IT Security Newsletter - 4/26/2022
North Korean State Actors Deploying Novel Malware to Spy on Journalists
New analysis has attributed a spear-phishing campaign targeting journalists covering North Korea to APT37/Ricochet Chollimia, a state-backed group linked to the Democratic People's Republic of Korea (DPRK). Notably, researchers said the group is deploying a novel malware strain called Goldbackdoor, a variation of Bluelight malware previously attributed to APT37. READ MORE...
French hospital group disconnects Internet after hackers steal data
The GHT Coeur Grand Est. Hospitals and Health Care group has disconnected all incoming and outgoing Internet connections after discovering they suffered a cyberattack that resulted in the theft of sensitive administrative and patient data. GHT is a hospital network located in Northeast France consisting of nine locations, 6,000 employees, and approximately 3,370 beds. READ MORE...
North Dakota-Based Healthcare Billing Services Group Hacked
Federal investigators say a cyber attack on a North Dakota-based company that provides software and billing services for doctors and healthcare professionals affected more than a half-million customers. Adaptive Health Integrations of Williston was the target of a hacking incident that happened in mid-October, according to the U.S. Department of Health and Human Services. The data breach was reported to the government earlier this month. READ MORE...
Crooks steal NFTs worth '$3m' in Bored Ape Yacht Club heist
Crooks stole non-fungible tokens (NFTs) said to be worth about $3 million after breaking into the Bored Ape Yacht Club's Instagram account and posting a link to a copycat website that sought to harvest marks' assets. The bogus post promised a free airdrop - basically, a promotional token giveaway - to users who followed the link and connected their MetaMask crypto-asset wallets to the scammer's wallet. Rather than getting free stuff, victims instead had their digital pocketbooks cleaned out. READ MORE...
Ukraine Invasion Driving DDoS Attacks to All-Time Highs
The first quarter of 2022 saw a 46% increase in distributed denial-of-service (DDoS) attacks over Q4 2021, which a new report attributes to a community of "hacktivists" intent on disrupting Russian state interests in retaliation for the Ukraine invasion. The report, by security vendor Kaspersky, notes that the volume of DDoS attacks was already historically high, but the first months of 2022 saw more targeted and innovative activity than previously seen. READ MORE...
Group behind Emotet botnet malware testing new methods to get around Microsoft security
The hackers behind Emotet - one of the longest-tenured and most prolific malware variants dating back to 2014 - have been tinkering with their well-established behaviors and testing new methods on a very small and limited scale, research out Tuesday suggests. Cybersecurity firm Proofpoint noted that the testing could be related to steps taken in February by Microsoft to block automation services which allowed cybercrime operators to seed documents with automations that enabled malware execution. READ MORE...
Webcam hacking: How to know if someone may be spying on you through your webcam
Our 24/7 digital lives mean we're increasingly sitting in front of a screen, whether that's a laptop, a smartphone or another device. That usually means we're also sitting in front of a camera. Some of us rarely used this feature, until the pandemic hit and saw homebound workers and bored students alike switch on their webcams to stay connected. But while online cameras can provide a lifeline to friends and family, and a near-ubiquitous way of participating in meetings, they also put us at risk. READ MORE...
Hackers exploit critical VMware RCE flaw to install backdoors
Advanced hackers are actively exploiting a critical remote code execution (RCE) vulnerability, CVE-2022-22954, that affects in VMware Workspace ONE Access (formerly called VMware Identity Manager). The issue was addressed in a security update 20 days ago along with two more RCEs - CVE-2022-22957 and CVE-2022-22958 that also affect VMware Identity Manager (vIDM), VMware vRealize Automation (vRA), VMware Cloud Foundation, and vRealize Suite Lifecycle Manager. READ MORE...
Tractor-Trailer Brake Controllers Vulnerable to Remote Hacker Attacks
Researchers have analyzed the cyber security of heavy vehicles and discovered that the brake controllers found on many tractor-trailers in North America are susceptible to remote hacker attacks. The research was conducted by the National Motor Freight Traffic Association (NMFTA), which is a non-profit organization that represents roughly 500 motor freight carriers, in collaboration with Assured Information Security, Inc. READ MORE...
- ...in 1865, Union cavalry troops fatally shoot fugitive assassin John Wilkes Booth, 10 days after he shot and killed President Lincoln.
- ...in 1933, actor and comedian Carol Burnett ("The Carol Burnett Show", "Annie") is born in San Antonio, TX.
- ...in 1961, action film star and martial artist Jet Li ("Hero", "Fist of Legend") is born in Beijing, China.
- ...in 1986, the Chernobyl power plant in Ukraine experiences a reactor failure, causing the worst nuclear disaster in human history.