IT Security Newsletter - 5/19/2022
2 vulnerabilities with 9.8 severity ratings are under exploit. A 3rd looms
Malicious hackers, some believed to be state-backed, are actively exploiting two unrelated vulnerabilities-both with severity ratings of 9.8 out of a possible 10-in hopes of infecting sensitive enterprise networks with backdoors, botnet software, and other forms of malware. The ongoing attacks target unpatched versions of multiple product lines from VMware and of BIG-IP software from F5, security researchers said. READ MORE...
Chinese 'Space Pirates' are hacking Russian aerospace firms
A previously unknown Chinese hacking group known as 'Space Pirates' targets enterprises in the Russian aerospace industry with phishing emails to install novel malware on their systems. The threat group is believed to have started operating in 2017, and while it has links to known groups like APT41 (Winnti), Mustang Panda, and APT27, it is thought to be a new cluster of malicious activity. READ MORE...
Meet Wizard Spider, the multimillion-dollar gang behind Conti, Ryuk malware
Wizard Spider, the Russia-linked crew behind high-profile malware Conti, Ryuk and Trickbot, has grown over the past five years into a multimillion-dollar organization that has built a corporate-like operating model, a year-long study has found. In a technical report this week, the folks at Prodaft, which has been tracking the cybercrime gang since 2021, outlined its own findings on Wizard Spider, supplemented by info that leaked about the Conti operation in February. READ MORE...
QNAP alerts NAS customers of new DeadBolt ransomware attacks
Taiwan-based network-attached storage (NAS) maker QNAP warned customers on Thursday to secure their devices against attacks pushing DeadBolt ransomware payloads. The company asked users to update their NAS devices to the latest software version and ensure that they're not exposed to remote access over the Internet. "QNAP urges all NAS users to check and update QTS to the latest version as soon as possible, and avoid exposing their NAS to the Internet." READ MORE...
Microsoft warns of brute-force attacks targeting MSSQL servers
Microsoft warned of brute-forcing attacks targeting Internet-exposed and poorly secured Microsoft SQL Server (MSSQL) database servers using weak passwords. While this isn't necessarily the first time MSSQL servers have been targeted in such attacks, Redmond says that the threat actors behind this recently observed campaign are using the legitimate sqlps.exe tool as a LOLBin (short for living-off-the-land binary). READ MORE...
APTs Overwhelmingly Share Known Vulnerabilities Rather Than Attack O-Days
Most advanced persistent threat groups (APTs) use known vulnerabilities in their attacks against organizations, suggesting the need to prioritize faster patching rather than chasing zero-day flaws as a more effective security strategy, new research has found. Security researchers at the University of Trento in Italy did an assessment of how organizations can best defend themselves against APTs in a recent report published online. READ MORE...
Critical Vulnerability in Premium WordPress Themes Allows for Site Takeover
A critical privilege escalation flaw found in two themes used by more than 90,000 WordPress sites can allow threat actors to take over the sites completely, researchers have found. WordFence Threat Intelligence Team researcher Ramuel Gall discovered the flaw, one of five vulnerabilities he found between early April and early May in the Jupiter and JupiterX Premium WordPress themes, he revealed in a blog post published Wednesday. READ MORE...
- ...in 1749, King George II of England grants the Ohio Company a charter of several hundred thousand acres of land around the forks of the Ohio River.
- ...in 1951, musician Jeffrey Ross Hyman AKA Joey Ramone, the lead singer of classic punk rock group the Ramones, is born in Queens, NY.
- ...in 1963, the New York Post Sunday Magazine publishes Dr. Martin Luther King Jr.'s "Letter from Birmingham Jail".
- ...in 1984, "Press Your Luck" contestant Michael Larson exploits a flaw in the game show's "random" prize board to win USD $110,000 in a single night.