IT Security Newsletter - 5/11/2021
Colonial Pipeline's Ransomware Attack Sparks Emergency Declaration
The Biden administration has declared a state of emergency that covers 17 states and Washington D.C. in the wake of the ransomware attack on the Colonial Pipeline Co., and is working with Colonial to restart operations. On Monday morning, FireEye also confirmed to Threatpost that it's been called in to help with the investigation, but it wasn't at liberty to say anything more. The news came as security researchers mulled possible perpetrators of the attack, and warned that the incident could be a harbinger of things to come. READ MORE...
Colonial Pipeline Cyberattack: What Security Pros Need to Know
Major US pipeline operator Colonial Pipeline is investigating and responding to a ransomware attack on its IT network that ultimately disrupted its pipeline operations late last week, putting a spotlight on how the industrial sector remains vulnerable to growing cyberattacks that could have far-reaching consequences. The company's pipeline system runs 5,500 miles between Houston, Texas, and northern New Jersey, transporting millions of gallons of fuel each day. READ MORE...
City of Tulsa's online services disrupted in ransomware incident
The City of Tulsa, Oklahoma, has suffered a ransomware attack that forced the City to shut down its systems to prevent the further spread of the malware. Tulsa is the second-largest city in Oklahoma, with a population of approximately 400,000 people. Over the weekend, threat actors deployed a ransomware attack on the City of Tulsa's network that led to the City shutting down all of its systems and disrupting online services. READ MORE...
Diplomatic Entities Targeted with New 'Moriya' Windows Rootkit
Researchers at anti-malware vendor Kaspersky are documenting a previously unknown Windows rootkit being used in the toolkit of an APT actor currently targeting diplomatic entities in Asia and Africa. Dubbed Moriya, the rootkit provides the threat actor with the ability to intercept network traffic and hide commands sent to the infected machines, thus allowing the attackers to stay hidden within the compromised networks for months. READ MORE...
Lemon Duck Cryptojacking Botnet Changes Up Tactics
The Lemon Duck cryptocurrency-mining botnet has added the ProxyLogon group of exploits to its bag of tricks, targeting Microsoft Exchange servers. That's according to researchers at Cisco Talos, who said that the cybercrime group behind Lemon Duck has also added the Cobalt Strike attack framework into its malware toolkit and has beefed up anti-detection capabilities. On the latter front, it's using fake domains on East Asian top-level domains (TLDs) to hide command-and-control (C2) infrastructure. READ MORE...
US and Australia warn of escalating Avaddon ransomware attacks
The Federal Bureau of Investigation (FBI) and the Australian Cyber Security Centre (ACSC) are warning of an ongoing Avaddon ransomware campaign targeting organizations from an extensive array of sectors in the US and worldwide. The FBI said in a TLP:GREEN flash alert last week that Avaddon ransomware affiliates are trying to breach the networks of manufacturing, healthcare, and other private sector organizations around the world. READ MORE...
Apple AirTag jailbroken already - hacked in rickroll attack
Apple recently announced a tracking device that it calls the AirTag, a new competitor in the "smart label" product category. The AirTag is a round button about the size of a key fob that you can attach to a suitcase, laptop or, indeed, to your keys, to help you find said item if you misplace it. If you remember those whistle-and-they-bleep-back-at-you keyrings that were all the rage for a while in the 1990s, well, this is the 21st century version of one of those. READ MORE...
Compsci boffin publishes proof-of-concept code for 54-year-old zero-day in Universal Turing Machine
A computer science professor from Sweden has discovered an arbitrary code execution vuln in the Universal Turing Machine, one of the earliest computer designs in history - though he admits it has "no real-world implications". Yet what the amusing little caper really brings to the world is a philosophical point: if one of the simplest concepts of a computer is vulnerable to user meddling, where in the design process should we start trying to implement security features? READ MORE...
- ...in 1904, Spanish surrealist painter Salvador Dali is born in Catalonia.
- ...in 1918, Nobel Prize-winning physicist and engineer Richard Feynman is born in New York City.
- ...in 1946, scientist Robert Jarvik, the designer of the revolutionary Jarvik-7 artificial heart, is born in Midland, MI.
- ...in 1997, IBM's supercomputer Deep Blue defeats grandmaster Garry Kasparov in a six-game match, becoming the first machine to defeat a world-champion human player.