<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 4/28/2022


Top News

Cyberattacks Rage in Ukraine, Support Military Operations

Cyberattacks against Ukraine have been used strategically to support ground campaigns, with five state-sponsored advanced persistent threat (APT) groups behind attacks that began in February. According to research published by Microsoft on Wednesday, the APTs involved in the campaigns are state-sponsored by Russia. Separate reports published this week also shed new light on the wave of cyberattacks against Ukrainian digital assets by APTs with ties to Russia. READ MORE...


State Department announces $10M bounty for Russian intelligence hackers behind NotPetya

The State Department announced Tuesday that it is offering a reward of up to $10 million for information leading to six Russian intelligence hackers responsible for the infamous 2017 NotPetya malware. That malware knocked out Chernobyl's radiation monitoring system and did more than $1 billion in damage to a number of U.S. organizations, according to a federal indictment. READ MORE...

Attacker Breach 'Dozens' of GitHub Repos Using Stolen OAuth Tokens

GitHub revealed details tied to last week's incident where hackers, using stolen OAuth tokens, downloaded data from private repositories. "We do not believe the attacker obtained these tokens via a compromise of GitHub or its systems because the tokens in question are not stored by GitHub in their original, usable formats," said Mike Hanley, chief security officer, GitHub. READ MORE...

Software Updates

Cisco Patches 11 High-Severity Vulnerabilities in Security Products

Cisco this week announced the release of its April 2022 bundle of security advisories for Cisco Adaptive Security Appliance (ASA), Firepower Threat Defense (FTD), and Firepower Management Center (FMC). The semiannual bundled advisories describe a total of 19 vulnerabilities in Cisco's security products, including 11 that were assessed with a severity rating of "high." READ MORE...


New Bumblebee malware takes over BazarLoader's ransomware delivery

A newly discovered malware loader called Bumblebee is likely the latest development of the Conti syndicate, designed to replace the BazarLoader backdoor used to deliver ransomware payloads. The emergence of Bumblebee in phishing campaigns in March coincides with a drop in using BazarLoader for delivering file-encrypting malware, researchers say. BazarLoader is the work of the TrickBot botnet developers, who provided access to victim networks for ransomware attacks. READ MORE...

Information Security

A Chilling Russian Cyber Aim in Ukraine: Digital Dossiers

Russia's relentless digital assaults on Ukraine may have caused less damage than many anticipated. But most of its hacking is focused on a different goal that gets less attention but has chilling potential consequences: data collection. Ukrainian agencies breached on the eve of the Feb. 24 invasion include the Ministry of Internal Affairs, which oversees the police, national guard and border patrol. READ MORE...


RIG Exploit Kit drops RedLine malware via Internet Explorer bug

Threat analysts have uncovered yet a new campaign that uses the RIG Exploit Kit to deliver the RedLine stealer malware. Exploit kits (EKs) have dropped drastically in popularity as they targeted vulnerabilities in web browsers introduced by plug-in software such as the now-defunct Flash Player and Microsoft Sillverlight. As web browsers grew more secure and introduced automatic updates for all their components or replaced them with modern standards, the use of EKs to distribute malware has declined. READ MORE...

Over 300,000 Internet-Exposed Databases Identified in 2021

Cybersecurity firm Group-IB identified more than 91,000 publicly-exposed databases in the first quarter of 2022, significantly more than in the previous year. In 2021, the firm discovered a total of 308,000 exposed databases, with more than 165,000 of them found in the second half of the year. Most of the exposed databases use the Redis database management system (37.5%), followed by MongoDB (31%) and Elastic (29%). READ MORE...

On This Date

  • ...in 1948, fantasy author Terry Pratchett, best known for his "Discworld" series of novels, is born in Buckinghamshire, England.
  • ...in 1973, Pink Floyd's "The Dark Side of the Moon" goes to #1 on the US Billboard chart. It stays on the album charts for the next 741 weeks.
  • ...in 1986, the US Navy vessel USS Enterprise becomes the first nuclear-powered aircraft carrier to travel the Suez Canal.
  • ...in 2001, millionaire Dennis Tito becomes the world's first space tourist, paying $20M to join the Russian Soyuz TM-32 mission.