<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 5/12/2022

SHARE

Breaches

DEA Investigating Breach of Law Enforcement Data Portal

The U.S. Drug Enforcement Administration (DEA) says it is investigating reports that hackers gained unauthorized access to an agency portal that taps into 16 different federal law enforcement databases. KrebsOnSecurity has learned the alleged compromise is tied to a cybercrime and online harassment community that routinely impersonates police and government officials to harvest personal information on their targets. READ MORE...

Hacking

Threat Actors Are Stealing Data Now to Decrypt When Quantum Computing Comes

Although quantum computing is years away from commercial availability, business leaders, CIOs, and CISOs need to act now to prepare for the technology's inevitable ability to crack RSA-encrypted data. Failure to start adopting a post-quantum cryptography (PQC) strategy will put all existing encrypted data assets at risk of exposure, according to a stark warning from key technical cryptography experts issued on Wednesday. READ MORE...


APT gang 'Sidewinder' goes on two-year attack spree across Asia

The advanced persistent threat gang known as SideWinder has gone on an attack spree in the last two years, conducting almost 1,000 raids and deploying increasingly sophisticated attack methods. Noushin Shaba, a senior security researcher on Kaspersky's global research and analysis team, today told the Black Hat Asia conference that SideWinder mostly targets military and law enforcement agencies in Pakistan, Bangladesh and other South Asian nations. READ MORE...

Software Updates

Microsoft: May Windows updates cause AD authentication failures

Microsoft is investigating a known issue causing authentication failures for some Windows services after installing updates released during the May 2022 Patch Tuesday. This comes after Windows admins started sharing reports of some policies failing after installing this month's security updates with "Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing account or the password was incorrect." errors. READ MORE...


HP fixes bug letting attackers overwrite firmware in over 200 models

HP has released BIOS updates today to fix two high-severity vulnerabilities affecting a wide range of PC and notebook products, which allow code to run with Kernel privileges. Kernel-level privileges are the highest rights in Windows, allowing threat actors to execute any command at the Kernel level, including manipulating drivers and accessing the BIOS. READ MORE...

Malware

Novel 'Nerbian' Trojan Uses Advanced Anti-Detection Tricks

A newly discovered and complex remote access trojan (RAT) is spreading via malicious email campaigns using COVID-19 lures and includes numerous features to evade analysis or detection by researchers, Proofpoint has found. Dubbed Nerbian RAT, the novel malware variant is written in the OS-agnostic Go programming language and "utilizes significant anti-analysis and anti-reversing capabilities", according to a Proofpoint blog post published Wednesday. READ MORE...

Exploits/Vulnerabilities

Backdoor in public repository used new form of attack to target big firms

A backdoor that researchers found hiding inside open source code targeting four German companies was the work of a professional penetration tester. The tester was checking clients' resilience against a new class of attacks that exploit public repositories used by millions of software projects worldwide. But it could have been bad. Very bad. Dependency confusion is a new form of supply-chain attack that came to the forefront in March 2021. READ MORE...


Researchers uncover URL spoofing flaws on Zoom, Box, Google Docs

Researchers have discovered several URL spoofing bugs in Box, Zoom and Google Docs that would allow phishers to generate links to malicious content and make it look like it's hosted by an organization's SaaS account. The vulnerabilities arise for a lack of validation of so-called vanity URLs, and they allow attackers with their own SaaS accounts to change the URL of the pages hosting malicious files, forms and landing pages, as to maximize their potential to trick users. READ MORE...


Hundreds of Thousands of Konica Printers Vulnerable to Hacking via ??Physical Access

Researchers at Atos-owned cybersecurity consulting firm SEC Consult analyzed Konica Minolta printers to determine what could be achieved by an attacker who has physical access to a device. The answer: a lot! The analysis was conducted in late 2019 and it targeted Konica Minolta bizhub C3300i and C3350i multi-function printers (MFPs). SEC Consult said the vendor was responsive and produced firmware and operating system patches in early 2020, but details are only being disclosed now. READ MORE...

On This Date

  • ...in 1907, actress Katharine Hepburn ("The Philadelphia Story", "The African Queen") is born in Hartford, CT.
  • ...in 1937, stand-up comedian and writer George Carlin is born in New York City.
  • ...in 1942, German engineer Konrad Zuse introduces the Z3, the world's first working programmable, fully automatic computer.
  • ...in 1949, the Soviet Union lifts its blockade of Berlin.