IT Security Newsletter

IT Security Newsletter - 5/13/2022

Written by Cadre | Fri, May 13, 2022

Iranian hackers exposed in a highly targeted espionage campaign

Threat analysts have spotted a novel attack attributed to the Iranian hacking group known as APT34 group or Oilrig, who targeted a Jordanian diplomat with custom-crafted tools. The attack involved advanced anti-detection and anti-analysis techniques and had some characteristics that indicate lengthy and careful preparation. Security researchers at Fortinet have gathered evidence and artifacts from the attack in May 2022 and compiled a technical report to highlight APT34's latest techniques and methods. READ MORE...

Anatomy of a campaign to inject JavaScript into compromised WordPress sites

A years-long campaign by miscreants to insert malicious JavaScript into vulnerable WordPress sites, so that visitors are redirected to scam websites, has been documented by reverse-engineers. An investigation by analysts at Sucuri into malware found on WordPress installations revealed a much larger and ongoing campaign that last month, we're told, hijacked more than 6,600 websites. The team has seen a spike in complaints this month related to the intrusions, according to analyst Krasimir Konov. READ MORE...

Zyxel silently patches command-injection vulnerability with 9.8 severity rating

Hardware manufacturer Zyxel quietly released an update fixing a critical vulnerability that gives hackers the ability to control tens of thousands of firewall devices remotely. The vulnerability, which allows remote command injection with no authentication required, carries a severity rating of 9.8 out of a possible 10. It's easy to exploit by sending simple HTTP or HTTPS requests to affected devices. READ MORE...

How to Avoid Falling Victim to PayOrGrief's Next Rebrand

In July 2021, the second largest city in Greece fell victim to a cyberattack orchestrated by an apparently amateur ransomware group. PayOrGrief appeared to have existed for just a couple of weeks when it broke through Thessaloniki's security systems. The group exfiltrated and encrypted numerous files before issuing a devastating $20 million ransom demand. READ MORE...

Costa Rica Declares Emergency in Ongoing Cyberattack

After a month of crippling ransomware attacks, Costa Rica has declared a state of emergency. In theory, the measure usually reserved to deal with natural disasters or the COVID-19 pandemic would free up the government to react more nimbly to the crisis. President Rodrigo Chaves, who was sworn in Sunday, made the emergency declaration one of his first acts. It was published Wednesday, but Chaves has not named the members of the National Emergency Commission. READ MORE...

Threat Actors Use Telegram to Spread 'Eternity' Malware-as-a-Service

Cybercriminals are promoting a new, modular malware-as-a-service offering that allows would-be attackers to choose from a cornucopia of threats via a Telegram channel that to date has more than 500 subscribers, researchers have found. The new malware service, dubbed the Eternity Project by the threat actors behind it, allows cybercriminals to target potential victims with a customized threat offering based on individual modules they can buy for prices ranging from $90 to $490. READ MORE...

Known macOS Vulnerabilities Led Researcher to Root Out New Flaws

Sometimes all it takes to root out a new software vulnerability is to study and analyze previous bug reports. That's how researcher Csaba Fitzl says he sniffed out some new Apple macOS vulnerabilities, one of which was a mirror image of a logic flaw that a group of researchers competing in the 2020 Pwn2Own contest found and executed there. Fitzl, a content developer for Offensive Security, says he reread and studied the winning six-exploit chain that the researchers used to hack macOS. READ MORE...

Critical Vulnerabilities Provide Root Access to InHand Industrial Routers

A total of 17 vulnerabilities have been found in a wireless industrial router made by InHand Networks, including flaws that can be chained to gain root access by getting a user to click on a malicious link. The flaws affect the InRouter 302 compact industrial LTE router, which is designed for commercial and industrial environments, including for applications in the hospitality, financial, automotive, utilities, retail, public safety, and energy sectors. READ MORE...

  • ...in 1880, Thomas Edison performs the first test of his electric railway in Menlo Park, NJ.
  • ...in 1939, the first commercial FM radio station is launched in Bloomfield, CT. It would later become WDRC-FM, currently 102.9 The Whale.
  • ...in 1950, singer-songwriter Stevland Hardaway Morris, AKA Stevie Wonder, is born in Saginaw, MI.
  • ...in 1964, comedian and TV host Stephen Colbert is born in Washington, D.C.