<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 4/14/2022

SHARE

Top News

US warns of govt hackers targeting industrial control systems

A joint cybersecurity advisory issued by CISA, NSA, FBI, and the Department of Energy (DOE) warns of government-backed hacking groups being able to hijack multiple industrial devices using a new ICS-focused malware toolkit. The federal agencies said the threat actors could use custom-built modular malware to scan for, compromise, and take control of industrial control system (ICS) and supervisory control and data acquisition (SCADA) devices. READ MORE...


Microsoft Seizes Control of Notorious Zloader Cybercrime Botnet

Microsoft has disrupted the operation of one of the most notorious cybercrime botnets and named a Crimean hacker as an alleged perpetrator behind the distribution of ransomware to the network of infected machines. Redmond's Digital Crimes Unit (DCU) said it seized control of 65 domains used to remotely control the Zloader botnet, effectively disabling the crimeware gang's command-and-control mechanism. READ MORE...

Malware

OldGremlin ransomware deploys new malware on Russian mining org

OldGremlin, a little-known threat actor that uses its particularly advanced skills to run carefully prepared, sporadic campaigns, has made a comeback last month after a gap of more than one year. The group distinguishes itself from other ransomware operations through the small number of campaigns - less than five since early 2021 - that target only businesses in Russia and the use of custom backdoors built in-house. READ MORE...


Microsoft details how China-linked crew's malware hides scheduled Windows tasks

The China-linked Hafnium cyber-gang is using a strain of malware to maintain a persistent presence in compromised Windows systems by creating hidden tasks that maintain backdoor access even after reboots. Researchers within Microsoft's Detection and Response Team (DART) and Threat Intelligence Center (MTIC) spotted the software nasty, dubbed Tarrask, creating undesirable scheduled tasks via Windows Task Scheduler. READ MORE...

Information Security

Filing your taxes? Be wary of help found through search engines

The deadline for filing your taxes in the US is nearly upon us. April 18 is the very last date that you can afford to hand your tax returns in to the IRS. People will naturally gravitate toward all manner of filing tools to get the job done. But it's worth noting that sites are lurking in search engine results to potentially make it harder to file, not easier. One such tool used to complete tax returns is TurboTax. READ MORE...

Exploits/Vulnerabilities

Attackers are exploiting VMware RCE to deliver malware (CVE-2022-22954)

Cyber crooks have begun exploiting CVE-2022-22954, a RCE vulnerability in VMware Workspace ONE Access and Identity Manager, to deliver cryptominers onto vulnerable systems. CVE-2022-22954 is, in effect, a server-side template injection vulnerability that can be triggered by a malicious actor with network access to achieve remote code execution. It was reported to VMware privately and a fix and a workaround for it was released on April 6, along with fixes for seven other flaws in various VMware solutions. READ MORE...


Critical Apache Struts RCE vulnerability wasn't fully fixed, patch now

Apache has fixed a critical vulnerability in its vastly popular Struts project that was previously believed to have been resolved but, as it turns out, wasn't fully remedied. As such, Cybersecurity and Infrastructure Security Agency (CISA) is urging users and administrators to upgrade to the latest, patched Struts 2 versions. Struts is an open-source application development framework used by Java web developers for building model-view-controller (MVC) apps. READ MORE...


Critical Vulnerability in Elementor Plugin Impacts Millions of WordPress Sites

A critical vulnerability addressed in the Elementor WordPress plugin could allow authenticated users to upload arbitrary files to affected websites, potentially leading to code execution. Elementor is a drag-and-drop website builder for WordPress that has more than 5 million installations. Considered critical, the newly addressed vulnerability was apparently introduced on March 22, in version 3.6.0 of the plugin. READ MORE...

On This Date

  • ...in 1818, Webster's American Dictionary of the English Language is printed for the first time.
  • ...in 1865, former Confederate spy and assassin John Wilkes Booth fatally shoots President Abraham Lincoln at Ford's Theatre.
  • ...in 1894, Thomas Edison's Kinetoscope first appears in a New York City amusement arcade, making it the first commercial movie theater.
  • ...in 1912, just before midnight in the North Atlantic, the RMS Titanic fails to divert its course from an iceberg, ruptures its hull, and begins to sink.