IT Security Newsletter - 3/27/2024
Finland confirms APT31 hackers behind 2021 parliament breach
The Finnish Police confirmed on Tuesday that the APT31 hacking group linked to the Chinese Ministry of State Security (MSS) was behind a breach of the country's parliament disclosed in March 2021. Since then, a joint criminal investigation with the Finnish Security and Intelligence Service and international partners has looked into multiple suspected offenses, including aggravated espionage, violation of communication secrecy, and breaking into the Finnish Parliament's information systems. READ MORE...
Thousands of phones and routers swept into proxy service, unbeknownst to users
Crooks are working overtime to anonymize their illicit online activities using thousands of devices of unsuspecting users, as evidenced by two unrelated reports published Tuesday. The first, from security firm Lumen Labs, reports that roughly 40,000 home and office routers have been drafted into a criminal enterprise that anonymizes illicit Internet activities, with another 1,000 new devices being added each day. READ MORE...
Recent 'MFA Bombing' Attacks Targeting Apple Users
Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple's password reset feature. In this scenario, a target's Apple devices are forced to display dozens of system-level prompts that prevent the devices from being used until the recipient responds "Allow" or "Don't Allow" to each prompt. READ MORE...
How New-Age Hackers Are Ditching Old Ethics
Hacking is a phenomenon that has been around since at least the 1960s, initially as an exploration into computing more broadly, fueled by the insatiable curiosity of an eternally brilliant community of "hackers," and in large part, that remains true today. Unfortunately, the term "hacking" can conjure up scenes of a lonely individual in a hoodie behind a keyboard, bullying and stealing from victims with ease from the safety of a poorly lit basement room. READ MORE...
Researchers Discover 40,000-Strong EOL Router, IoT Botnet
Malware hunters at Lumen Technologies on Tuesday sounded an alarm after discovering a 40,000-strong botnet packed with end-of-life routers and IoT devices being used in cybercriminal activities. According to new documentation from Lumen's Black Lotus Labs, a notorious cybercriminal group has been running a multi-year campaign targeting end-of-life small home/small office (SOHO) routers and IoT devices around the world. READ MORE...
Over 170K users caught up in poisoned Python package ruse
More than 170,000 users are said to have been affected by an attack using fake Python infrastructure with "successful exploitation of multiple victims." According to CheckMarx, members of the Top.gg GitHub organization - a top resource for Discord bot makers - as well as other developers were targeted, and it all hinged on various supply chain attack techniques to distribute malware-infected Python PyPI packages. READ MORE...
'Darcula' Phishing-as-a-Service Operation Bleeds Victims Worldwide
Phishing-as-a-service has come of age with what's being billed as the most pervasive worldwide package scam operation to date. Chinese-language, phishing-as-a-service platform "Darcula" has created 19,000 phishing domains in cyberattacks against more than 100 countries, researchers say. The platform offers cybercriminals easy access to branded phishing campaigns for subscription prices of around $250 per month, according to researchers at Internet infrastructure security vendor Netcraft. READ MORE...
Scammers exploit tax season anxiety with AI tools
25% of Americans has lost money to online tax scams, according to McAfee. Of the people who clicked on fraudulent links from supposed tax services, 68% lost money. Among those, 29% lost more than $2,500, and 17% lost more than $10,000. Moreover, 76% lost money after clicking links in cryptocurrency tax-related messages, with 26% losing more than $2,500 and 16% losing more than $10,000. READ MORE...
Row breaks out over true severity of two DNSSEC flaws
Two DNSSEC vulnerabilities were disclosed last month with similar descriptions and the same severity score, but they are not the same issue. One, named KeyTrap (CVE-2023-50387) by Germany's National Research Centre for applied cybersecurity (ATHENE), was described as "one of the worst ever discovered," by Akamai exec Sven Dummer, because it could be used to disable large portions of the internet. READ MORE...
17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns
Around 12% of the 45,000 or so Microsoft Exchange servers in Germany that can be accessed from the Internet without restrictions "are so outdated that security updates are no longer offered for them," the German Federal Office for Information Security (BSI) has warned today. Also, around 25 percent of all those internet-facing servers run Exchange 2016 and 2019, but are not up-to-date with security patches. READ MORE...
- ...in 1836, English engineer and businessman Henry Royce is born in Sussex. He later teams with C.S. Rolls to found Rolls-Royce Ltd.
- ...in 1958, Nikita Khrushchev becomes the Chairman of the Council of Ministers of the Soviet Union, or Premier.
- ...in 1963, film director and screenwriter Quentin Tarantino ("Pulp Fiction", "Kill Bill") is born in Knoxville, TN.
- ...in 1971, Canadian actor Nathan Fillion ("Firefly", "Castle") is born in Edmonton, Alberta.