<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 3/9/2022

SHARE

Top News

The secret US mission to bolster Ukraine's cyber defenses ahead of Russia's invasion

Months before the Russian invasion, a team of Americans fanned out across Ukraine looking for a very specific kind of threat. Some were soldiers, with the US Army's Cyber Command. Others were civilian contractors and some employees of American companies that help defend critical infrastructure from the kind of cyber attacks that Russian agencies had inflicted upon Ukraine for years. READ MORE...

Hacking

Russian government sites hacked in supply chain attack

Russia says some of its federal agencies' websites were compromised in a supply chain attack on Tuesday after unknown attackers hacked the stats widget used to track the number of visitors by multiple government agencies. The list of sites impacted in the attack includes the websites of the Energy Ministry, the Federal State Statistics Service, the Federal Penitentiary Service, the Federal Bailiff Service, the Federal Antimonopoly Service, the Culture Ministry, and other Russian state agencies. READ MORE...


Cow-counting app abused by China 'to spy on US states'

Beijing's spies compromised government computer networks in six US states by exploiting, among other flaws, a vulnerability in a cattle-counting system, according to Mandiant. Meanwhile, Proofpoint reckons a China-aligned miscreant is targeting European governments. Both firms warned this week that Middle-Kingdom-backed snoops are stepping up their operations against Western targets. READ MORE...

Software Updates

Android's March 2022 security updates fix three critical bugs

Google has released the March 2022 security updates for Android 10, 11, and 12, addressing three critical severity flaws, one of which affects all devices running the latest version of the mobile OS. Tracked as CVE-2021-39708, the flaw lies in the Android System component, and it's an escalation of privilege problem requiring no user interaction or additional execution privileges. READ MORE...


Microsoft March 2022 Patch Tuesday fixes 71 flaws, 3 zero-days

Today is Microsoft's March 2022 Patch Tuesday, and with it comes fixes for three zero-day vulnerabilities and a total of 71 flaws. Microsoft has fixed 71 vulnerabilities (not including 21 Microsoft Edge vulnerabilities ) with today's update, with three classified as Critical as they allow remote code execution. The number of bugs in each vulnerability category is listed below. READ MORE...

Information Security

Internet Backbone Giant Lumen Shuns .RU

Lumen Technologies, an American company that operates one of the largest Internet backbones and carries a significant percentage of the world's Internet traffic, said today it will stop routing traffic for organizations based in Russia. Lumen's decision comes just days after a similar exit by backbone provider Cogent, and amid a news media crackdown in Russia that has already left millions of Russians in the dark about what is really going on with their president's war in Ukraine. READ MORE...

Exploits/Vulnerabilities

Siemens Addresses Over 90 Vulnerabilities Affecting Third-Party Components

Siemens has released 15 new advisories to inform customers about more than 100 vulnerabilities affecting its products, including over 90 security flaws introduced by the use of third-party components. Three advisories have an overall severity rating of "critical" and eight have a "high severity" rating. They describe vulnerabilities in Mendix, COMOS, Simcenter, SIMOTICS, SINEC, RUGGEDCOM, and SINUMERIK products. READ MORE...


Mitel Devices Abused for DDoS Vector With Record-Breaking Amplification Ratio

Mitel enterprise collaboration products have been abused for distributed denial-of-service (DDoS) attacks that employ a new vector with a massive potential amplification ratio. Researchers from Akamai, Cloudflare, Lumen, NETSCOUT, Team Cymru, TELUS, and The Shadowserver Foundation have analyzed the attacks and they have released a blog post detailing their findings. Mitel has released an advisory and security bulletins describing impact on its products. READ MORE...

On This Date

  • ...in 1862, the Union ironclad warship USS Monitor fights CSS Virginia to a draw in the Battle of Hampton Roads, the first ever battle between two such vessels.
  • ...in 1933, FDR submits his Emergency Banking Act to Congress, in an attempt to stabilize the Depression-era banking system.
  • ...in 1934, Soviet cosmonaut Yuri Gagarin, the first human being to travel into space and achieve Earth orbit on the historic Vostok 1 mission, is born in Klushino, USSR.
  • ...in 1979, award-winning actor and musician Oscar Isaac ("Inside Llewyn Davis", "Star Wars: The Force Awakens") is born in Guatemala City, Guatemala.