<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 4/28/2023

SHARE

Top News

Charming Kitten targets critical infrastructure in US and elsewhere with BellaCiao malware

Iranian state-sponsored hacking group Charming Kitten has been named as the group responsible for a new wave of attacks targeting critical infrastructure in the United States and elsewhere. The group (who are also known to security researchers by a wide variety of other names including Mint Sandstorm, Phosphorous, Newscaster, and APT35) has been operating since at least 2011, making a name for itself by targeting activists and journalists in the Middle East, US, UK, Israel and elsewhere. READ MORE...

Hacking

Pro-Russian hacktivism isn't real, top Ukrainian cyber official says

In the wake of Russia's invasion of Ukraine, a flurry of pro-Russian "hacktivist" groups have claimed to carry out attacks on Russian enemies in a fit of patriotism. But that's largely a fiction, a top Ukrainian cybersecurity official told CyberScoop on Thursday. Most of those groups are fronts for various Russian government agencies, and in other cases, they are coerced by the Russian government into performing attacks or publishing hacked materials obtained by other Russian government groups. READ MORE...


Evasive Panda APT group delivers malware via updates for popular Chinese software

ESET researchers have discovered a campaign that we attribute to the APT group known as Evasive Panda, where update channels of legitimate applications were mysteriously hijacked to deliver the installer for the MgBot malware, Evasive Panda's flagship backdoor. Evasive Panda (also known as BRONZE HIGHLAND and Daggerfly) is a Chinese-speaking APT group, active since at least 2012. READ MORE...

Malware

"Ashamed" LockBit ransomware gang apologises to hacked school, offers free decryption tool

Is it possible ransomware gangs actually do have a heart? Last month, a school district in Illinois was reported to be working closely with a cybersecurity insurance firm to determine the extent of damage it had sustained from a ransomware attack. Olympia Community Unit School District 16 - the largest school district in Illinois, covering some 377 square miles - realised on Sunday February 26, 2023, that it had suffered a ransomware attack. READ MORE...


Magecart threat actor rolls out convincing modal forms

To ensnare new victims, criminals will often devise schemes that attempt to look as realistic as possible. Having said that, it is not every day that we see the fraudulent copy exceed the original piece. While following up on an ongoing Magecart credit card skimmer campaign, we were almost fooled by a payment form that looked so well done we thought it was real. The threat actor used original logos from the compromised store and customized a web element known as a modal to perfectly hijack the checkout page. READ MORE...


Google sues CryptBot slingers, gets court order to shut down malware domains

Google said it obtained a court order to shut down domains used to distribute CryptBot after suing the distributors of the info-stealing malware. According to the Chocolate Factory's estimates, the software nasty infected about 670,000 Windows computers in the past year, and specifically targeted Chrome users to pilfer login details, browser cookies, cryptocurrencies, and other sensitive materials from their PCs. READ MORE...


New 'Atomic macOS Stealer' Malware Offered for $1,000 Per Month

A new piece of macOS malware named 'Atomic macOS Stealer', or AMOS, appears to provide a wide range of data theft capabilities, targeting passwords, files, and other types of information. Researchers at threat intelligence firm Cyble have analyzed a sample of the AMOS malware that was uploaded recently to VirusTotal and which had zero detections on the malware analysis platform at the time of its discovery - at the time of writing it is detected by one antimalware engine. READ MORE...

Information Security

ChatGPT writes insecure code

Research by computer scientists associated with the Université du Québec in Canada has found that ChatGPT, OpenAI's popular chatbot, is prone to generating insecure code. "How Secure is Code Generated by ChatGPT?" is the work of Raphaël Khoury, Anderson Avila, Jacob Brunelle, and Baba Mamadou Camara. The paper concludes that ChatGPT generates code that isn't robust, despite claiming awareness of its vulnerabilities. READ MORE...

Exploits/Vulnerabilities

Critical Vulnerability in Zyxel Firewalls Leads to Command Execution

Taiwanese network equipment manufacturer Zyxel this week announced patches for a critical-severity vulnerability impacting its ATP, USG FLEX, VPN, and ZyWALL/USG firewalls. Tracked as CVE-2023-28771 (CVSS score of 9.8), the security defect can be exploited remotely to execute OS commands. The bug impacts ATP, USG FLEX, and VPN firmware versions 4.60 to 5.35, and ZyWALL/USG firmware versions 4.60 to 4.73. READ MORE...


FDA, CISA: Illumina Medical Devices Vulnerable to Remote Hacking

The US government is notifying healthcare providers and lab personnel about a component used by several Illumina medical devices being affected by serious vulnerabilities that can allow remote hacking. On Thursday, the Cybersecurity and Infrastructure Security Agency (CISA) and the Food and Drug Administration (FDA) issued public notifications to inform organizations about the vulnerabilities affecting the Universal Copy Service (UCS) component used by several of Illumina's genetic sequencing instruments. READ MORE...

On This Date

  • ...in 1948, fantasy author Terry Pratchett, best known for his "Discworld" series of novels, is born in Buckinghamshire, England.
  • ...in 1973, Pink Floyd's "The Dark Side of the Moon" goes to #1 on the US Billboard chart. It stays on the album charts for the next 741 weeks.
  • ...in 1986, the US Navy vessel USS Enterprise becomes the first nuclear-powered aircraft carrier to travel the Suez Canal.
  • ...in 2001, millionaire Dennis Tito becomes the world's first space tourist, paying $20M to join the Russian Soyuz TM-32 mission.