2023-48788, this security flaw is an SQL injection in the DB2 Administration Server (DAS) component discovered and reported by the UK's National Cyber Security Centre (NCSC). READ MORE...

Malware

Truck-to-truck worm could infect - and disrupt - entire US commercial fleet

Vulnerabilities in common Electronic Logging Devices (ELDs) required in US commercial trucks could be present in over 14 million medium- and heavy-duty rigs, according to boffins at Colorado State University. A paper presented at the 2024 Network and Distributed System Security Symposium demonstrated how ELDs can be accessed over Bluetooth or Wi-Fi connections to take control of a truck, manipulate data, and spread malware between vehicles. READ MORE...


Attackers are targeting financial departments with SmokeLoader malware

Financially motivated hackers have been leveraging SmokeLoader malware in a series of phishing campaigns predominantly targeting Ukrainian government and administration organizations. The Ukrainian SSSCIP State Cyber Protection Center (SCPC), together with the Palo Alto Networks Unit 42 research team, have been tracking a massive phishing campaign linked to the distribution of the SmokeLoader malware. READ MORE...


Evasive Sign1 malware campaign infects 39,000 WordPress sites

A previously unknown malware campaign called Sign1 has infected over 39,000 websites over the past six months, causing visitors to see unwanted redirects and popup ads. The threat actors inject the malware into custom HTML widgets and legitimate plugins on WordPress sites to inject the malicious Sign1 scripts rather than modifying the actual WordPress files. Website security firm Sucuri discovered the campaign after a client's website randomly displayed popup ads to visitors. READ MORE...

Exploits/Vulnerabilities

Unpatchable vulnerability in Apple chip leaks secret encryption keys

A newly discovered vulnerability baked into Apple's M-series of chips allows attackers to extract secret keys from Macs when they perform widely used cryptographic operations, academic researchers have revealed in a paper published Thursday. The flaw-a side channel allowing end-to-end key extractions when Apple chips run implementations of widely used cryptographic protocols-can't be patched directly because it stems from the microarchitectural design of the silicon itself. READ MORE...


Session Takeover Bug in AWS Apache Airflow Reveals Larger Cloud Risk

A vulnerability in Amazon Web Services' (AWS) Managed Workflows for Apache Airflow (MWAA) could have allowed hackers to access users' sessions, perform remote code execution (RCE), move laterally within enterprise cloud environments, and more. But all that is just a manifestation of a much deeper-rooted misconfiguration threat researchers identified across AWS, Microsoft Azure, and Google Cloud. READ MORE...


Ivanti Keeps Security Teams Scrambling With 2 More Vulns

Ivanti, whose products have been a big target for attackers recently, has disclosed two more critical vulnerabilities in its technologies - raising more questions about the security of its products in the process. One of the flaws, tracked as CVE-2023-41724 (CVSS vulnerability-severity score of 9.6 out of 10) is a remote code execution vulnerability in Ivanti Standalone Sentry that researchers from NATO Cyber Security Center reported to the company. READ MORE...


Saflok Lock Vulnerability Can Be Exploited to Open Millions of Doors

A security vulnerability in Dormakaba's Saflok electronic locks can be exploited to forge keycards and open doors, security researchers warn. The issue, named Unsaflok, impacts more than three million locks commonly used in hotels and multi-family housing environments. A total of more than 13,000 locations across 131 countries are likely affected. Vulnerable lock models include Saflok MT and the Quantum, RT, Saffire, and Confidant series devices. READ MORE...

On This Date

  • ...in 1887, comedian/musician Leonard "Chico" Marx of the Marx Brothers is born in New York City.
  • ...in 1946, American mathematician, computer scientist, and science fiction author Rudy Rucker is born in Louisville, KY.
  • ...in 1993, Intel ships the first Pentium chips, featuring a 60 MHz clock speed, 100+ MIPS, and a 64-bit data path.
  • ...in 1995, Cosmonaut Valeri Polyakov returns to Earth after spending nearly 438 consecutive days in space, a record that still stands today.