IT Security Newsletter

IT Security Newsletter - 5/25/2023

Written by Cadre | Thu, May 25, 2023

Chinese-linked hackers target critical infrastructure in US and Guam

Microsoft and U.S. intelligence agencies said on Wednesday that they have discovered a stealthy Chinese-linked hacking group targeting critical infrastructure entities in the United States and Guam, an operation that researchers at Microsoft assess could lay the groundwork for disrupting communications between the United States and Asia in the event of a crisis. READ MORE...

Google's .zip, .mov Domains Give Social Engineers a Shiny New Tool

Two new top-level domain names - .zip and .mov - have caused concern among security researchers, who say they allow for the construction of malicious URLs that even tech-savvy users are likely to miss. Google announced the domains in early May, kicking off a slow buildup of criticism from the security community as people became aware of the issues. In a widely circulated post on Medium, security researcher Bobby Rauch pointed to two seemingly identical URLs that went to two very different places. READ MORE...

Mysterious malware designed to cripple industrial systems linked to Russia

Arare form of malicious software designed to infiltrate and disrupt critical systems that run industrial facilities such as power plants has been uncovered and linked to a Russian telecom firm, according to a report released Thursday from the cybersecurity firm Mandiant. The discovery of the malware dubbed "CosmicEnergy" is somewhat unusual since it was uploaded to VirusTotal - a service that Google owns that scans URLs and files for malware - in December 2021 by a user with a Russian IP address. READ MORE...

Sorry scammer, I'm not cancelling my McAfee Antivirus subscription

I was surprised to receive an email this week telling me that I had renewed my annual subscription for McAfee virus protection. Why a surprise? Well, I think the only time I've ever run McAfee's anti-virus product on one of my computers was back in the late 1990s when McAfee acquired the company I was working for at the time, and I certainly didn't pay for that. However, the email tells me that my bank account has already been debited for $249.99. READ MORE...

Zero-Day Vulnerability Exploited to Hack Barracuda Email Security Gateway Appliances

Security, application delivery and data protection solutions provider Barracuda Networks is warning customers about a zero-day vulnerability that has been exploited to hack the company's Email Security Gateway (ESG) appliances. The zero-day, tracked as CVE-2023-2868, was addressed with a patch (BNSF-36456) that has been automatically applied to all impacted appliances. READ MORE...

Hackers target 1.5M WordPress sites with cookie consent plugin exploit

Ongoing attacks are targeting an Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in a WordPress cookie consent plugin named Beautiful Cookie Consent Banner with more than 40,000 active installs. In XSS attacks, threat actors inject malicious JavaScript scripts into vulnerable websites that will execute within the visitors' web browsers. READ MORE...

Zyxel warns of critical vulnerabilities in firewall and VPN devices

Zyxel is warning customers of two critical-severity vulnerabilities in several of its firewall and VPN products that attackers could leverage without authentication. Both security issues are buffer overflows and could allow denial-of-service (DoS) and remote code execution on vulnerable devices. "Zyxel has released patches for firewalls affected by multiple buffer overflow vulnerabilities," the vendor says in a security advisory. READ MORE...

  • ...in 1787, the Constitutional Convention begins at Independence Hall in Philadelphia.
  • ...in 1944, puppeteer/film director Frank Oz, the original Muppet performer behind Fozzie Bear, Bert, and Jedi Master Yoda, is born in Herefordshire, England.
  • ...in 1961, President John F. Kennedy announces his goal to initiate a project to put a "man on the Moon" before the end of the decade.
  • ...in 1977, George Lucas's original "Star Wars" film (later retitled "Star Wars: Episode IV: A New Hope") is released in less than 50 theaters nationwide.